Escolar Documentos
Profissional Documentos
Cultura Documentos
Microsoft Learning
Ignite | May 4 8, 2015 | Chicago,
IL
Implementing
Microsoft Azure
Infrastructure
Solutions
Exam Preparation
70-533
Mark
Grimes
Residence, SE MI
18 Years MCT, 10 years ft
active
10 years consulting
with Partner,
@Microsoft
Lead Internal Identity
Technical Communities
Lead multiple internal
Azure Certification
70-533
http://bit.ly/Ignite-CertApp
http://aka.ms/certification/70-533
70-534
Implement Websites
Design Websites
Implement Cloud Services
Implement Storage
Design an Application Storage and Data Access Strategy
Implement Cloud Services
Implement Virtual
Networks
Implement an Azure AD
Implement Virtual
Machines
App Services
Virtual Machines
Web Sites
Media Services
Service Bus
Mobile Services
Cloud Services
Web Roles
Worker Roles
Notification Hubs
Scheduler
Data
Services
Storage
SQL Database
HDInsight
Cache
Automation
BizTalk Services
BizTalk Hybrid Connections
Visual Studio Online
Active Directory
Multi Factor Authentication
API Management
Azure RemoteApp
Network
ExpressRoute
Virtual Network
Traffic Manager
CDN
SDKs
.NET
Java
PHP
Python
Node.js
Ruby
Implement Websites
Azure Websites
Deplo
y
Websi
tes
Confi
gure
Websi
tes
Confi
gure
Diagn
ostics,
Monit
oring,
Analyt
ics
Confi
gure
Scale
&
Resili
ence
Mana
ge
Hostin
g
Plans
Deploy websites
Deployment Slots
Live sites w/ own hostnames
Alpha Numeric only! + hyphens
Requires Standard mode plan
(=1,2, 4 cores | up to 10 instances)
Webjobs
Scripts or Programs: .bat, ps1, .sh, PHP, .py,
Node.js
2 options: w or w/o web project
RUN:1.Continuous (App_Data/jobs/continuous)
Preview
2. Scheduled 3.On-Demand
(App_Data/jobs/triggered)
Create Schedule
Configure websites
Settings
Web App loads name/value pairs
.Net Configuration at runtime
PHP, Python, Java and Node.js applications
access as env vars
Connection Strings for SQL db, SQL Server, MySQL,
Custom
Other languages
Uses Environment Variables at Runtime
EXAMPLES
SQL Server: SQLCONNSTR_
MySQL: MYSQLCONNSTR_
SQL Database: SQLAZURECONNSTR_
Custom: CUSTOMCONNSTR_
Configure websites
Configure Custom Domain Name, SSL &
more!
CNAME (Alias) versus A record
Read more
Video Walkthrough Create Custom Domain Name and Securing Communication
Awverify -> CNAME to prove you own it
Get-AzureDeployment -ServiceName yourservicename | Select Url
Use for CNAME
Need CNAME for WWW also
Configure websites
site
site
site
site
site
See more
list siteslotstest
create siteslotstest --slot staging
create --git siteslotstest --slot staging
swap siteslotstest
delete siteslotstest --slot staging
Diagnostic Logs
Logging Websites
PowerShell
Save-AzureWebSiteLog -Name websitename
#View Live Stream
Get-AzureWebSiteLog -Name websitename Tail
Azure Command-line
azure site log download websitename
azure site log tail websitename
Connection Strings
others?
