hello everyone welcome back to my channel my name is peush and if you are a returning viewer to my channel you might have already seen Azure devop zero to series we have published 13 videos so far and there are three videos pending but lot of you have asked me this question are there any prerequisite to this series especially for those who are new to cloud or new to Azure so that is why I publishing this video cover all the basic fundamentals of azure and cloud computing itself this is going to be a two and a
half hour long video approximately and it will cover everything that is there as part of a900 uh fundamental certification exam and by the end of this video you will be able to build solid understanding of all the cloud fundamentals including Azure networking uh all the Azure services that are specifically for beginner point of view and this will be helpful in uh understanding Azure devops as well because we'll be using a lot of these services that Series so without any further Ado let's start with this video so let's start with the very basic what exactly is
cloud computing before that we need to understand why do we actually need it imagine you are the owner of a small it form and you want to scale your business however you would need a large number of resources to make that expansion possible such as office space more Hardware more furniture a lot of people to manage all these and a lot of money for everything these onetime upfront expenses are also known as capex or Capital expenditures then you would also have some recing expenses such as cost of regular Hardware maintenance salaries to employees electricity bills
of the office monthly building rentals and so on these recurring operating expenses are called Opex or operational expenses these are nothing but the roadblocks for this expansion and your goal is to minimize your capex and Opex and build a system that is highly scalable highly available and fall tolerant a system with built-in security and high performance enters cloud computing cloud computing is a way to access these Computer Resources and services is over the internet instead of having to buy and manage it yourself imagine that you need to run a software program to store a large
amount of files instead of buying that hard disk drive you rent a storage service such as AWS S3 or Azure storage or gcp blob storage and it will provide you that access over the internet where you can store your files and make use of it remotely so buying Hardware is old school renting Hardware is what cloud computing is all about now let's talk about the difference between iOS pass and SAS is as the name suggest infrastructure as a service pass is platform as a service and SAS is software as a service is Gives You full
control over the infrastructure resources such as your virtual machine storage you can rent these resources from a cloud provider and configure them as needed to run your own application right you install your own operating system and you configure all your custom applications you take care of uh all the management task and administrative task and you have basically the full control over your operating system and your infrastructure but in pass they will provide you a runtime environment and a platform to deploy your application and development tools you do not get access to the underlined operating system
you get access to their environment in which you can deploy your application and start using it in SAS they would provide you the application that you can consume directly as an end user so these uh software applications that are hosted on cloud and run by the cloud provider you just use them as the user in I you must take care of all the administrative task such as server patching upgrades backups patching is nothing but making sure all your softwares and your operating system packages are up to date and have all the fixes of uh security
and vulnerability um in pass and SAS Azure takes care of all your admin tasks right so as we said when you need full control over your operating system you go with I when you do not want to take care of all your admin task you go with either pass or SAS I models are mostly paper use you pay whatever service you use for a particular duration services such as Amazon ec2 Azure VMS or gcp compute engine pass models are mostly service based models such as Azure web app SAS models are mostly subscription based such as
your Gmail application your Office 365 subscription your Dropbox all these are SAS application where you do not deploy anything you just use the application the standard version of the application so lift and shift migration is uh nothing but uh when you have to move your applications hosted on premises to the cloud infrastructure so that you get all the benefits of cloud but you do not want to make any changes to your application so that is called lift and shift is would be the ideal choice because you get full control over your operating system and you
can customize your application as you need as model is again the ideal choice where you do not want to take care of your admin task or you do not need the uh underling operating system access and you just want to focus on your application deployment and just start using it SAS model is the Choice when you can use the standard version of an Cloud application without making any customizations like if you want to use a Google workspace application such as Gmail you just start using it you just uh take the subscription and start using it
you do not deploy your own version of Gmail on top of that you basically don't have access to do that so SAS is the choice in that case now the next one is a shared responsibility model Shar sh responsibility model is nothing but an agreement between customer and Microsoft that there are certain responsibilities that will be taken care by Microsoft there are certain responsibilities that will be taken care by you as the customer and some responsibilities will be shared among both of the parties so for example let's say you have an on-prem application when you
work on that everything from your physical data center from your physical Network physical host your operating system networking application everything right everything is taken care by customer that means you or if you have hired some third party uh organization to manage all that right so there is nothing that will be taken care by Microsoft or any cloud provider when you move to is you basically do not wor wor about the physical infrastructure so all the physical data center physical Network physical host these things will be taken care by Microsoft and you can just focus on
your operating system and rest of the things right your application your network controls all of those things but when you move to pass yes Microsoft manages your physical aspects of the infrastructure but they also manages your operating system right so this is the main difference between IAS and pass in IAS your operating system is managed by you right in pass your operating system is managed by Azure right and these three responsibilities identity and directory service U like aure active directory and or your applications or your networking control these are the shared responsib ities between you
and the customer when you move to SAS right so again the physical responsibilities of the infrastructure will be taken care of Microsoft along with the operating system as it was there in pass and on top of that your application and network control will also be taken care by Microsoft and you just have to focus on your information data your devices from which you will be managing the application and your accounts and identities like if you are configuring single sign on or o authentication or like alap anything would be taken care by you only as the
customer all right so let's have a look at the difference between public Cloud private cloud and hybrid cloud in public Cloud resources are shared among multiple users and customers only pay for the resources that they use these public clouds are the the cloud providers such as AWS Azure gcp Oracle cloud and there are many more in private Cloud resources are not shared with other organizations which provides greater control and security so these are generally the organization that have their own Data Center and they help other customers to host their workload on their data center in
hybrid Cloud customer uses both public and private cloud in an inter connected environment public clouds are generally hosted and operated by a thirdparty cloud service provider such as AWS AO gcp Alibaba Oracle and so on private clouds are normally operated and maintained by a single organization a private Cloud may be hosted on premises or in a data center so generally it's a private data center from some cloud provider hybrid Cloud provide extra layer of security as you can choose which resources to keep in private cloud and which resources to deploy in public Cloud let's take
an example public cloud is like taking a bus where other passengers will also share the ride with you and you don't have to worry about the physical maintenance or the capital expenditure and you only pay when you ride the bus which is paper use private Cloud however is like Drive having your own car where you buy the car first which is a capital expenditure and you are responsible for its maintenance but you get more control over it like who can drive the car or who can ride with you you can lock it up in a
garage hence provide more control over the security as well hybrid cloud is like a combination of both you drive to work on your own car but you use public commute when driving elsewhere this allows you to take the advantage of both the features in public Cloud there is generally no or minimum capital expenditure to scale up in private Cloud there is a high capital expenditure as you first buy the servers even if there is the private data center in public Cloud resources can be provisioned or decommissioned on demand and you only pay for what you
use however in private Cloud you purchase the hardware first before you start using the Serv services in hybrid Cloud resources can be added on Demand by scaling up in the public environment so let's say you are using a hybrid Cloud where you have your own premises infrastructure as well as your Cloud infrastructure whenever you want to scale up you add your resources in the cloud infrastructure rather than the on-prem infrastructure in that way you can save the additional capital expenditure on that all right so let's talk about the benefits of using cloud cloud computing the
first one is high availability and fall tolerance it means that your application is designed and configured to be available even if there is any hardware or software failure and will always be responding to the customers and the traffic so let's have a look at within help of an example you have your user which is accessing an application this application is accessible via a load balancer DNS but let's for the sake of Simplicity let's just call it an app and it has a backend server which is vm1 and it has another backend server vm2 so it
is designed in such a way that even if there is a VM failure application will still be able to respond back to the customer using vm2 right and the same way these VMS are listening to a database on the back end let's call it DB1 this is your master DB and then there is a db2 which is your readon or slave database so these are replicated synchronously so even if there is a database failure your application will still be able to respond to the customer using the secondary database right so this is how the application
was designed so that even if a failure happen it should always be responding to the customer and it is available all the time let's have a look at another example let's say in case when vm2 goes down the application there will be a lot of load on vm1 let's say it was running on 50% CPU utilization but with the traffic of vm2 being redirected to vm1 the load will increase to let's say 90% to avoid avoid that situation and to avoid the vm1 to crash we can put these VMS behind a VM scale set so
if you have worked with AWS before it is like Auto scaling group like if you do not know about it don't worry we will cover this in uh in the coming lectures so just uh I'll just quickly explain it to you what it is so VM scale set is nothing but it has a template right so whenever there is a failure let's say the vm2 goes down using this template over here VM scale set will provision a new VM right so now the app will be listening to vm1 and vm3 it will make sure that
we always have at least two instances listening to the app front end right now let's talk about uh another important uh benefit which is scalability ility scalability is nothing but the ability of the system to adjust according to the demand let's say you have customer which is accessing an application right this application has only one back end which is vm1 there is not a lot of load on the server right now hence uh whenever customer is accessing the application he is able to get the reply back from the application but as soon as we have
number of users increased let's say the user count has increased from 1 to 10 and all of them will be accessing this application at the same time then this server will be in on high load right there will be high CPU utilization High memory utilization and what not in the regular scenario this application will crash and the user will not be able able to get any results back so this will result in a bad customer experience and might be Revenue loss avoid that there is this concept of scalability in which we can either replace this
VM to a bigger VM let's say vm2 vm2 will have more power more uh RAM and all the resources that is required to be accessed by by these many users right so vm1 will be replaced by vm2 so this type of scaling is known as vertical scaling in which we are replacing the existing infrastructure with a bigger infrastructure now this scalability has certain disadvantages one of them will be there would be some downtime in this process like when you provision a new VM and replace that with the older VM in that time when the switch
is happening there would be downtime that customer will be facing and this is not possible to do that like let's say 10 times a day whenever there is certain increase in the traffic you would want to replace it with the bigger VM when it is cool down you want to replace it again back with the smaller VM it is not a fible solution to do every time what we want to do is we would want to add some additional VMS to handle the load let's say we added three more VM so instead of vm1 we
