Azure, Certifications

Loading

2/26/24 – Ok back to it again. I finished doing deep dives into Infrastructure and Network and even though I do not know it all 100% I have definitely filled in the gaps in my knowledge significantly. I ended up taking a practice test for AZ305 and surprisingly (or not), I got 47 questions correct out of 50. Whereas before, I got 30 or so. Significant progress!

Now it is time to move forward with Azure Storage and Identity.

The plan is to go through the documentation and for any technology I do not know well or its features too, I will deploy it in my environment. Essentially, doing the same thing I did before with Infra and Network. This helped tons in understanding the product and its use case. As I go through the documentation, I will update this post.

General Information

Storage Account can be accessed anywhere in the world over HTTP or HTTPS with different redundancy options and storage services.

As we see, Azure provides 4 storage services. A general-purpose account for Blob, Queues, Tables and Files. Then everything else would be a premium version of each service offering lower latency, scalability, and other kinds of features that are more focused for what you are looking for.

Storage Account names are unique, and no duplicates can exist in Azure.

Endpoints using your unique name + the endpoint type created by Azure:

Storage Redundancy

When you create an Azure Storage Account, the data within it gets replicated 3 times within the primary region. Azure offers 2 choices for this: Locally redundant storage (LRS) or Zone Redundant Storage (ZRS).

Storage Services

Update 2/27/24

The Azure Storage platform includes the following data services:

Azure Blobs: A massively scalable object store for text and binary data. Also includes support for big data analytics through Data Lake Storage Gen2.

Azure Files: Managed file shares for cloud or on-premises deployments.

Azure Queues: A messaging store for reliable messaging between application components.

Azure Disks: Block-level storage volumes for Azure VMs.

Azure Tables: NoSQL table option for structured, non-relational data.

Azure Data Migration Options!

We have Azure Migrate which is pretty nice tool. It is essentially a platform that allows you assess your data, ready it, migrate it to Azure and track its progress and it comes with a lot of nice integrated tools for you to use. What tools? And what do they do?

  • Azure Migrate: Discovery & Assessment: Discover and assess on-premises servers running on VMware, Hyper-V, and physical servers in preparation for migration to Azure.
  • Azure Migrate: Server Migration: Migrate VMware VMs, Hyper-V VMs, physical servers, other virtualized servers, and public cloud VMs to Azure.
  • Data Migration Assistant: a stand-alone tool to assess SQL Servers. It helps pinpoint potential problems blocking migration. It identifies unsupported features, new features that can benefit you after migration, and the right path for database migration.
  • Azure Database Migration Service: Migrate on-premises databases to Azure VMs running SQL Server, Azure SQL Database, or SQL Managed Instances.
  • Azure App Service migration assistant: Azure App Service migration assistant is a standalone tool to assess on-premises websites for migration to Azure App Service. Use Migration Assistant to migrate .NET and PHP web apps to Azure.
  • Azure Data Box: Use Azure Data Box products to move large amounts of offline data to Azure.

We talked about the migration services that Azure offers but what about tools that help us in actually doing it? Azure provides tools for this as well. We have AzCopy, Azure Storage Explorer, and Azure File Sync.

AzCopy

Azure Storage Explorer

Azure File Sync

Azure Identity, Access and Security

Update 3/1/24: So now we move to Azure AD… I mean, Azure Entra ID. There’s stuff like directory services, SSO, MFA, security, PIM and more. First things first, Entra ID is a cloud-based directory service that allows you to authenticate against and can manage access to Microsoft Cloud services and applications you create. You know how you have Active Directory in on prem windows server? Yeah, it’s like that but ‘in the cloud’.

With Entra ID, you get services like authentication, SSO, MFA configuration, application management, and device management. You can also connect to your on prem stuff via Entra Connect.

With Azure Identity, there is also Microsoft Entra Domain Services which is a managed service – I think you could also say it’s also a PaaS or SaaS offering – that provides services like domain join, group policy, LDAP, Kerberos/ntlm auth, etc. This service is neat since you don’t have to spin up a VM in Azure, worry about patching it, or managing it or even deploying it, Azure does it for you. In fact, they spin up 2 windows servers to be used as domain controllers in your specified Azure Region. A replica set.

Azure Entra AD External Identities

An external identity is a person, device, service, etc that is external to your organization. With Entra AD External identity, you allow and define the access that these identities have against your organization’s cloud resources. You let the third-party identity holder manage identity, and you manage access.

Author: Lenny