.Net: uses connectionStrings object OTHERS as Environment Variables
CLOUD SERVICE
VIRTUAL
VIRTUAL
VIRTUAL MACHINE
MACHINE
MACHINE
Imple
ment
Images
and
disks
Config
uration
Manag
ement
VM
VM
VM
Config
ure
networ
king
Config
ure
resilien
cy
Design
Imple
ment
Storag
e
Monito
r VMs
Memory
Intensive VMs
Compute
Intensive VMs
RAM
Shared
768 MB
Small (A1)
1.75 GB
Medium (A2)
3.5 GB
Large (A3)
7 GB
14 GB
Compute Instance
Name
Virtual Cores
RAM
A5
14 GB
A6
28 GB
A7
56 GB
Compute Instance
Name
Virtual
Cores
RAM
Networking
A8
56 GB
40 Gbit/s InfiniBand
A9
16
112 GB
40 Gbit/s InfiniBand
Server Roles: AD, AD FS, DNS, Print, Application, File, RAS, RDP, Web, WSUS | SQL, SP,
SC, Dynamics
NOT GOOD: Low Volume Limited growth. Regulated Environments Read more
Portal
PowerShell
Disks
(2 min)
OS Disks
Temp disks
Data Disks
Perform Configuration
Management
Automate Management
Puppet
Build, Deploy Manage = Lifecycle
Puppet Master pre-configured on Ubuntu server
Puppet Enterprise Agent install as agent
See About Azure VM Configuration settings &
Manage Images Using PowerShell
Configure VM Networking
Reserved IP Addresses
10.0.0.0/8 | 172.16.0.0/12 | 192.168.0.0/16
Each can have multiple subnets
Smallest supported subnet is /29.
Size Hosts for 2n-2
Dont use same as on-premises
Configure VM Networking
Internal Name Resolution
ELEMENT
LOCATION
NAME RESOLUTION
PROVISION
Between VMs
Same VNet
Configure VM Networking
Load Balancing Endpoints
1 Public (used by ILB) & 1 Private Port (used by VM internally) per endpoint
Azure Balancer distributes based on: Source Address, Protocol, Source /Destination
Port
Internal Load Balancing w/in Cloud Service!
Use for RDP, PSRemote, SSH
Health Probes
HTTP/TCP
Provide Base Availability Data
Detail Extensible with custom probes
Firewall Rules
Leveraging public/private/domain profiles
Automatically for RDP / SSH PS Remoting
Configure VM resiliency
Scale Up Scale Down
Slide the slider!
See Azure Limits!
Auto-Scale
Auto-scales Based on Schedule or load
Can leave VMs set initially running or stopped
Configure on the Cloud Service containing them
Update Domains
Groups of resources to be updated together
Host OS updates honour service update domains
Specified in service definition
Default of 5 (up to 20)
Only 1 rebooted at a time
Key Concepts
Hierarchy
Subscription
Cloud Service (200)
Limits and
Object
Limit
Locking 120 Create/Add
Locking
Subscription
operations in 5
minute window
N/A
Virtual Machine
Virtual Network
Storage
Account
None
No Limit
None
Storage Container
Storage
40 per storage
account
Disk Cache
Temporary Disk
Windows: D:\
Linux /dev/sdb
Azure Blob
See How to change the Temp Drive Letter
M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Monitor VMs
Configure Endpoint Monitoring
Can Aggregate metrics every hour or minute
Configure Alerts
Select Metric
Condition
Threshold
Alert Evaluation
Can Specify email sends
Configure Diagnostics
See monitor, diagnose and troubleshoot Microsoft Azure Storage
Geo-Replication Options
LRS (Single Region) | ZRS (Across 2-3 facilities within or across 2 regions) | GRS (3xs
in 2 regions)
2 types of roles:
web role: dedicated IIS for hosting front-end web
applications.
worker role: Applications can run asynchronous, longrunning or perpetual tasks independent of user
interaction or input.
Install Azure SDK, then download the SDK for the language to develop your code.
2.
If any role instances require a certificate, create the certificates. Cloud services
require a .pfx file with a private key. Upload to Azure as create and deploy the cloud
service
3.
Plan to deploy to Affinity Group? Use to deploy your cloud service and other Azure
services to the same location in a region. You can create the affinity group in the
Networks area of the Management Portal, on the Affinity Groups page.
service definition file The cloud service definition file (.csdef) defines the service
model, including the number of roles.