have vm1 vm2 and vm3 so this VM will still be there and we added two additional VMS to handle the load right so this type of scalability is called horizontal scalability so there are a lot of benefits with the horizontal scalability let's say you have 10 users and you have scale out your system to 3 VMS but whenever the users stopped accessing the application there is let's say just one user the application should be able to scale down back to 1 VM right because we are on a consumption based model so we should be able
to scale down as well whenever there is not a lot of load on the system but we have learn so far so let's say you have this vm1 when you want to replace this vm1 with the bigger VM vm2 so this one is no longer existed and this is your active VM so this type of scalability is called vertical scaling and in the same way when you have BM1 over here and to handle the additional load you are adding few more VMS say vm2 and vm3 so this kind of scaling is called horizontal scaling just
remember horizontal scaling is the preferred method in most of the cases but sometimes vertical scaling is also preferable as per the use case it would have some downtime and this is not a favorable solution but then we have elasticity so elasticity is similar to scalability it's just elasticity happen automatically that means instead of someone manually scaling up or down the system there should be a mechanism like in AWS we have AO scaling groups which takes care of this feature in Azure we have VM scale set in gcp we have instance groups right so these all
services will make sure that system will be able to scale Up and Down based on the demand the next benefit of using cloud is cost Effectiveness so we have two important Concepts such as pricing calculator and then PCO which is total cost of ownership in pricing calculator we can can estimate the price of using Azure services like let's say you need to have a VM with 12 gigs of memory and 80 GB of hard disk HDD in US Central 1 and all the other features like uh availability and uh performance and everything and based on
that this pricing calculator will provide you an estimated cost so you have something that you could uh treat that as estimate and work on that with total cost of ownership it's like when you have to calculate the cost of uh ownership when you move from on premises to Cloud so it provides you an estimate of cost and how much you are paying on on premises and how much you will be paying in cloud based on that it will tell you how much cost you will be saving when you move to Cloud right so it will
be a summary report there would be some report generated so we will be looking into these two concepts pricing calculator and total cost of ownership at the end of this course but for now just uh remember these two points that I have discussed pricing calculator is to provide the estimate of cost for using ASO services and total cost of ownership provide you estimate of total savings that you could have when migrating from on premises to Cloud all right so this is how a typical resource hierarchy in aure will look like at the root level of
your Azure is your Azure account when you create an Azure account a default subscription will be created for you let's say this one and then you can have multiple additional subscription created for example your company might want to use a single subscription for your sales department and a separate subscription for your it department so you could keep them on a separate subscription in coming video I will show you the demo of azure portal then you have a better idea about the resource hierarchy now each subscription can have one or more Resource Group like for example
this sales subscription has these two Resource Group and this it subscription has one Resource Group and you can just uh keep your environment separated using these resource groups such as your Dev and uat environment in a separate Resource Group and a pra environment in a separate Resource Group so resource groups are nothing but the logical separation of resources together and when you apply some permission at Resource Group level it will be inherited by the resources the same way if you apply some permission at subscription level it will be inherited by the subsequent resource groups and
the resource es so this follows a top down approach like whenever there is a policy permission or governance applied at the root level or the top level of the tree now each Resource Group can contain one or more resources for example this Dev Resource Group has Azure VM Azure function Cosmos DB and this Resource Group has a SQL database this Resource Group has a Azure function app but one resource can only be part of one Resource Group right for example this SQL database it could be only part of this Resource Group and it cannot be
part of this or this Resource Group now let's talk about the management groups you organize your subscription in the container called Management Group you have your Root Management Group and inside that you could have multiple management groups such as one for HR one for it one for marketing and so on and each Management Group can further have certain management groups or the subscriptions all subscription within a management groups for example these two subscription they will inherit the permissioned applied at marketing and and the permission at Root Management so this like this is the same diagram
that we have seen it just we have added the management groups as part of it this also follows the same hierarchy all the permission applied let's say this is the tree structure so all the permission applied at the root level of the tree or the parent node will be inherited by the subsequent child nodes so creating the management groups this is an optional task like this is not a mandatory thing to do but creating at least one subscription is mandatory so like I said in the previous slide one subscription will be created for you automatically
when you create an Azure account now when we try to combine these two diagrams together it will look something like this so you have your Azure account at the root level it can have one or more management groups like let's say there is one root management groups and inside that there are multiple management groups and then we have multiple subscriptions so subscription has Resource Group and then resources if you apply certain permission over here let's say you apply deny all to a particular resource that permission because it is at the root level it will be
applied till here till the resource level so that means these resource will also doesn't have that permission unless you explicitly add that permission over here then it will override all right I'm in my web browser I'll just quickly Google sign up Azure did a type over there but it's okay so the first link over here Microsoft Azure get your fee trial it should be the one that you will be clicking I'll click on that and it will ask you to start free or pay as you go click over here start free and then it'll ask
you the Microsoft login account details so enter your email address over here and your password and it will email the code to you so I enter my code if you are using your Microsoft Live account for the first time it will ask you some details so let's put those details okay hit next confirm your age okay next hit sign in y now it again ask you some basic details over here text me to verify your identity put the verification code verify code and you enter the rest of the details okay next it will ask you
your uh credit card details put everything and hit sign up you can go over here portal. azure.com and uh this is like your AWS console but for Azure so this is azure portal let's quickly see the navigation menu so over here on the left side where you see three uh lines you click on that it will show you all the different resources that we have in Azure and you can pin your favorite resources or you can click over here all services you can create a new resource by many ways one is this one create a
resource other is use the resource from this side or you can go over here and hit create resource from this plus sign okay and you just search the resource from different categories or search it over here or just click over the resource if you see you know let's say web app so hit create there are many different ways and there is this way as well so if you go back and hit over here in the search just enter anything let's say virtual machine and your resource will be visible visible over here right so like AWS
like gcp it also has a lot of options to access your resource okay so that is the console menu now over here on the right side if you see this is from where you can start your Cloud shell you click on that it will ask you to select your subscription and then because your Cloud shell needs a storage account hit create storage where your all the temporary files will be located and it will be a persistent storage that means that means your file will not be deleted so once the storage account is created it is
just for the first time one time thing and it will connect you to the cloud shell so Cloud shell is like terminal attached to this Cloud portal so when you can run where you can run uh unix commands or Windows Powershell commands to access the cloud services over here if you see on this menu it says bash because this uh default shell is Bash but you can click on the drop down and you can change it to Powershell as well so you can use either of those as per your needs now you can run a
command line because this Cloud shell already has AZ command line tool installed so you can run uh a CLI commands let's say EAS iph hph help it already has that CLI tool install so it will show you different options that you can use right but we will be looking that later in the course but for now I just wanted to uh show you how it will look like now if you want to like there is this option to restart Cloud shell as well from here then we have settings which will basically pop up the setting
of this terminal window then from here you can upload and download the files just simply click on that it will be like uh like how you do in your Windows machine and you can open a new session from here or you can open the editor over here this will be command line but if you want an ID environment such as visual code you click on that open editor and it will show you something like this let's say you have a file bash profile so you can just edit the file from here instead of going through
the vi editor you can just close it from here on the right side I close the cloud shell so let me click it again okay and on the right side if we see this was the cloud shell then this is directories and subscription so if I go to this it will show my subscription currently I have one subscription which is the default subscription that it is showing over here as well default directory and if you if you are part of multiple subscription then you can switch back and forth between the subscription over here will be
your notifications when you make any operation or any change in the service over here is the settings again like directory and service subscription Etc this would be your settings support and troubleshooting you can create the support tickets if if your plan allows it so over here help and support you can create a support ticket with the aure so let's start with the basic concepts of data centers well these are the facilities with resources arranged in rxs with a dedicated Power Cooling and networking infrastructure when you create a virtual machine or a storage disk or any
other gcp service it will be deployed in one of these data centers physically the collection of one or more data centers is referred to as an availability Zone these data Cent centers are usually miles apart within an availability Zone and the collection of multiple availability zones in a geographical location is referred to as a region such as us East and US West are two separate regions but please remember not all regions support availability zones let's talk about region pairs Azure regions are paired with another region within the same geography at least 300 miles away to
replicate the resources let's say if there is any Interruption to service due to events like natural disaster civil unrest or any power outage in one region and the whole region goes down the services will automatically fail over to the other region in its region pair and the customer would not be impacted it provides an even higher availability of services to the customer all right as you can see I have logged into my Azure portal with with portal. azure.com and I have to create a new virtual machine now so again as I have previously told you
how do we create a new resource there are several ways I'm just going to search it over here and click on virtual machine right so there are no machines running at the moment you go over here and hit create there are several options so you choose the first one as your virtual machine now let's go these uh options over here one by one first one is subscription so if you are using an Azure free trial you have a different value over here for me I have already upgraded to pay as you go subscription then the
next part is resource groups so again like I have told you before Resource Group are nothing but the logical separation of resources in a group you can create a separate group for your Dev environment test environment prad environment you can Club those resources together and you can delete all the resources in a resource Group by just deleting the resource Group so this is a good way to organize your resources right and most of the Azure resources would need to have you have the resource Group provision before you can use that resource if we already have
some Resource Group created you can just uh select it from here let's create a new Resource Group by clicking over here create new and now give this Resource Group a name demo P Okay click okay now the resource Group is created as simple as that let's give this virtual machine a name TVM p and select the region where you would want this virtual machine to physically exist so for example Us East this is the region in which I am provisioning my virtual machine now set the availability options like how redundant you would want this virtual
machine to be so you can select availability Zone virtual machine availability sets these two terms virtual machine scale set and availability set we haven't seen yet which we will be covering in the next video but we have already seen availability zones so I am selecting The Zone let's say Zone one this will be the Zone where my virtual machine will be existed physically then security type is like let's keep it standard for now over here you can choose your virtual machine image like what type of VM you would want to create want to red hat
