Scribd
Upload
16 views5 pages

Fundamentals of azure

The document provides an overview of Azure and cloud computing, highlighting the benefits of public, private, and hybrid cloud environments. It explains the three main categories of cloud services: SaaS, PaaS, and IaaS, detailing their functionalities and examples, such as Microsoft Office 365 for SaaS. Additionally, it covers Azure services, including compute, data, application, and network services, along with Role-Based Access Control (RBAC) for managing permissions and security within Azure resources.

Uploaded by

13it11
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
16 views5 pages

Fundamentals of azure

The document provides an overview of Azure and cloud computing, highlighting the benefits of public, private, and hybrid cloud environments. It explains the three main categories of cloud services: SaaS, PaaS, and IaaS, detailing their functionalities and examples, such as Microsoft Office 365 for SaaS. Additionally, it covers Azure services, including compute, data, application, and network services, along with Role-Based Access Control (RBAC) for managing permissions and security within Azure resources.

Uploaded by

13it11
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Fundamentals of Azure

Overview of cloud computing


Cloud computing provides a modern alternative to the traditional on-
premises datacenter. A public cloud vendor is completely responsible for
hardware purchase and maintenance and provides a wide variety of
platform services that you can use.
It also allows you to lease access to hardware and software resources that
would be too expensive to purchase. Although you are limited to the
hardware provided by the cloud vendor, you only have to pay for it when
you use it.
Cloud environments provide an online portal experience, making it easy
for users to manage compute, storage, network, and application
resources. For example, in the Azure portal, a user can create a virtual
machine (VM) configuration specifying the following: the VM
size (with regard to CPU, RAM, and local disks),the operating system, any
predeployed software,the network configuration, and the location of the
VM.
In addition to the public cloud just described, there are private and hybrid
clouds. In a private cloud, you create a cloud environment in your own
datacenter and provide self-service access to compute resources to users
in your organization. A hybrid cloud integrates public and private clouds,
allowing you to host workloads in the most appropriate location.
Comparison of on-premises versus Azure
With an on-premises infrastructure, you have complete control over the
hardware and software that you deploy. With Azure, you can deploy only
the hardware provided by Microsoft. This leads to a focus on scale-out
through the deployment of additional compute nodes to satisfy a
performance need.
using Azure makes it easy for enterprises of any size to deploy their
services close to their customers, wherever they are in the world. For
startups, Azure allows you to start with very low cost and scale rapidly as
you gain customers. Azure provides the flexibility to set up development
and test configurations quickly. Another advantage of Azure is that you
can try new versions of software without having to upgrade on-premises
equipment.
Cloud offering
Cloud computing usually is classified in three categories: SaaS, PaaS, and
IaaS.
SaaS: Software as a service
SaaS is software that is centrally hosted and managed for the end
customer. It usually is based on a multitenant architecture—a single
version of the application is used for all customers. SaaS software typically
is licensed through a monthly or annual subscription.
Microsoft Office 365 is a prototypical model of a SaaS offering. Subscribers
are always provided the most recent version. This essentially allows you to
have a Microsoft Exchange server without having to purchase a server and
install
and support Exchange.

PaaS: Platform as a service


With PaaS, you deploy your application into an application-hosting
environment provided by the cloud service vendor. The developer
provides the application, and the PaaS vendor provides
the ability to deploy and run it. This frees
developers from infrastructure management,
allowing them to focus strictly on development.
Azure provides several PaaS compute offerings,
including the Web Apps feature in Azure App
Service and Azure Cloud Services. They
just hit a button (or pretty close to it), and the
tools provided by Microsoft provision the VMs
and then deploy and install the application on
them.

IaaS: Infrastructure as a service


An IaaS cloud vendor runs and manages server
farms running virtualization software, enabling
you to create VMs that run on the vendor’s
infrastructure. Azure provides
the ability to set up virtual networks, load
balancers, and storage and to use many other
services that run on its infrastructure.
In fact, unlike PaaS, you are completely responsible for it.
Azure Virtual Machines, the Azure IaaS offering,
is a popular choice when migrating services to
Azure because it enables the “lift and shift”
model for migration. You can configure a VM
similar to the infrastructure currently running
your services in your datacenter and migrate
your software to the new VM. Azure VM Scale Sets (VMSS) is built on top of
Azure Virtual Machines and provides an easy
way to deploy clusters of identical VMs.
This
makes VMSS an ideal platform to host higher-
level microservice compute clusters such as for
Azure Service Fabric and the Azure Container
Service.