2.
service configuration file The cloud service configuration file (.cscfg) provides
configuration settings for the cloud service and individual roles, including the
number of role instances.
3.
service package The service package (.cspkg) contains the application code and the
service definition file.
Read more
VIP Swap
Staging -> Production
update deploymen
t
DefaultEndpointsProtocol=https;AccountName=StorageAccountName;AccountKey=StorageAcco
untKey
Monitor Cloud Services
Implement Storage
Imple
ment
Blobs
and
Azure
Files
Manag
e
Acces
s
Config
ure
Diagn
ostics,
Monit
oring
&
Analyt
ics
Imple
ment
SQL
Datab
ases
Imple
ment
Recov
ery
Servic
es
Implement Blobs
Highly scalable, REST interface based object
store in the cloud
Data sharing share documents, pictures, video, music, etc.
Big Data store raw data/logs and compute/map reduce over data
Backups data and device backups
Block blobs - (read/write/update blocks of data, great for sequential IO like files). Up to
200GB each. Most cost effective storage.
Page Blobs - (read and write in 512 byte pages, sparse files and random access, e.g.
for disks). Up to 1TB each
AZCopy cli high-performance uploading, downloading, and copying data to and from
Microsoft Azure Blob, File, and Table storage
Azure Files
Shared Network File Storage for Azure
Availability, durability, scalability are managed
automatically
Supports two interfaces: SMB
REST IaaS
IaaS and IaaS
VM
VM
Azure File
Share
(PaaS)
VM
PaaS
VM
Manage Access
Regenerate Keys
Logging Levels
Minimal e.g. ingress/egress, availability, latency, &
success %s
Aggregated for the Blob, Table, and Queue services.
Verbose Same as above + collects same metrics
per each storage operation in Azure Storage Service
API. Enables closer analysis of issues occurring during
application operations.
Off - Turns off monitoring. Existing monitoring data
persisted till end of retention period.
Analyze Logs
Logs saved in blob container $logs in storage account.
Use Blob svc API to access
Service
Tier
Perf Objectives
Max Size
Basic
2 GB
Standard
Reliability per
minute
250 GB
Premium
Reliability per
second
500 GB
Im/Export Schema
A DAC package vs BACPAC target different scenarios.
A BACPAC contains both schema and data, but does not support being imported to a
database project for schema modification. DAC packages contain only schema
information import into an SSDT database project for further development work. The
Read More
primary use for a DAC package is in deploying a database schema to development,
Read More
Logging Levels
For Blobs, Tables and Queue Services | Off , Minimal, Verbose - > per Storage
operations
Active Directory
Active
Directory
Federation
Identity
Sync
Active Directory
Active
Directory
AD FS
Read More
Authentication
Users must be authenticated by Organizational account in AAD
If Federation, then can AuthN against on-premises
Read more
Graph API
Programmatic access to AAD through REST API Endpoint
Apps use to perform CRUD operations on Directory data and objects
To call on directory must register APP with AAD
RBAC Security Groups used to perform RBAC in Graph API
EXAMPLES
Create New User, Get Properties, Disable
Check Group Membership, update, delete, etc
know
Graph API
Access AAD | REST | CRUD operations | Must register App with AAD | Security Groups
use RBAC
Config
ure a
Virtual
Netwo
rk
Modify
a
Netwo
rk
Config
uratio
n
Design
and
imple
ment
a
multisite or
hybrid
netwo
rk
Azure
Virtual Network
Virtual Networks
Flexible, multi-tier
topology
Network
segmentation
Internal load
balancing
Internet
Front-End Network Access
Load-balanced and direct VIPs
Hybrid
Connectivity
On premises
Internet
Connectivity
www.yourapp.com
Performance
Load Balancing
WestUS.
EastUS.
CloudApp.net CloudApp.net
EUNorth.