or you can even create Windows machines as well so you have a lot of options to choose from right for this demo I'll be creating an Ubuntu Server so let's click over here right then you specify your VM size over here so cost of your virtual machine depend on lot of factors such as storage uh VM size and all these options like high availability options click over here see all sizes and so these are the all the available sizes we have I'll choose the smallest one so that I could pay the minimum amount right so
if you see B1 this one over here it has5 Ram 2 gigs of data dis uh one CPUs that should be sufficient for our use case and then there are other machine types and sizes as well right so there are a lot to choose from but for this demo let's just uh use this one and click select so I have selected this machine now the authentication type whether you would want to uh SSH using an SSH public key or a password so here would be your default username as your user you can change the name
as well and you would want to use any existing public key or generate a new keyer Let's uh use this one generate new key pair and key pair name would be this one test VM huge key I hope this is visible right now we need to select the inbound ports as well because if you need to enable a communication with your virtual machine you would need to SSH into the virtual machine first you would have to allow Port 22 which is an SSH Port this port needs to be open before you enter into the virtual
machine so over here let's select the default one and click over here next now it says what type of os dis you need so there are different options again premium sdd standard SSD premium SSD premium ssds are the high performance dis right so compare this with your computer system you have your sdd then you have your SSD ssds are really high performing disc so I'll just choose standard SSD for this demo purpose and you have again there are two type of redundancies if you see over here local redundant storage and then Zone redundant storage local
redundant storage means your dis will be locally replicated in a single data center that means if that data center has some issues if it fails then your data would be unavailable for that time but in zone redundant storage your data is replicated across three zones so even if you lose two zones you still have that data available from the third zone right so this is how you can again achieve High availability but for this demo let me just choose standard SSD this OS disk is nothing but your boot dis that means it's not persistent by
Def default you see our option delete with VM that means when you delete your VM this dis will also be deleted but you can uncheck this box to make it persistent disk right for now I'll just keep it the default way delete with VM and you can have some additional dis as well you click over here create and attach a new disk and then you have to uh format the file system and mount that volume on top of that but we are not doing that at the moment so I just want it to uh let
you know that then we have some advanc options right I'll just keep it default click over here which says networking right so we have virtual Network subnet public IP there are a lot of networking Concepts over here and this I will be covering in the networking section of this course so for now just understand virtual network is an isolated Network in a data center where your all the resources will be Provisions where your all resources will reside right so I creating a new virtual Network through this uh Wizard and it has a subnet of 10.0.0
sl24 this is a cidr range which which will be having a lot of ips and we will do the IP calculation as well later in the course and we have a public IP associated with it so there are different type of ips we have public IP we have the internal IP public IP is nothing but IP that is accessible over the public internet if you do not attach a public IP with this virtual machine you would not be able to SS into that also you cannot install any web application on top of that right so
public IP you generally used in web facing application and it is not meant for the database or any other secure applications we have already opened the public inbound ports on Port 22 if if you want to place this virtual machine behind a load balancer but uh we are just using one virtual machine at the moment so there is no need for that click on management and again it will ask you some uh additional features such as login with Azure active directory we will have a session uh like a separate session for Azure active directory and
some other options to enable backup or enable auto shutdown right then we have monitoring in monitoring you can enable alerts or you can enable boot diagnostic I'll just keep it disabled for now then click over here next right here is your custom data custom data is nothing but the script or commands that you would want to run when your uh VM starts like if I want to install certain uh applications because with virtual machines is an is we have the capability to install the custom applications on top of it so from this particular section you
can do that automatically such as let's say sudo get update if I do that then um this command will run once the VM boot up so that's what it is and then there are some Advanced features which is not really required at the moment so I'll click on here next tag you can select your tags over here tags is generally required in case of reporting and analytics purpose so let me just keep it default for now and hit review and create once you do that it will provide you all the basic details that you have
entered along with the cost that you will be charged uh by using this virtual machine and all the other things right so you verify everything and once you do that click create now it will take take some time and it will provision a virtual machine for you before that you can download your private key from here uh you will only been asked to select this option one time before you provision your virtual machine and after that this will not appear again so make sure you download your private key before you move ahead so click over
here okay I have downloaded the virtual machine private key which is PM extension now it says deployment is in progress that means your virtual machine deployment provisioning of your virtual machine is in progress it will take some time and it will provision the virtual machine for you so along with the virtual machine it is creating some additional resources if you see over here it created a network interface public IP address virtual network network security group network security group is nothing but the inbound rules that we have enabled so we have enabled s acces on Port
22 so that's what it is now it says the deployment has been completed you can go to the resource over here is your virtual machine it's currently running that that is why this start option is disabled but you can restart it from here stop it from here or delete the virtual machine right so you can review all the details from here all the things that it has created right and all the other options such as networking right so this is your SSH rule that you have enabled from any source that means from any IP this
is not uh by the way this is not a secure rule you should always mention your Source cidr range like from where you are loging or if you are behind a corporate Network so you put your cidr range over here so that it is not accessible to everyone because I will be just deleting this virtual machine after this demo so I have just kept it default which is any and destination is any service is SSH on Port 22 so this will allow me to SSH into the virtual machine and there are some default rules that
is created by default for you so please have a look at those as well and then we have different options to connect like you connect with an SSH client or a Bash host right so these are the instructions as well it says your private Keys should only have the permission of 4 and then you provide a path to your SSH private key and you run this command from your terminal window right or you can use uh applications such as puty or supery to log to your virtual machine and there are all others options like your
disk this is the default OS dis that we have used and we have not created any data disk that is why this field is blank and all other options that you can review and we will cover most of these in the later sections so this is how you can provision a virtual machine Let's quickly see what exactly is VM scale set and then I will show you the Azure portal as well so let's assume your appli apption is accessible to the external user through a load balancer which is the front facing of your application and
behind your load balancer as the back end you have your virtual machine let's call it vm1 now let's say if a disaster hits or the VM crashes or due to any reason the VM is not responding to the load balancer your application will fail to respond to your user and the user will not be getting any response back from the website so this scenario is called single point of failure so here the application is not highly available now to avoid a single point of failure and make your application highly available we use something called as
virtual machine scale sets so in this virtual machine scale set we provision multiple VMS let's call them vm1 vm2 and vm3 so this is vmss 1 and this is listening to your load balancer as the front end and here is your user accessing the application through your load balancer now let's say if vm1 goes down then virtual machine scale set will provision another VM call it vm4 and it will make sure that certain number of VMS are always available and ready to serve the traffic it has another important benefit which is automatic scaling so we
have already seen scale out and horizontal scaling and vertical scaling in our previous videos so the same happens over here let's say your CP utilization goes above 75% for a particular VM let's call it this one vm2 reaches the threshold of 75% then virtual machine scale set it will provision another VM VM 5 to balance the load this process is called scale out now because your load on the server was high that is why we had to provision a new VM but when load goes down it should automatically scale back to its original position right
so that process is called scal in so let's say when CPU utilization goes less than 25% it will do the scal in and destroy the VM and it will make sure that the three VMS are always up and running to balance the load so I hope the VM scale set concept is clear to you now now let's uh move into Azure portal and see how we can create a virtual machine scale Set uh now let's go into Azure portal and over here search for virtual machine scale sets or vmss here and now you see a
button over here which says create click over there and then it will ask you the basic details like it was there in a virtual machine visard so you provide your subscription name Resource Group name and virtual machine scale sets name so let me use the existing one demo p and virtual machine scal set vmss one you select the region in which you want your virtual machine to exist and then over here you select your availability zones because this provides you high availability by spreading VMS across multiple zones so you can select one or more V
M so that even if there is a Zone failure if a Zone goes down completely you still have the VMS up and running from the other available zones so let me select vm1 2 and 3 so that it could spread the workload across all the available zones and over here we have two orchestration mode one is uniform another one is flexible the default one is uniform in which you deploy The Identical VMS as part of the virtual machine scale sets in flexible you can deploy identical or multiple machine types so you can click over here
or overover the mouse over here and it will provide you all those details that we just have uh discussed right so feel free to have a look at that so I'll go with the default one which is uniform and I keep everything as default image type ubun 2 should be good with us and machine type let me keep it as it is and then we have the same things that we have seen as part of the virtual machine the other difference that it has is if you go to the scaling section over here right if
you click over here you see initial instance count so as we have seen virtual machine skill set could have multiple VMS serving as the back end so so you can put your initial count of VMS that it should have let's use number three so this machine will have three VMS as part of the initial count then there is this scaling policy right whether you would want to scale your VMS based on your manual criteria like you will be someone would be clicking it manually or there is a better way to do that which is over
here custom in custom you provide basic details such as minimum number of instances maximum number of instances so this virtual machine scale set cannot have more than 10 VMS even if the load is at its highest so that is why the number is 10 over here you can put a higher number over here like if that is your requirement so let me just keep it 10 for now now these are the scale out and scale in conditions that we have discussed previously so if CP utilization is 75 or let's just use 80 and it will
be there for an average of 10 minutes that means it's not like there was a pike and it reached to the 80% and it spin up the VM no it will be calculated based on the time duration that we have mentioned over here so it will wait for the 10 minute period and then it will see if the CP utilization is 80% over a period of 10 minutes then only it will increase the number of instances by one again these all fields are customizable the same way there is a scaling policy if the CP utilization
is below 25% then it will decrease the number of VM by one right so these were the only difference that it had so then you can review everything and hit review and create once you do that it will initially have 3 VMS and based on the scale in and scale out policy and condition it will uh provision and decommission the VM so that's it for virtual machine skill sets now let's have a look at availability sets in availability sets uh your virtual machines are spread across multiple physical servers in a data centers to provide High
availability it spreads across multiple fa domains and update domains now let's have a look at the fall domain and update domains so as you see over here in this diagram fall domains are nothing but your physical server racks and they are connected to the same uh power source or switches Etc and update domains so let's divide this physical rack into multiple partitions so these are your multiple update domains and these update domains are nothing but the group of servers that reboots or restart at the same time to perform any schedule maintenance so you have vm1
