Azure Fundamentals

Cloud-computing

• The delivery of computing services over the internet. 
• These services include servers(服务器), storage, databases, networking, software, analytics, and intelligence.
• Cloud computing offers faster innovation, flexible resources, and economies of scale(规模经济).

Why should I move to the cloud

• Move fast and Innovate: In the ever-changing digital world, two trends emerge:
  • Teams deliver new features to their users at record speeds: Software releases
  • Users expect an increasingly rich and immersive experience with their devices and with software:  AR / IOT / Speech recognition ... many of them are powered by the cloud.
• On-demand access: The cloud enables you to quickly solve your toughest business challenges, and bring cutting-edge solutions to your users.
  • A nearly limitless pool of raw compute, storage, and networking components.
  • Analytics services / cognitive services
• Cheaper to use:  Using a pay-as-you-go pricing model. Instead of maintaining CPUs and storage in your datacenter, you rent them for the time that you need them. The cloud provider takes care of maintaining the underlying infrastructure for you. 
  • Lower your operating costs.
  • Run your infrastructure(基础架构) more efficiently.
  • Scale as your business needs change.

Three deployment models for cloud computing

        Public cloud / Private cloud / Hybrid cloud

Advantages that a cloud environment has over a physical environment 

• High availability: Your cloud-based apps can provide a continuous user experience with no apparent downtime, even when things go wrong(出现故障) (Depending on the SLA)

• Scalability: Apps in the cloud(云中的应用) can scale vertically and horizontally to increase compute(增加计算能力):

  • Scale vertically: adding RAM or CPUs to a virtual machine.
  • Scaling horizontally: adding instances of resources, such as adding VMs to the configuration.

• Elasticity: Cloud-based apps can take advantage of autoscaling to always have the resources they need.

• Agility: Deploy and configure cloud-based resources quickly as your app requirements change.

• Geo-distribution:  Deploy apps and data to regional datacenters around the globe, thereby ensuring that your customers always have the best performance in their region.

• Disaster recovery: By taking advantage of cloud-based backup services, data replication, and geo-distribution, you can deploy your apps with the confidence that comes from knowing that your data is safe in the event of disaster.

Three cloud service models

• IaaS: A cloud provider will keep the hardware up-to-date, but operating system maintenance and network configuration is up to you as the cloud tenant. 
• PaaS: The cloud provider manages the virtual machines and networking resources, and the cloud tenant deploys their applications into the managed hosting environment. 
• SaaS: The cloud tenant only needs to provide their data to the application managed by the cloud provider.

Microsoft cloud adoption framework for Azure

Core Resources

Azure compute services

for running cloud-based applications. It provides computing resources such as disks, processors, memory, networking, and operating systems, including:

• Virtual machines / Virtual machine scale sets: (IaaS)
• Container instances / Kubernetes service
• App Service: build, deploy, and scale enterprise-grade web, mobile, and API apps running on any platform (PaaS: using a fully managed platform)
• Azure Functions (or serverless computing)

Azure networking services

• Isolation and segmentation
• Communications with Internet
• Communicate between Azure resources
• Communicate with on-premises resources
• Route network traffic
• Filter network traffic
• Connect virtual networks

Azure storage services

• Blob Storage / access tiers: balance storage costs with access needs: hot/cool/archive
• Disk Storage
• Files Storage

Azure database and analytics services

• Azure Cosmos DB: globally distributed, multi-model database service
• Azure SQL database: relational database based on the latest stable version of the Microsoft SQL Server database engine (PaaS / fully managed). You can use it to build data-driven applications and websites in the programming language of your choice, without needing to manage infrastructure
• Azure SQL Managed Instance
• Azure database for MySQL / PostgreSQL
• big data and analytics

Security, identity, governance, privacy and compliance

Security

• general security
  • security information and event management (SIEM) system: 
    • aggregates security data from different sources
    • threat detection and response
  • Azure Key Vault:
    • a centralized cloud service for storing an application's secrets in a single, central location
    • provides secure access to sensitive information by providing access control and logging capabilities.
• network security
  • defense in depth
  • firewall / DDos protection:  help control what traffic can come from outside sources
  • network security groups: just like an internal firewall

Identity services: secure access to your applications

• Azure AD / SSO
• multi-factor authentication / conditional access

Cloud governance strategy: maintain control over the applications and resources that you manage in the cloud

• role-based access control / resouces locks / tags / Azure Policy / Azure Blueprints

Privacy and compliance

Cost Management and SLA