11/12/24, 10:17 PM mystorageaznotes2207.blob.core.windows.net/az-104-11-nov/Day3.

txt

Day3

LP7 : Storage

Storage Account : Cloud based storage service

Benefits :
Managed Service / PaaS service
HTTPS Communication
Capacity : 500 TB. Pay for what you use.
Encryption - Data at REST is encrypted by default.
High Availability

Configuration:
Name : Globally unique name | lower case alpha numeric in between 3 to 24 chars
Tier : Standard (Default) vs Premium
Redundancy :
6 redundancy options are available with your standard storage account.

LRS (Locally Redundant Storage): 3 Copies replicated within a DC across the RAC servers. Helps to overcome the RAC level failures.

ZRS (Zone Redundant Storage): 3 Copies replicated within a region across the DCs in Availability Zones. Helps to overcome the DC level
failures.

GRS (Geo Redundant Storage): 6 Copies ( 3 copies in primary region in LRS + 3 copies in paired region in LRS)

GZRS (Geo Zone Redundant Storage): 6 Copies (3 copies in primary region in ZRS + 3 copies in paired region in LRS)

RA-GRS (Read Access Geo Redundant Storage): 6 Copies ( 3 copies in primary region in LRS + 3 Read access copies in paired region in
LRS)

RA-GZRS (Read Access Geo Zone Redundant Storage): 6 Copies (3 copies in primary region in ZRS + 3 Read access copies in paired region
in LRS)

Types of unplanned failures : RAC level, DC level or regional levels

Note :
These 6 redundancy options are available only with your standard storage account.
With Premium tier, you have only Regional replication (LRS or ZRS)
ZRS, GZRS or RA-GZRS options are available only with the regions that support Availability Zones.
It is possible to change the redundancy option at the later stage.

Sync and Async replication:

Sync Replication - LRS or ZRS
Async Replication - Geo (GRS and above) - Less than or equal to 15 mins

There are 4 services offered within the storage account

Containers / Blobs - Default
https://mystorageaznotes2207.blob.core.windows.net/az-104-11-nov/Day3.txt 1/4
11/12/24, 10:18 PM mystorageaznotes2207.blob.core.windows.net/az-104-11-nov/Day3.txt
Files / File shares
Tables
Queues

Example URL for different services:

Container service: https://mystorageaccount.blob.core.windows.net
Table service: https://mystorageaccount.table.core.windows.net
Queue service: https://mystorageaccount.queue.core.windows.net
File service: https://mystorageaccount.file.core.windows.net

You can add CNAME record If you prefer you can configure a custom domain name
================

Access tiers for Containers (Blobs) : 4 Access tiers (Hot, Cool, Cold and Archive)
You keep your data in the appropriate tier depending on it's frequency of accessing the data for price optimization.

Hot tier - Default. Any

Cool Tier : Data older than 30 days

Cold Tier : Data older than 90 days

Archive Tier : Data older than 180 days

You can write Lifecycle management rule to automatically move your data into the appropriate tier.

Note :
Accessing the data outside of the specified intervals can incur additional charges.
Setting the access tier to "Archive" will make your blob inaccessible until it is rehydrated back to "Hot" or "Cool", which may take
several hours.

Azure Files : Similar to on-prem File shares / network drives.

These can be mapped as a network drive.
Supports Windows, Linux and Mac OS.
Connectivity happens over the Port 445.

You may use Snapshots to take a quick backup manually.

===========

Storage security :
Data at REST : Encrypted by default (Microsoft Managed)
Additionally, you can generate your own encryption keys (Customer managed Keys) and keep them in Azure Key Vault.

Data in transit : By default, allowed to access only over the HTTPS.

Data in Use :
https://mystorageaznotes2207.blob.core.windows.net/az-104-11-nov/Day3.txt 2/4
11/12/24, 10:18 PM mystorageaznotes2207.blob.core.windows.net/az-104-11-nov/Day3.txt

Endpoints - Service Endpoints and Private endpoints

Endpoints use Azure Backbone network to ensure the data in transit is secured.

Access controls :
RBAC
Azure AD
SAS Keys (Shared Access Signatures)
Access Keys

SAS Keys (Shared Access Signatures) - More Granular control

Permissions can be given at Account level, Service level, folder, files
Type of permissions: Read, Write etc.
Start time and end time
Allowed from specified IP addresses
HTTPS protocol

Tools : 2 categories
1. Online tools : Consume network bandwidth. Recommended for small to medium amounts of data when you don't have the bandwidth
concerns.
Azure Portal, Cloud Shell, Storage Explorer, AzCopy (CLI)

2. Offline tools : If you have the bandwidth concerns especially for larger amounts of data, you can choose offline tools like :
Requesting for Azure DataBox (available for few regions only) :
Shipping the disks to MS Datacenters.

==================

LP 8 - Azure Virtual machine

Configurations:
Sub, RG and location
Naming the VM : workload type, env, location, instance etc.
example, ws-eus-dev-01

Image : Windows and Linux images. Supports custom images (64-bit)

Hybrid benefit : Bring your own License (BYOL)

VM Size : defines the number of vcpus, RAM, no. of additional disks etc.

Explore the below link to choose the right VM Size:

https://learn.microsoft.com/en-us/azure/virtual-machines/sizes/

VM Availability Options :
No-infra - 99.9% of SLA
Availability Sets - Distribute your VMs across the RAC services within a DC. Helps you to overcome the RAC Level failures.
https://mystorageaznotes2207.blob.core.windows.net/az-104-11-nov/Day3.txt 3/4
11/12/24, 10:18 PM mystorageaznotes2207.blob.core.windows.net/az-104-11-nov/Day3.txt
SLA offered - 99.95%

Availability Zones - Distribute your VMs across the Availability Zones within a Region. Helps you to overcome the DC Level failures.

SLA offered - 99.99%

ASR (Azure Site Recovery) - Helps you to overcome the Regional Level.

=================

Scaling your VMs : 2 types :

1. Vertical Scaling : Increasing (Scale Up) or Decreasing (Scale Down) the VM size.
2. Horizontal Scaling : Adding (Scale Out) or Removing (Scale in) the instances of your VM.
It can be manual or Automatic (Recommended)
If it is set to Automatic, Scaling can happen based on the rule you write (Metrics, Scheduled dates)
Scaling limit can be upto 2000 VMs however you can define the custom limit (1-20)

Scale sets can be used behind your Azure Load Balancers also.

==========================

LP 9 - PaaS Compute

App Service - This is a service that helps you to build web Apps, Mobile Apps or API apps using the programmatic language of
developer's choice.

Support for Programmatic language includes .Net, .NetCore, Java, Python, Ruby, node.js etc.

Configuration of your App Service :

Name : Globally unique name

Runtime stack : <Choosing the programmatic language for your application>
Operating System : Windows and Linux

ASP (App Service Plan) - defines the hardware and the features required for your App service.
Hardware can include - disk size, vcpus, RAM etc.
features can include - scaling (Manuel / auto), custom domain, deployment slots, max. no. of instances to scale etc.

ASP can be shared by multiple App services.

Note : To share your ASP plan with multiple apps, they all should run on the same region, same OS and the runtime stack.

https://mystorageaznotes2207.blob.core.windows.net/az-104-11-nov/Day3.txt 4/4