TrafficManager.net
Weight=95%
JapanWest.
AsiaEast.
EUWest.
CloudApp.net CloudApp.net CloudApp.net
Weight=5%
EUNorth. EUNorth-new.
CloudApp.netCloudApp.net
VIP
Internet IP load balanced among one or more VM
instances
MUST explicitly open input endpoints
Primarily for load balanced, highly available, or
auto-scale scenarios
PIP
Internet IP assigned to a single VM exclusively
Entire port ranges are accessible by default
For applications that dispatch/redirect to a
151.2.3.4
LB
131.3.3.3
Cloud
service
Reserved
VIP
Microsoft Azure
131.4.4.4
VM1
VM2
DIP1
DIP2
Client
2
Client
3
Default
5-tuple-hash based; spreading incoming
Source-IP-based affinity
VM
Server
Instance
VM
Server
Instance
Virtual
Network
Internet
Direct
Internet
Connectivity
AD / DNS
Backend
10.3/16
Mid-tier
10.2/16
Frontend
10.1/16
Network Security
Groups
On Premises 10.0/16
Internet
Enables network
S2S
VPNs
wildcards
subnets
Ingress Subnet ACLs VM ACLs VM
Internet
VPN
GW
Backend
10.3/16
Virtual
Network
Mid-tier
10.2/16
Frontend
10.1/16
Network Security
Groups
Workflow Steps to Create
Create a network security group (NSG).
1. Add network security rules, unless the default rules are
sufficient.
2. Associate the NSG to a VM.
3. Update the VM.
4. After update, the NSG rules will take effect immediately.
Network Security
Groups
Public VIP
External
load
balancer
Internal
VIP
Internal
load
balancer
Back end
Front end
Logic tier
Design Subnets
Read Mor
e
Appliance
ecosystem
Barracuda NG Firewall
Citrix NetScaler
Riverbed Steelhead,
Hybrid
Connectivity
Customer
Secure point-to-site
connectivity
Secure site-to-site
VPN connectivity
ExpressRoute
private connectivity
Virtual Network
Express Route
Traffic Manager
connections
Multiple on-premises sites connect to same
virtual network
Connect to multiple
virtual networks
and
on-premises
locations
VNet1
US
West
10.1/16
VNet2
East
Asia
10.2/16
VNet-to-VNet connectivity
Cross-subscription
Contoso NorthAm
HQ (10.0.0.0/16)
Forced Tunneling
On Premises
Force or redirect
customer Internet-bound
traffic to an on-premises
site
Auditing & inspecting
Internet
S2S
VPNs
Forced Tunneled
via S2S VPN
Internet
VPN
GW
Backend
10.3/16
Mid-tier
10.2/16
Frontend
10.1/16
Virtual Network
Gateway Enhancements
High Performance
Gateway
option
Better throughput
More S2S tunnels
Pricing
$0.49 per gateway hour
Data transfer & VNet traffic rates
unchanged
Gateway
SKU
Default
ExpressRout S2S
e
Throughpu
Throughput t*
*
Max
Tunnels
500 Mbps
10
100 Mbps
* Subject
to traffic 1000
conditions
behavior
Performan
Mbpsand application
200 Mbps
30
ce
No Encryption
Vnet within Azure
Intra-/Inter-region Vnet-toVnet traffic stays within
Microsoft networks, not
Internet
IKE
Compliance requirements &
better security
M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
know these 5
things now
Configure ILB
Change Plan + Configure Settings
P2S | S2S
Just do it!
Express Route
Just do it!
Resources
Microsoft Learning Site (
http://bit.ly/Ignite-Learning)
Your one-stop location for info on all available Microsoft certifications, training, and
http://bit.ly/Ignite-VirtAcad)
http://bit.ly/Ignite-CertApp)
Interactive Windows 8.1 app, to help you choose and traverse your path
aka.ms/certification/70-533