in update domain 1 you have your vm2 in update domain 2 and you have your vm3 in update domain 3 so if there is a failure of a complete server rack let's say this one goes out then you have your vm2 and vm3 still available to serve the load and let's say if there is an update domain failure like this one goes out then you have your VM 1 and vm3 ready to serve the load so this is how you can achieve even high availability and fall tolerance using fa domains and update domain Azure virtual
desktop is a type of managed virtual machine that enables multiple users to access desktop and application from anywhere using any device so you can access it via tablet Windows machine a Linux machine and so on it also supports application and desktop virtualization that runs on the cloud it provides a scalable and secure solution for remote work and desktop virtualization and your system is secure through multiactor authentication and role based access control so role based access control is nothing but providing the least privileged access to the users with the help of roles for example developers get
certain roles to access the virtual machine and your operator gets a certain access and the access is based on the type of role that a person is part of now let's have a look at the difference between Azure virtual desktop and Azure virtual machines so we will be looking the differences in these three areas first is operating system your Azure virtual desktop uses desktop operating system like Windows 10 or 11 however Azure virtual machine can use either desktop or server operating system such as Windows Server 2012 Windows Server 2016 and so on Azure virtual desktop
is designed for many users to access the same virtual desktop with the help of Windows 10 and 11 multi- session server you you can enable concurrent access to multiple users to the same Azure virtual desktop however Azure virtual machine is intended typically for the individual user at one time this is a manage service that means your upgrades patches and all the system maintenance will be done by Microsoft Azure virtual machine is I service and it is managed by customer for Azure virtual desktops charges per user per month and it provides the flexibility to organization with
changing needs our however the virtual machines are paper use model before we start containers let's talk about how a virtual machine is provisioned so you have your physical server that sits somewhere in the data center in case of a public cloud or your personal desktop on top of that you have an operating system that lets you interact with the physical machine such as Windows or Linux then you have your hypervisor which makes this virtualization possible now what exactly is virtualization well it allows you to run multiple operating system instances concurrently on a single computer that
means you can run Ubuntu pedora sentos all at the same time on top of your Windows machine with the help of virtualization in case of a public Cloud your physical server over here is a shared hardware that is being used by multiple organizations and users at the same time when you request provisioning a virtual machine through a cloud console it lets you provision a guest VM on top of the hypervisor but at the same time other users and organizations are also using the same physical Hardware underneath with a separate guest VM each user install binaries
and libraries on top of it and then your application a virtual machine is a software emulation of a physical machine machine which allows multiple operating system to run on a single physical machine virtual machines are also isolated from each other and from the host machine which provide security and stability now if we talk about containers it has the same physical server underneath and host operating system on top of that but instead of a hypervisor it has something called as container engine well container engine allows you to run multiple container instances on a single operating system
kernel it works the same way as hypervisor but for containers as hypervisor is for running multiple virtual machines on a single operating system container engine allows you to run multiple container instances on a single operating system container has a lot of advantages like they are lightweight alternative to Virtual machines with all the required libraries and binaries packed Within containers share the host operating system kernel which makes them more efficient and portable than virtual machine I hope you are enjoying the video till now and you have liked this new concept of animation and Graphics so if
you did let me know in the comment section and if I get 500 likes in this particular video then I will try to make all my upcoming concept part of the videos in the same format what are you waiting for go ahead and gives it a thumbs up and let's continue with the video now let's quickly see how container instances work and then we will jump into the demo your development team packages your application along with binaries libraries and configuration into a container image these images are then uploaded or pushed to a container repository it
could be a private repository such as Azure container instances or a public repository such as Docker Hub then using the azure portal you deploy these images from the repository to Azure container instances which is a platform as a service that means all the admin work such as upgrading patching and infrastructure management will be done by Azure for you and you just have to worry about your code and containers Azure container instances allow you to upload your containers and then the service will run the containers for you without you worrying about the underl infrastructure all right
so I have I have logged into my Azure portal and I'm just going to create a new resource by clicking over here and the resource type would be container instances so I'll search container instances over here this one and then click create now it will ask you few basic details such as your subscription detail I'll use the existing Resource Group or you can create a new one give this container instance a name so test demo a900 and then you select a region I'll just let it provision itself in the default region there are three type
of image sources over here quick start images which are basically the pre-built templates created for you and you can use it for your testing purpose such as a hello world Linux image over here or enginex image or a Windows Server image and you can choose from either of those or if you have an image already uploaded to the Azure container registry this is your private registry so you can choose from there as well you provide the container registry details like name if you already have it created in your Azure account then it will be visible
over here in the drop down or if you have have access to it then the image that you would want to use and the image tag all those things or you can use any other repository as well like a public or a private repository if it is a public repository that means it'll be by default from the docker Hub or if it is a private repository then you can provide the repository details like the login server username and password right for this demo I just wanted to show you all all the different sources that we
can can use as part of azure container instances and I'm going to go ahead with the quick start image which is uh basically a hello word Linux image and here are the size details of this Azure container instance your virtual CPU and memory it doesn't have any gpus and you can change the size as well and next is networking if you would want your application to be accessible over the public internet then you choose public let's go with the private option and fill in all the other details next is Advance section which has uh few
basic Docker related commands that you can enter but uh for this demo just this one is sufficient and you review everything and click on review and create it says validation passed and then you can click create all right it took few seconds and then your deployment is completed now let's go to the resource and your container is running this start button is disabled that means it is currently running you can restart it stop it or delete it from here and on the left pane you have all the other details like containers over here if you
click on that so this is the name that we gave to the container instance and it has and it has one container running with the image that we have used these were the events that happened like it pulled the image and then it started the container and if you want to connect to this container you click over here to the connect button and you can just SSH into the Container basically or you want to see logs you can view it from here like it says your container is listening on Port 80 and here are the
properties as well let's go back to the overview button again and here is the IP address on which the container is listening on Port 80 so let's copy this and paste that into our web browser over here on Port 0 and here is our container listening on Port 80 so it is just a static website that was part of the quick start image that we have used let's quickly see what exactly is azure function Azure function is an event driven serverless compute service now let's have a look at each of these 1 by one so
event driven means it is executed based on certain events such as you want your function to be executed as soon as there is a file uploaded to the Azure blob storage that is why it is called event driven there are different type of events that it supports so it could be a HTTP based event or it could be a time based event like execute this function at the certain time at a certain dat such as like Acron syntax or it could be you know message from other service like asure event Grid or asure Q storage
and so on serverless means like for your virtual machines and your containers these are also the compute service so to run these type of services you need to have an underlined VM that VM has to be running in order to execute your code in order to make your website or your application accessible to the user but as your Azure function is serverless that means you don't need to manage an underline virtual machine or underline infrastructure to run your your functions so for example let's say you have a user and this user uploaded a file to
Azure blob storage don't worry about this we will have a look into the Azure blob storage and all the storages later in this uh video series but for now just consider this blob storage is is an Azure storage to store binary large objects such as images files log files text files all those things so it is similar to AWS S3 if you have worked with AWS before let's say the user uploads a file to this and you want as soon as there is a file uploaded to this uh Azure blob storage there is an email
that is triggered after this particular event so this file upload is a event as we have seen that asure fun function is event driven so this is kind of a trigger to this Azure function and Azure function will be watching this Azure blob all the time right and as soon as it finds that event as soon as it finds that trigger it executes that Azure function and triggers the email so that is how Azure function works now I have also created another video like an in-depth video about Azure function if you want to look into
it feel free to check that out and I will put the link in the description section as well as up somewhere in the title bar so have a look at that and Azure function has a lot of benefits over Azure virtual machines or containers first is it is cost effective as you don't have to manage the infrastructure plus the virtual machine is not running all the time and it saves all the cost you only pay for the number of code executions so in Azure function you write your piece of code and you get charged based
on the number of times the code get executed it also provides faster response than aure virtual machines or containers but it is used only in cases where your application shouldn't be running all the time and it is event driven right you want your function to be executed based on certain events or based on certain time of the day like a crown job but the execution is really fast and it is also highly scalable that means that means it can support a large number of requests from the Upstream system and it is really flexible like you
can do a lot of things with it because you can choose your own programming language and you can write code as per your requirement right so this is how it works and let's jump into the demo and see how we can create an Azure function all right so I'm in my Azure portal portal. azure.com and you can click over here create a new resource or from here as I can see my recently used services from here or you can search from the search bar right so let's do that and click create now like any other
AO service it will ask you certain details such as your subscription your resource Group let me create a new Resource Group for this demo easy 900 huge and I'll hit okay now we have to provide this function app a unique unique name because it'll be accessible to this particular DNS right so let's give it a name easy 900 function and it is not available so let's call it hyph 101 and it says it is available so we are good now there are two option to publish the Azure function we can write our own code or
we can also upload a Docker container so for this demo let's choose the default option with the code and then select a run times tag there are different options available for us so let me just choose python for this and there is python version that we can select like 3.7 to 3.10 so let me select the default version which is also the latest python version then the region let me just keep it default operating system Linux and then you select the plan type as serverless so there are different other options Premium app service plan and
serverless so this is what we need because we want to create an Azure serverless function so that we don't have to worry about managing the infrastructure right click hosting if you want to view your uh logs generated by Azure function then you create a storage account which will store all the logs for you like I'll just let it create a new storage account for this and then hit networking then the same thing it will ask me if I need this function to be publicly accessible or no and like rest of the default options and I'll
hit review and create it will do the validations and once it is validated I can hit create to create the Azure function app all right it says your deployment is completed let's go to the resource and it says the status is running okay and it has created an App service plan for you app service plan we will look into the details when we do the web app session of this course but for now this is not really important and you click over here to Azure functions and now we will create a new Azure function by