Azure services
Compute services
This includes the Azure Virtual Machines—both Linux and Windows, Cloud
Services, App Services (Web Apps, Mobile Apps, Logic Apps, API Apps, and
Function Apps), Batch (for large-scale parallel and batch compute jobs),
RemoteApp, Service Fabric, and the Azure Container Service.
Data services
This includes Microsoft Azure Storage (comprised of the Blob, Queue, Table, and
Azure Files services), Azure SQL Database, DocumentDB, StorSimple, and the
Redis Cache.
Application services
This includes services that you can use to help build and operate your
applications, such as Azure Active Directory (Azure AD), Service Bus for
connecting distributed systems, HDInsight for processing big data, Azure
Scheduler, and Azure Media Services.
Network services This includes Azure features such as Virtual Networks,
ExpressRoute, Azure DNS, Azure Traffic Manager, and the Azure Content Delivery
Network.
Role-Based Access Control
Role-Based Access Control (RBAC) to understand how you can use it to manage
the security for your Resource Manager resources. Resource Manager
deployment model that allows you to group and manage your related resources,
Microsoft introduced RBAC, providing fine-grained control over the operations
and scope with which a user can perform a control-plant action.
With Resource Manager, you can grant permissions at a specified scope:
subscription, resource group, or resource. This means you can deploy a set of
resources into a resource group and then grant permissions to one or more
specific users, groups, or service principal. Those users will only have the
permissions granted to those resources in that resource group. This access does
not allow them to modify resources in other resource groups.
Azure RBAC also supports service principals that formally identities representing
applications, but informally are used by RBAC to allow automated processes to
CHAPTER 1 | Getting started with Microsoft Azure 27 of 540 manage Resource
Manager resources.
To grant access, you assign a role to the user, group, or service principal. There
are many predefined roles, and you can also define your own custom roles.
Roles
Each role has a list of Actions and Not Actions. The Actions are allowed, and the
Not Actions are excluded.
Contributor
With this role, a user can manage everything except access. This role has the
following Actions and Not Actions:
Actions : Can create and manage resources of all types
Not Action : Write Can’t create roles or assign roles
Not Action: Delete Can’t delete roles or role assignments
Owner:
A user with this role can manage everything, including access. This role has no
Not Actions. This is synonymous with Co Administrator in the classic deployment
model.
Reader:
A user with this role can read resources of all types (except secrets) but can’t
make changes. This role will allow someone to look at the properties of a storage
account, but it won’t let that person retrieve the access keys.
SQL DB Contributor:
A user with this role can manage SQL databases but not their security-related
policies. SQL Security Manager A user with this role can manage the security-
related policies of SQL Servers and databases.
Storage Account Contributor:
A user with this role can manage storage accounts but cannot manage access to
the storage accounts. This means the user with this role can’t assign any roles to
any users for the storage account. Note that the user with this role can retrieve
the access keys for the storage account, which means they have full access to
the data in the storage account.
Virtual Machine Contributor:
A user with this role can manage virtual machines but can’t manage the VNet to
which they are connected or the storage account where the VHD file resides.
Note that this role does include access to the storage account keys, which is
needed to create the container for the VHD files as well as the VHD files
themselves.

Custom roles:
Custom roles can be created by using PowerShell, the Azure CLI, or the REST
APIs. Once you create a custom role, you can assign it to a user, group, or
application for a subscription, resource group, or resource.
Custom roles are stored in the Azure AD and can be shared across all
subscriptions that use the same Active Directory.
Examples:
Microsoft.Storage/*/read
Microsoft.Network/*/read
Microsoft.Compute/*/read
Microsoft.Compute/virtualMachines;/start/action
Microsoft.Compute/virtualMachines/restart/ action
This role can only start and restart virtual machines. It can’t create them or
delete them. A convenient way to create a custom role is to download the
definition of an existing role and use that as a starting point.

You might also like