Morning sessionIntroduction Azure structureMS Account > Mgmt group (

1. Morning session
2. Introduction
3.  
4.  
5. Azure structure
6.  
7. MS Account > Mgmt group (optional) > subscription > resource group > resources
8.  
9.  
10.  
11. Policy - what can be done. Applied at subscription level
12.  
13. RBAC - who can do it. Can be applied at resource group level or resource level.
14.  
15.  
16.  
17. Multiple subscriptions for one account e.g. different subscription for diff department, training etc. Use management groups to manage this (optional).
18.  
19.  
20.  
21. Policies can be applied to subscriptions to control what resources can be purchased. This is a new feature. Policies can also be applied to management groups for better scaling.
22.  
23.  
24.  
25. Create VM will create multiple resources. Use resource groups to manage this. Use this from the get go so over time its easier to manage. E.g. Windows VMs, Linux VMs. Use resource groups for Role based access control. Only win admins can access win environment etc
26.  
27.  
28.  
29. Essential learning
30.  
31. Resource group
32.  
33. Virtual networks
34.  
35. Storage
36.  
37. Apps
38.  
39. Azure Active directory
40.  
41.  
42.  
43. Lab preparation (perform for each module)
44.  
45. Add 20533E Environment script
46.  
47. Remove 20533E Environment
48.  
49. East US datacenter (always. Don’t use aus)
50.  
51. VM size - Standard_D1_V2
52.  
53.  
54.  
55. Module 1
56. May not be the most cost effective. Initial vs ongoing. Too early to know which is better.
57.  
58.  
59.  
60. Public cloud - aws etc
61.  
62. Private cloud - your own managed cloud
63.  
64.  
65.  
66. Cloud services
67.  
68. Software (exchange, sharepoint, office365). Use of app.
69.  
70. Platform - Services (sql, azure AD, ). Management of app.
71.  
72. Infrastructure - VMs, networks. Control of infra/app etc. More control. Cost effective?
73.  
74.  
75.  
76. IDaaS
77.  
78. DRaaS
79.  
80.  
81.  
82. Using MS platform to host application.
83.  
84. Platform managed by MS. You manage application. They handle all the patching, OS level. May not be suitable. Alternative is IaaS for app. You get full control over VM.
85.  
86.  
87.  
88. Platform you only get access to the application itself. Not the OS itself.
89.  
90.  
91.  
92. Backup every 5 minutes.
93.  
94.  
95.  
96. Physically compliant with defence standard. Aus government compliant for data.
97.  
98.  
99.  
100. 4 datacenters in aus. Melb, syd and 2 in canberra.
101.  
102.  
103.  
104. https://azure.microsoft.com/en-au/pricing/calculator/
105.  
106.  
107.  
108. Answer key is useful if youre struggling with labs. Full details on how to perform the labs.
109.  
110.  
111.  
112. Tags used for categorizing resources with billing
113.  
114.  
115.  
116. MS Azure Classic - Outdated information. We use Azure Resource Manager.
117.  
118.  
119.  
120. New portal is backwards compatible with resources created in old portal. New powershell commands usually have rm in them.
121.  
122.  
123.  
124. Difference between VPN and ExpressRoute
125.  
126. Does not go over the public internet
127. Extra cost through service provider
128.  
129.  
130. Planning design sequence - Resource groups > VNET > Storage > VM
131.  
132.  
133.  
134. Afternoon session
135. Virtual networks
136. Max 8 nics per VM.
137.  
138.  
139.  
140. Virtual networks (VNET)- Provides DHCP service. No need for DHCP server.
141.  
142.  
143.  
144. Azure will reserve first three addresses and the last address. Total of four addresses per subnet.
145.  
146.  
147.  
148. You can configure the DHCP service but if you have any issues you're on your own.
149.  
150.  
151.  
152. Resource group does not affect connectivity. More for administration of resources. Must be the same datacentre.
153.  
154.  
155.  
156. Once you establish a connection. It is very difficult to change the connection config. Workaround is to delete VM (keep hard drive) and assign different network.
157.  
158.  
159.  
160. The VNET connection for the VM is done during the build process. Used to be optional but any VM must use a
161.  
162.  
163.  
164. 250ish VNET per datacentre
165.  
166.  
167.  
168. PaaS resources accessed via internet. Publicly accessible.
169.  
170.  
171.  
172. Service Endpoint is used to connect a PaaS resource to a VNET (e.g. SQL). Reason to use Service Endpoint is to use the Azure backbone. Otherwise goes over the public internet via FQDN. Feature was implemented approx 1 year ago. Similar function to a firewall.
173.  
174.  
175.  
176. Sql managed instance - https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance
177.  
178.  
179.  
180. VM with public address is assigned at the VM NIC level. Still need a VNET. Address is assigned from Microsoft's public address.
181.  
182.  
183.  
184. The VNETs communicate once you configure Peering. Peering is used to connect resources on different datacenters (Microsoft one in melb and one in syd etc). Connect VNETs using different datacenters.
185.  
186.  
187.  
188. VMNet connected devices will show NICs not VMs. Deleting the VM will not delete the VM's NIC. The hard drive is also left intact. IP is linked to the NIC. Unable to release IP until NIC is deleted (Infinite lease).
189.  
190.  
191.  
192. Configure static IP using Azure portal as opposed to within the OS.
193.  
194.  
195.  
196. Access control can be done at the VNET level not just at resource group level.
197.  
198.  
199.  
200. The VM will use the DNS configured on the VNET. You can configure the VM to point at a DC within that VNET. You can configure multiple DHCP addresses.
201.  
202.  
203.  
204. DC location best practice. Have one as close to VMs as possible. Can be over link but link must be at least T3 (45mbit).
205.  
206.  
207.  
208. Lookup global vnet peering
209.  
210.  
211.  
212. Create RG then VNET. VNET goes in a RG.
213.  
214.  
215.  
216. Sent from Outlook