clicking over create okay so first there are different options for development environment vs code any editor Plus Code tool or develop in Portal so I'll just keep it default which is develop in Portal then there are different templates so if you remember I have told you there are different triggers that we can use as part of azure function first trigger is sttp trigger or a timebase trigger or there could be trigger from other Azure services such as Azure Q service bus service bus topic trigger and so on right so for this demo let me just
choose this one HTTP trigger and hit create now it was really fast it it took like some micros seconds and it created the function for me now go over here to cor and test let me just uh minimize this logs so here is the default Azure function that was generated for you it is like a default template because we have used that HTTP trigger as the template so this was generated uh with that and this is the init.py file and there is function. Json file which has other trigger based parameters right so if you want
to visualize this function you click over here to integration section so it will have a trigger which is an sttp trigger you can add some inputs and outputs so for this particular uh demo we have kept the default output which is an HTTP return it will return the standard output you can also configure some third party service if you want this function to send some request to any other function such as email or an SMS or anything else right the same way you can configure your inputs as well so let me go back to code
and test and just try to execute this function right so there is this option over here which says test and run I'll click on that different options like uh the type of method and key let's keep it default and this is the input and the response will be over here okay so over here I'll add a new parameter to be passed in the in the request the parameter name is name and value is like P and then I hit run once I do that it send HTTP Response Code as 200 that means the call is
successful and it triggered hello name the sttp function executed successfully so this was the test function that was executed as per the request and if you see the bottom of the screen here are the logs like executing this function programmatically via the host apis and it send the invocation posting invocation ID and it process the request as simple as that if you see over here it says it took only 48 milliseconds to process the request to execute the function yes it was a really simp simple function but even then it was really fast and if
there is an application if there is an event based trigger it will be faster as compared to other compute Services now if you are following me along with this video and you are testing this in your Azure portal don't forget to delete the resources after the demo is done so I'll go back to the resource Group the simplest way is to just delete the entire Resource Group and all the resources within it will be delet deleted so I'll just go to my Resource Group and the resource Group name was a900 with p and inside that
I'll hit delete Resource Group option then enter the name of the resource Group I can just copy it from here and paste it hit delete delete and that's it so this is what you have to do to delete all the resources that we have just provision as part of this demo all right so we will start with the basics of what exactly is azure app Services Azure app service is a platform as a service it is mainly used to build and host your applications in any supported programming language you can build four types of azure
app services such as web apps using Azure web apps background jobs using asure web jobs mobile backends using mobile apps and restful apis using API apps so we will be looking into these four app services in detail in the next slides it also supports automatic scaling and high availability some more features of azure app Services includes the support for Linux and windows it supports both the operating systems so that user can focus only on the build and maintenance of your application and Microsoft will focus on maintaining your infrastructure and to to make sure that your
environment is healthy all the time let's have a look at the first one which is azure web app web apps provide full support of Hosting web applications it supports uh following programming languages such as as.net core asp.net Java Ruby nodejs Python and PHP it also supports Windows as well as Linux operating system the next one is API apps you can use rest based web apis by using your choice of language and framework it provides full Swagger support and the ability to package and publish your apis in Azure Marketplace and apps created by API apps can
be consumed by any HTTP or https based clients the next one is web job which is similar to Aon job in Linux that means means it can be scheduled or triggered manually you can use Azure web jobs to run a program for example an exe file a Java program a PHP or a nodejs program you can also use it to run your scripts such as CMD do bad file Powershell or even bash scripts the ideal use case of using Azure web jobs is to run any background task or jobs the next one is mobile apps
as the name suggests it enables you to build a backend for your iOS or Android application you can also Store app data in a cloud-based SQL database and it provides user authentication using social provider such as Microsoft authenticator or Google account or a Facebook account you can use its inbuilt feature to send push notifications and you can also execute custom backend logic in C or nodejs let's have a look at the pricing plan for Azure service because in the exam there could be some questions based on this particular slide so let's have a look don't
worry about it you don't have to remember everything I'll just walk you through it so from exam point of view you just have to focus on basic and standard right but let's have a look at each one of those and then we'll discuss about about the exam perspective so the free tier and the shared tier both provides you storage of 1 GB each they don't support any number of instances that means they come with the default one instance per app service three tier does not support customized domain but shared tier does and they both do
not support Autos scaling support because we don't have any number of instances they run on the shared hardware that means means the underlying operating system shared by other users and other organizations as well and they do not support hybrid connectivity now if you talk about the basic plan it provides 10 time more storage than free or shared plan and it comes with support of up to three instances but you cannot use Auto scaling in this as well and it runs on a dedicated Hardware now if we compare the basic and standard plan standard plan has
50 GB of storage and you can have up to 10 instances it supports order scaling customized domain and it also runs on a dedicated compute when there is a scenario given in the exam which focuses more on the auto scaling requirements and you have to achieve that into the least possible cost then standard would be the ideal choice if you do not need Auto scaling but but you need customized domain and you can have a Max of three instances if that is your requirement then basic plan would be the ideal Choice obviously you cannot remember
each one of those so just keep these two in mind and you should be good all right so I have logged into my Azure portal and I'm going to go ahead and create a new resource of type app Services click on create over here and then enter the basic details as we do for any Azure resource such as create a new Resource Group give it a name easy 900 with f RG hit okay then give this web app a unique name a900 with and then we have three options to publish our code we can directly
upload our code over here and select a runtime stack or we can use a Docker container or we can even use a static web app so for this demo we will be using a Docker container and as we have seen in the concept section of this video it supports both Linux and Windows operating system as the underlined host so I'll go with the default Linux host and here is the region which is let me keep it default East us and then there is a link Linux plan Linux plan is a type of app service plan
it app service plan will have different resources such as your vcpus your RAM storage and all the resources that a machine would have right so if we already have an app service plan created we can use the same to provision multiple Azure web apps but because we are using it for the first time it will create one for us and then here is the the pricing plan pricing plan is based on the pricing tier that we have just seen So based on that it will choose a pricing plan for you if you want to explore
the pricing plan and see the difference between those just click over here explore pricing plans and it will show you the different options right so how much CPU is available how much memory is available remote storage and and all those things you can sort it by the feature view as well right so there is the free plan basic plan Premium plan isolated and and there are other categories as well such as Dev test production so in this plan basic B1 it says it has three instances and it has 10 gigs of storage I'll go ahead
with the basic B1 plan once I selected over here I'll just have to hit select and then click on next the docker options we can use a single container or a Docker compose if we want to create a mini cluster of multiple Docker containers and image source could be a quick start guide or an asure container registry or a public registry such as dockerhub or even a private registry so I'll just go go ahead with this one and choose a sample enginex image for our web app deployment and rest everything uh let me keep it
default and hit review and create and create it says deployment is in progress now and it says it's been completed so let's go ahead to the resource and on the left side you will have all the details and if you want to browse your application that's been deployed as a Docker container you can just hit browse and your app will be open on the DNS that you have specified as the name of your web app and then the suffix will be azurewebsites.net so this Azure website. net is the public domain that it comes with but
as we have seen earlier some prizing tier supports customized domain as well so this is okay for your learning and for your POC environments but for production grade environment you would need a customized domain support let's have a look at some other things such as if you go down you will see the instance count as one right it can go up to three instances but the initial instance count is one it is deployed in only one instance at the moment it is not deployed in a high availability environment you can always scale up and use
a bigger instance for example with more memory and more RAM if that is your requirement and you can always stop restart or delete your web application from here on the left side if you see we have deployment slots this particular pricing tier does not support deployment slots so that is why it is asking us to upgrade to a premium or standard plan so that we can add slot so let me give you a brief introduction about the deployment slot so let's say you have deployment slot V1 which is your production app right your all the
production traffic is redirecting to this version you create a new slot let's call it V2 and you deploy your code on this one so this environment will become your staging environment now to save the downtime and to make sure that your users are not impacted with the production release you can just make a swap between the version V1 and V2 so this V2 then becomes your production version and V1 will become your staging version and then you can decommission V1 right so V2 is the live version so this is what this swap means and from
here you can add the slots when you upgrade the plan to a standard or a Premium plan let's start with the very basics of azure networking Azure virtual network is a cloud-based Network environment in Microsoft azure it allows you to create and manage your own isolated Network environment in the cloud you can further segment your network into one or more subn networks called subnets and allocate a portion of your virtual Network address space to each subnet for example if you have 256 IP addresses in your virtual Network you can create subnet a with 64 IPS
subnet B with another another 64 IPS and rest of the IPS you can use later to create more subnets you can then deploy Azure resources in a specific subnet such as virtual machine in subnet a and database server in subnet B it enables you to connect your virtual machines databases and other resources securely either within the same virtual Network or across different virtual networks by default resources within the same virtual Network have access to each other you can secure resources within subnets using network security groups and create inbound and outbound rules to filter the network
access for example allow everyone access to this virtual machine over the public internet on Port 80 and 443 and only allow SSH access from a specific IP range on Port 22 rest of the incoming connections will be blocked for the other subnet you can have a network security group that allows only the SSH access from the specific cidr range on Port 22 and Public Access will be blocked now let's move on to Azure portal and create a virtual Network all right so I have logged into my Azure portal I'm going to go ahead and create
a new resource I'll search for virtual Network or vnet over here and click over here create then enter the basic details such as your subscription Resource Group let's create a new Resource Group test a900 Resource Group click okay now enter your instance name test instance region let's keep it default hit on next IP addresses and by default if you see it allocates the space 10.0.0 sl16 which has 65,536 IP addresses so let me just delete this default IP address space and create a new one 10.0.0.0 SL 2 any1 that has less number of ips than
65,536 if you know the IP address calculation you can watch my another video the link in the description as well as in the title bar feel free to check that out but for this particular exam you don't need to know the IP address calculation just remember that vnet IP address space is the superet and the subnet IP address space is the subset right so let's go ahead over here and create a new subnet each virtual Network should have at least one subnet I deleted the default one so that we can create a new one so
just click over here add subnet and give this subnet a name let's call it subnet a enter your subnet address range over here which should be the subset of your vnet address range so over there we use 10.0.0.0 sl21 over here let's put 2.0 SL 28 right and this range will have 11 IP addresses plus five IP addresses will always be reserved by Azure for future use and click over here add so I'm going to just create one Subnet in this VPC for the demo purpose then click over here security this says uh Bastion host
dos production firewall everything is disabled by default let's keep it that way and hit review and create and then create okay so our uh vnet has been created click over here to go to the resource so here are the details and then if you go on the left side there is the address space as well it says this is the address space of your vnet it has 248 IP addresses out of which we used around 16 for subnet a here is your subnet again it says subnet a has 11 IP addresses you can add more
subnets as well after the vnet is created and then if you scroll down to the bottom there is an option which says diagram here your network diagram will be generated for you currently it only has a virtual Network and a subnet that is why that is what it's showing over here but when you have more resources when you create a virtual Network there'll be a network interface card created with it and there are some other things so it will show over here in a hierarchical diagram so that's it for uh this demo and don't forget
to clean up the virtual Network just go back to the overview and hit delete and delete the virtual Network you can keep it as well there is no charge associated with using just the virtual Network you will be charged based on the instances and the resources that you use as part of it like the storage instance and all those things so let's start with virtual Network Beering let's suppose you have three virtual networks virtual Network a vnet b and vnet c with one default Subnet in each of the vets and virtual machines in each of
them so you have the resource deployed globally among multiple regions in different vets Azure virtual Network bearing is a feature that allows you to connect two or more virtual networks in the same region or different regions this feature enables virtual machine from different vets communicate with each other over their private IP this means that traffic is internal and never leaves the Microsoft barebone network which makes it secure this is particularly useful when you have different workloads that need to communicate with each other but are deployed in separate virtual networks all the virtual machines inside these
connected vets behave as if they are on the same virtual Network now let's have a look at virtual private networks let's suppose you have resources deployed inside an Azure Network as well as on on premises Network and you have to connect them via a secured encrypted Network in that case you can use VPN you deploy a service called VPN Gateway on the Azure site and a service called local network Gateway on your on premises Now using the public IP of your local Gateway device you can create an encrypted site toite IP SEC tunnel this is
your VPN connection which connects these two networks over the public internet but through an encrypted Channel now if you want to connect your users or clients to Azure through a secured Channel then you create a point to side VPN connection express route is a dedicated connection that lets you extend your on premises Network into the Microsoft cloud over here is your on premises Network and here is your Office 365 like your Microsoft Services as well as your azzure virtual Network so express route lets you connect these networks together through a dedicated line right there is
a partner Edge and then there is a Microsoft Edge it creates an express route circuit between these so this is a primary express route circuit and it creates a connection to that and that connection connects with the virtual Network then the second part of this primary circuit will let you connect your on premises network with the Microsoft Office 365 services in the same way you can have a secondary connection and it will also have two links one with the Office 360 65 and another one with the virtual Network so this secondary connection is helpful in
case when your primary goes down then the traffic will be redirected from the secondary circuit right express route has a lot of benefits over your VPN Gateway or a VPN connection for example these connections are highly reliable it provides faster speed lower latencies and higher bandwidth this connection supports up to 10 gbps which is a lot and this is not the case with a VPN Gateway so these are all the use cases of using an express route over a VPN Gateway but this solution is costlier than VPN Gateway the other important benefit of using an
express route is it does not go over the public internet this connection over here that we see this is a dedicated connection that means it doesn't go over the public internet so it provides a dedicated connection between your on premises and your Microsoft data center hence this connection is is more reliable than VPN Gateway now that we have seen Azure express route now let's have a quick introduction of azure DNS or domain name server so Azure does not let you purchase the domain from the Azure DNS itself but you can use app service to buy
a domain for a yearly fee right so your user can go and purchase the domain from Azure app service or through a third party domain register such as GoDaddy or host getter or name chep and so on once the domain is purchased you can use Azure DNS to host your domain again host the domain it lets you manage your DNS zones you can also create private DNS domain using Azure DNS and you can also manage your records it also supports alas records so that you can refer and Azure resource using a domain name instead of
an IP you can store a massive amount of unstructured data in azure unstructed structure data means there are no restrictions on the kind of data it can hold it could be a video file text file images binaries log files and so on as these files does not have a fixed structure it's called blobs or binary large objects blobs are uploaded to a blob container for secure and fast access think of a lob container as a folder or a bucket that holds multiple blobs where a blob is an actual data file that you want to store
blob is an object based storage and your blobs can be accessed by your client applications and users over a secured HTTP or https connection all right let's quickly do a quick recap of the blob storage that we have just seen so blob storage is used to serve images or documents directly to a browser such as static webs side hosting using a Content delivery Network it is also used to store files for distributed access and you can also stream videos and audios directly from your blob storage because those are also the static files and it is
also used to store data for backup and restore disaster recovery and for archiving purpose you can also store data for further analysis by an on premisis or Azure hosted service so there are a lot of use cases of using an Azure blob storage so this is what we have seen so far for Azure blob storage it will be similar to a blob storage but instead of blobs we have files in Azure file storage instead of uh containers we have file shares so these are called file shares and this is file share B the other difference
is how the files are accessed by the application and by the user so in Blob it was accessed over HTTP or https whereas in Azure file storage it is accessed over your NFS or SMB protocol so think of it as mounting your file share as a network drive on multiple computers over cloud or on premises so like you have your let's say these two are your VMS there is a file share over here so you can mount this file share to both the VMS at the same time so this is how you would use an
Azure file share this if you have worked with AWS before this this is similar to elastic file storage now let's quickly recap about Azure file storage well it enables you to create file shares in the cloud and access these file shares from anywhere with an internet connection Azure file storage exposes file share using SMB 3.0 protocol or NFS protocol once you have created a storage account you can upload files to Azure file storage using the Azure portal or tools such as AZ copy you can attach a network drive to multiple computers and this is what
file storage will do for you it has two performance tier based on your cost and performance requirements the first one is Stander tier which is a hard disk based Hardware in the data center like sdd for slower performance but lower cost it also has a premium Tire which uses ssds and it provides a greater throughput but it is costlier than the standard tier based on your performance and cost requirement you can put your Azure file storage in either of those tiers now let's have a look at Azure Q storage let's suppose you have an application
that performs a certain number of tasks task one task two and task three these tasks are then passed to aure Q storage in terms of mass mesages it becomes messages when transferred to Q storage the size of each message can go up to 64 KB then these messages are then transferred to a Azure service for further processing such as Azure function and it performs the asynchronous processing on these messages so this process is called asynchronous processing of the messages so this is how an Azure Q storage works you can store a massive amount of semi
structured data in Azure as well semi structure data means no sequal data that does not require a fixed schema such as a Json file document based data a key value pair based data and so on as these files do not have a fixed schema and does not use SQL Concepts such as foreign key joints and relationships data is uploaded to Azure table inside a storage account for fast and secure access so we have seen Azure Q storage Azure file storage Azure blob storage and Azure table but all these storages are part of a bigger storage
service which is storage account so storage account can have multiple tables blobs file and cues it it is used to store messages files unstructured data and semi structured data in the form of these services that we have just seen it is highly scalable and can hold pabes of data storage account name should be unique within Azure so this would be a sample end point of an Azure service the first block is your storage account name which is what we have seen should be a unique name the second is type based on the ser that we
have used either table blob file or Q so that would be the type over there and the last part would be same for like whatever service you are using so it will remain the same then we have a concept called storage access tier So based on your performance and cost requirement so you put your Azure blobs in one of those access tiers so we have a hot tier cool tier and a an archival tier so let's quickly have a look at these two first so in hot tier is the default access storage tier that means
when whenever you create an Azure blob storage this will be selected by default and it is used to access frequently Access Data like your images your static files that is served by a website and you know website needs to access it frequently so all those use cases are for hot tier it provide highest performance but at the same time it is costliest because it is providing you the fastest performance and lower latency cool tier is used to store infrequently accessed data and it has to be stored for at least 30 days it is cheaper than
hot tier and at the same time it provides a lower performance than hot tier you can migrate your storage from hot tier to cool tier to save the storage cost so keep that in mind if you want to save the cost but you can compromise with the data access performance then you can just migrate it from hot tier to cold tier then the next one is archival tier archival tier cannot be set at the account level you can set it on the blob level it is used for aival storage as the name suggest but you
should should have the data at least stored for 180 days to be used as archived tier then it has the highest Len because it is cheapest among all and it takes hours for the data retrieval and you cannot directly just use the data from archive tier you first have to change it from hot tier or cool tier then the blob will be rehydrated that's the process that it performs and and you can only read The Blob only when the rehydration process is completed so this process takes art based on the size and length of the
data and it is cheapest among all so you use uh this tier when you don't have to retrieve the data instantly it is generally used for archival for audit and compliance purpose or long-term retrieval of your lcks and so on now we have have a concept called Azure storage redundency Azure always stores multiple copies of your data so that it is protected from planned and unplanned events such as Hardware failures Network or power outage or natural disasters you select the redundancy option based on your cost and your availability requirements the first one is locally redundant
storage which replicates your data three times within a single data data center in the primary region even if two copies of your data gets corrupted you still have the data available through the third copy it provides the service in least cost and offer least durability because if your data center fails the data will be lost then we have another option which is Zone redundance storage Zone redundance storage replicates your Azure storage data synchronously across three Azure availability zones in the primary region then we have Geo redundance storage which in which your data is replicated to
a secondary region so that your data will be highly available if there is a region failure as well so this is done through GE application within secondary region there is also a read AIS Geo redundance storage which is r grf in which data of your secondary region is read only to save some storage cost and there is a geozone redundant storage in which the primary region data is replicated in multiple availability Zone and secondary region is just locally redundant storage that means it is replicated across three locations within the same data center so you choose
your redundant option based on your availability and your cost requirement a traditional on premises infrastructure would have servers and database running on either VMware or hyperv or physical servers there are various data migration options provided by Azure first one is azure migrate which performs the initial Discovery and assessment and prepares the server for migration then it migrates the server running on on premises or any other public Cloud infrastructure to Azure Cloud VMS or web apps next option that we have is azure database migration service which performs the assessment of SQL servers and help pinpointing the
potential problems that could block the migration then it performs the database migration to Azure VMS running on SQL Server Azure SQL database or SQL managed database instances we also have Azure data box which is used to move large amount of offline data to Azure so let's have a look at the Azure data box now well it's a physical migration service that helps transfer large amount of data to Azure this service comes with a physical Appliance such as Azure data box which comes with five ssds of 8 GB each that means a total of 40 TB
it supports then we also have Azure data box which can support around 100 TB of data storage and transfer then we also have data box heavy which can store and transfer up to 1 petabytes of data you can simply import your data from on primis to either of these devices based on your storage requirements and then ship it to Azure data center data is then automatically exported to Azure Cloud once it is exported to aure the data within the divides get erased it's completely wiped out and Main use case of the data box is when
you have a large amount of data typically more than 40 TB or when you have a requirement of bulk data transfer sometimes you also have to store large amount of data in Azure for security and compliance purpose so all these are use case of using a Azure data box on and all it is a reliable fast and secure transfer service in addition to large scale migration using services like Azure migrate and is your datab box Azure also has tools designed to help you move or interact with individual files or small file groups first one is
aasy copy which is a command line based utility that lets you interact with Azure storage to transfer blobs and files to and from Azure storage accounts well you can upload your data files you can also download the blobs or files from Azure storage account and you can also copy the files between storage account and also synchronize the files between storage account but the synchronization process is unidirectional that is this is one way and not bidirectional the next one that we have is azure storage Explorer it's a GUI based application and in the back end it
is using AZ copy command line tool to perform the data transfer to and from aszure Storage account you can simply do drag and drop drop using the GUI and then you don't have to run the a copy commands from the command line then we have aure file sync we use Azure file sync when we have to synchronize the files between your local Windows server and Azure files in the your storage account and this sync process is bidirectional that means both the ways and it is used to sync only the files not blobs not any other
data type just file and from your local Windows server to Azure file so you install this Azure file sync agent on your local Windows server and then it performs the file sync for you first let's have a look at the basics of identity authorization and authentication an identity could be a person a device a computer a functional ID or anything that access your application when you try to sign in to your application by using an authentication method such as username and password a request goes to an authorization server that validates your authenticity it checks whether
you are who you say you are and not someone impersonating you if the validation is successful you are logged in and this process is called authentication then you try to access an application or a service request goes to the OD server again and checks if you have the access ACC or not if you have the access then access is granted and you should be able to access that service or application this process is called authorization that means whether you are authorized to perform certain operations or not so this is the normal process of identity authentication
and authorization it becomes difficult to manage your identities when you have your application running on multiple platforms and environments for instance you need to access your Office 365 applications or Microsoft applications such as Microsoft teams and your workload is running into Microsoft Azure so you have your workloads and applications running on multiple platforms and services you would need a centralized server which takes care of your identity management this is where active directory comes in well active directory is something that you host on premises on a Windows server but if you need similar capabilities in Cloud
Azure active directory is the service for you it's a manage cloud-based identity and access management offering by Azure it comes with a lot of features such as authentication authorization single sign on which means you can use the same credential to login into multiple platforms and applications as it provides a centralized user management system it also provides capabilities of self-service password reset and multiactor authentication which means you need to provide extra details on top of your credential to authenticate yourself as a valid identity such as OTP sent to your phone or email key generated by a
soft token or hard token some security questions that you have set during the registration your PIN capture verification all these are using multiactor Authentication it provides an extra layer of security for logging to your application there is one more service which is called Azure ad identity protection that forces the user to change the password if the login location or Source IP is unidentified again this is to protect your identity as a user so that your application is secure enough and no unauthorized user should be able to penetrate the system now let's talk about as your
active directory connect if you had an on premises environment running active directory and a cloud deployment using Azure active directory you would need to maintain two identity set for the same identity however you can connect active directory on premises and Azure active directory enabling a consistent identity experience between cloud and on premises users can use a single identity to access on premises application and cloud service such as Microsoft Office 365 one method of connecting Azure ad with your on premises ad is using Azure ad connect or Azure active directory connect service Azure ad connect synchronizes
user identity between on premises active directory and Azure active directory so you can use the services like single sign on multiactor authentication Self Service password reset under both the systems which also eliminates the need for managing same identities in multiple places let's talk about Azure active directory domain service a manage domain is configured to perform oneway synchronization from Azure active directory to Azure active directory domain service you can create resources directly in the manage domain but they areen synchronized back to Azure in hybrid environment with an on premises active directory domain service environment Azure ad
connect synchronizes the identity information with Azure ad which is then synchronized to the manage domain this is a oneway synchronization from Azure active directory to Azure active directory domain services that means any changes happen at the source location would reflect in the destination as well but not the other way around also this service provides manage domain services such as domain join group policy ala authentication and also some Advanced authentication mechanism such as Kos and nlm so these Advan authentications are not provided with Azure ad connect or Azure active directory so if you need to have
a manage domain service then you use Azure ad domain service make sure you understand the difference between Azure active directory Azure ad domain service and Azure ad connect service this exam would not validate your skills on in-depth level of these services but you should know the basics of these and when to use with service so there are resources in Azure such as virtual machine databases Azure function Azure web app and so on and you need to perform certain task on each of these resources such as start stop virtual machine edit virtual machine view virtual machine
and so on assigning each of these permissions manually to a user is a tedious and inefficient task instead you can group The these actions into multiple groups called roles and assign that role to a user you can also assign multiple roles to a user in this example if you want your user to have readon access to the various resources you can create a reader role with certain set of permissions such as view virtual machine view database read function and view web app all of these permission collectively known as a role that you can assign directly
to a user or a group of users if you remember one of our earlier videos in which we discussed about resource hierarchy role can be assigned to Management Group level subscription level Resource Group level or even at individual resource level and if it is applied to a parent node that means it is inherited by the subsequent children nodes so if let's say you applied a reader role at Management Group level then all the resources all the object inside this hierarchy such as the subscription and this subscription this Resource Group and all the resources would have
the reader role by default so it inherits from parent to Child by default and you can override it for example you want only uh the admin access to this particular resource over here so you can assign the admin rle directly to this resource over here and for rest of them would have the reader role by default so these all are nothing but scope so scope could be at a Management Group a subscription a resource Group or even individual resources so we have our scope such as resources our rool such as a reader role a contributor
role owner role or a custom role and then we have our identity on which the role is applied such as a user a group of users manage Identity or even a service principle so combination of a scope a role and an identity is collectively known as a role assignment let's head over to the Azure portal and see how a role assignment works all right so we are logged into our Azure portal on portal. azure.com and we're going to head over to one of our scope it could be a subscription a resource Group or a resource
let me go ahead to this Resource Group over here which is backend RG once I do that on the left side you will see different options so we have to go over here which says XIs I am so this is the place where we provide the RO assignment and check the current roles to do a rooll assignment you can click over here which says add and click add roll assignment now it will ask you again those three things that we have asked first is scope scope scope we have already selected as a resource group so
that is the default scope for now and then it will ask you to select the rules so here are the different roles it has reader role access review operator and there are like a bunch of roles over here so let me go ahead and select the reader role and then hit over here which says next then it will ask you the identity whether the role is to be assigned to a user group or service principal or a manage ID entity so let me select a user and click over here which says select members now on
the right side it will ask me which member this role needs to be assigned to so here is a demo user that I have created for this demo so I'm going to select this once I select this then it will ask you to review and assign the rule right so again we have selected three things first is the role itself then the identity to which the role is to be assigned and then the scope which is Resource Group for this so I'll click over here which says uh review and assign and hit it one more
time okay it says added role assignments now you can view the existing Ro assignment from here which says role assignments and if I scroll down to the demo user it says it has the reader role now this is the scope over here is this resource which is a resource Group so if I go to overview section of this Resource Group and go to a resource inside that Resource Group which is this storage account and again I go to IM and check the role assignments over here you see this demo user has a reader role for
this Resource as well which is a storage account and it was inherited from the resource Group so this is what we discussed how role is assigned from top to bottom in the hierarchy and let's say my user P SVA has the owner role on this resource because I am the owner of this subscription so it is inherited from top to down for that as well so if I will login with my demo user I would have the reader access to this Resource as well as the resource Group let's talk about conditional access now you have
a user trying to log to your server from either unexpected location or an unknown location or a device asure active directory treats this as a suspicious activity and prompt the user to provide one or more authentication method such as capture or onetime password or even a personal identification security question based on the response it will decide to either Grant You full access limited access or deny access to the requested resource so this process is called conditional AIS all right let's start the video with cost management introduction we have already seen capital expenditure and operating expenditure
in the beginning of this series where capital expenditure is The Upfront cost that you spend and operating expenditure is the recurring cost that you spend over a specific period of time a number of factor influence the cost of the Azure resources these factors such as the type of resource the setting of the resource and the Azure region will have an impact on how much the resource going to cost now let's take an example of a virtual machine the cost of a virtual machine depends on the virtual machine size the licensing the storage and the region
in which VM is provisioned and few other factors so this this type of consumption model is called pay as you go where you pay for the resources that you use during a billing cycle if you use more compute this cycle you pay more and if you less in the current cycle you pay less Azure also provides a option for Reserve capacity in which you can commit to use a certain number of resources for a specific period of time usually this period is 1 to 3 year and you receive huge discount on that commitment for example
you said okay I need 50 virtual machines for the next 3 years with 80GB boot dis and 12 virtual CPUs so this type of model will be reserved model where you are deciding the cost in advance and you'll get a huge discount on the commitment let's have a look at Azure Marketplace Azure Marketplace lets you purchase Azure based solution and services is from third party vendors using the Azure portal so let's say you are a user and you subscribe to a enginex machine image from the Azure Marketplace this enginex image is customized imaged provided by
a third party vendor such as bitnami or it could be anyone else and they said okay uh we'll give you enginex plus on top of that will give you let's say Prometheus and Griffin preconfigured and you don't have to worry about any licensing cost or any other configuration setup it is ready to use image and then you just go ahead subscribe to the image and use it and for that uh we will charge you a nominal fee let's say $10 per month this is just for an example so you will have to pay that fee
to the vendor as well as to the Azure for the resources that that you are using like this engine X image will be running on a virtual machine so you'll be paying uh the cost to Azure and to the third party vendor and the cost of this uh image will be decided by third party vendor how much they're going to charge you for that now let's have a look at another important topic which is cost estimation in Azure so we have a term called pricing calculator and total cost of ownership TCO they both are used
to estimate cost in azures but there is a slight difference between these two so let's have a look at those differences so pricing calculator provides you the cost estimation of provisioning azure resources and total cost of ownership provide you cost comparison between your on premises infrastructure and the equivalent services in Azure infrastructure let's say you have two on premises servers and two database servers running on premises and it will provide you a cost of how much you're going to save or how much will be the cost you will be incurred when you provision two virtual
machines and two database instances in Azure so that cost comparison will be provided between on premises and the Azure infrastructure you can save export and share the estimates provided by pricing calculator before migrating to Cloud you can generate a report using TCO to see if there are any potential Savings in moving to the cloud and then you can download this report and share this report as well so make sure you're understand the difference between these two uh cost management provides the ability to quickly check the Azure resource cost create alerts based on the resource bans
and create budgets which will also trigger an alert when the budget threshold has been breached so it also provides cost analysis and you can review your spendings BAS based on service location subscription and so on so let's start with our video on Azure management and governance the first topic would be Azure blueprints Azure blueprints deploy a new environment based on all of the requirement settings and configuration of the associated artifacts these artifacts can include things such as role assignments policy assignments Azure Resource Management templates and resource groups it also preserves what should be deployed using
blueprint definition and what was deployed using blueprint assignment so defination is what should be the desired deployment and assignment is what is actually being deployed now let's have a look at Azure policy Azure policy is a service in Azure that enables you to create assign and manage policies that enforces rules so that configuration stay compliant for example you create a policy see which states that you can only create virtual machines in Canada central region if you try to create that in any other location it will throw the error also it will check if there are
any existing virtual machines in any other region it will throw the error that virtual machines are non-compliant so these policies audit and control your resources a group of policy is called an initiative so you can assign the policy and you can assign the initiative as well now the next topic is resource locks so resource lock is Something That Prevent resource from being accidentally deleted or modified it can be applied at multiple levels so you can apply the resource lock at subscription level over here or Resource Group level or at individual resources level but these uh
resource locks are inherited in nature that means if you if you have applied it at subscription level then it is inherited by the subsequent child nodes such as Resource Group and resources so there are two type of resource locks delete lock and a readon lock uh with delete lock you can only read and modify the resource but with readon lock you can only read the resources you cannot modify or delete it the readon log is just like a reader role in aure the next topic is Ser trust portal Microsoft service trust portal is a portal
that provides access to various content tools and other resources about Microsoft security privacy and compliance practices so it also provides you detailed information about how they are protecting cloud services and customers data you can download all the reports and documents by going over here all documents and you can pin the documents in my library to create a custom view in this video we will summarize all the tools that we can use to interact with Azure so you can use Azure portal by going to portal. azure.com to create and manage your Azure resources you can also
use cloud shell to interact with Azure which is a browser based shell and supports bash and Powers shell both of them basically have the same functionalities it mostly depends on your familiarity with the scripting language that you want to choose as your portal and Cloud shell both are browser based utilities which means you can use these to access Azure resources from any device that has a web browser such as a phone a tablet or even a computer irrespective of their operating system for instance you want to provision a virtual machine using your mobile phone and
you can use either of these methods to provision your virtual machine using your mobile phone the other CLI based tools you can use are Azure CLI and Powershell Azure CLI is a command line based utility that can be installed on Mac windows or even Linux and you can authenticate using a login commands and access the Azure resources such as Azure web app in the same way you can use Powershell on Windows Mac or Linux to interact with Azure resources Powershell for mac and Linux was introduced with Powershell core 6.0 but now it is out of
support and you should use at least Powershell 7.2 if you want to run it on Mac or Linux now let's talk about Azure Arc well it is a service you use to manage multicloud and hybrid virtual machines kubernetes clusters and databases as if they are running on Azure so it basically manages your on premises servers and resources as an Azure resource the services that are supported by Azure Arc are physical servers kubernetes servers Azure data services SQL server and virtual machines so anything that is running on premises out of these supported Services can be managed
by Azure itself and can be turned into an arm template for infrastructure provisioning now the arm template is a service we use to provision infrastructure as a code for Azure for example as a user you create an arm template which is a Json based uh code template which has the desired state of your infrastructure let's say you want to provision 50 virtual machines into Azure so you write an Azure arm template provide all the details and then you deploy this once you deploy the arm template you will get all identical 50 virtual machines created in
your Azure subscription all right let's talk about monitoring Tools in Azure first one is azure advisor as the name suggest it evaluates your Azure resources and provides you recommendation to help you improve liability security performance helps you achieve operational excellence and helps you reduce cost the important thing to remember here is this Azure advisor service just provide you recommendations based on your existing workload it does not take any action and you have to take the further actions to correct and to imp Implement those recommendations the next one is azure service Health well Azure service health
is a dashport that shows the service health and health of your deployed resources service Health as in overall health of the Azure resources as hosted in the Microsoft data center it comprises of three components the first one is azure status which shows the status of azure Services globally and if there is any outage or the service is healthy or not not the next one is service Health it focuses on the Azure services and region that you are using and not the global resources and then we have resource Health which shows the health of your Cloud
resources such as your virtual machines deployed on Azure and whether it is impacted by any outage or whether they are healthy as per Microsoft you can even set up service Health alerts to notify you when service issues plan maintenance or other changes may affect the Azure services and region you use and using Azure monitor you can also configure alerts to notify you of availability changes to your Cloud resources so whether there is a resource that went from healthy to unhealthy due to a service outage or not so these type of alerts you can set easily
using service Health alert and Azure monitor alerts now let's have a look at Azure monitor well Azure monitor can monitor Azure resources on your on premises and even multicloud resources like virtual machines hosted with a different cloud provider data is collected from a various Source such as on premises server cloud infrastructure and networks and then it is stored in multiple Central repositories such as metrics logs and traces this data is then used in several ways you can visualize the data using tools such as Azure workbook grafana powerbi and dashboards you can also analyze the data
using tools such as log analytics and metrix Explorer and create realtime alerts and take necessary actions on those alerts such as Autos scaling groups and other actions Additionally you can integrate with different services such as event Hub import export apis and logic apps to perform some further actions in a nutshell the Azure monitor is a platform for collecting data on your resources analyzing that data and visualizing the information and even act on those results physical infrastructure security whether it is physical host physical Network or physical servers it's always a your's responsibility to take care of
those and the cloud user wouldn't have to worry about it for example if you look at this below compar diagram so it is clearly mentioned what comes under aour responsibility and what comes under customers responsibility and what comes under the shared responsibility model if you look at the last three lines physical host physical Network physical data center any of those would always be Microsoft responsibility whether it's is or pass or SS the next one is access to underline operating system only in IAS infrastructure as a service you will will get access to the underlying operating
system and in Pas and SAS you won't get that access all the comparison has been given over here you can take the screenshot and read through it or feel free to watch the video as part of a900 playlist it's everything is described in detail now let's talk about when it comes to a service uh which needs high bandwidth and dedicated Network between on premises and azure we use Azure express route in that case so make sure you understand the difference between VPN Gateway and express route and this is the costly solution but at the same
time it provides you high bandwidth and a dedicated Network between your on Prem and Azure the next one is if uh there is a keyword in the question which says you need to have a production ready server um with isolated environment you know that can be be provisioned with fewer possible steps so answer is azure Marketplace which is a service in uh which the third party vendors provide a custom image with some pre-built infrastructure already installed and you just have to subscribe to that and pay for those services to Azure as well as there is
some portion that vendor takes from the bill the next one is if there is a service which says you need to implement infrastructure as a code for Azure that you can use to launch infrastructure using some reusable code templates then the answer is arm templates Azure resource manager templates and Azure bicep which is a newer service that uh can be viewed as an extension of arm or an improved version of arm template okay if the question talks about the multicloud resource management capabilities then answer is azure Arc this is a new service like introduced a
couple of years back but this is U important to know then uh when the question talks about minimizing administrative efforts then answer is either pass or SAS because in is user usually takes care of all the administrative tasks such as server patching upgrade um and all those things but in Pas and SAS it is taken care by Microsoft and asure IM policies and permissions can be applied at all all levels of resource hierarchy uh what I mean by that is you can apply policies and permissions roles in all those levels like either at Root Management
Group subscription level Resource Group level or even at the individual resources level okay when it comes to connecting to Virtual croud network with on premises with the lowest possible cost no the service that you use is VPN Gateway it does not provide you a dedicated network but it helps you provide an encrypted IPC VPN tunnel through which you can connect your on premises Network to the Azure virtual Network through an encrypted tunnel for cost estimation Azure provides you a service called Azure pricing calculator there is another service which is total cost of ownership so make
sure understand the difference between these two PCO or total cost of of ownership focuses on the estimated saving cost when you move from your on premises to Cloud however the pricing calculator calculates the estimated cost of your resources that you're going to provision in assure so understand the difference between those two when there is a requirement to host static website on Azure and and or U for static content storage then the service that you would use is azure blob storage container Based Services in Azure are mostly Azure container instances or Azure kubernetes Services there are
some other as well such as Azure web app especially the flexible web app part uh it provides you capabilities to host your containers on that so you know try to understand those points as well and there are several ways through which you can interact with azures such as Azure CLI Azure Cloud shell which is built within the Azure portal and it provides you capability to choose from Azure Powershell or Azure bash shell and you can also use Azure portal to interact with Azure [Music] resources he don't burn me don't burn me come on you're too
hot