Azure Notes

Acronyms & Abbreviations

ARM – Azure Resource Manager
RBAC – Role Based Access Control
AKS – Azure Kubernetes Services
ACR – Azure Container Registry
ACI – Azure Container Instance
CIDR – Classless Inter-Domain Routing
NSG – Network Security Group
ASE – App Service Environment
WAF – Web Application Firewall
AGIC – Application Gateway Ingress Controller
SMB – Server Message Block
NFS – Network File System
SAS – Shared Access Signature
DDoS – Distributed Denial of Service
IKE – Internet Key Exchange
IPSec -Internet Protocol Security
OSI – Open Systems Interconnection
DTU – Database Transaction Unit

Azure Definition

Azure is made up of datacenters located around the globe. When you use a service or create a resource such as a SQL database or virtual machine (VM), you’re using physical equipment in one or more of these locations. These specific datacenters aren’t exposed to users directly. Instead, Azure organizes them into regions.

Organization Structure in Azure

1. Management Groups –
   These groups help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group.
2. Subscriptions –
   A subscription groups together user accounts and the resources that have been created by those user accounts. For each subscription, there are limits or quotas on the amount of resources that you can create and use. Organizations can use subscriptions to manage costs and the resources that are created by users, teams, or projects.
3. Resource Groups –
   Resources are combined into resource groups, which act as a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed.
4. Resources –
   Resources are instances of services that you create, like virtual machines, storage, or SQL databases.

(ref:https://docs.microsoft.com/en-us/learn/modules/azure-architecture-fundamentals/overview)

Azure Regions

A region is a geographical area on the planet that contains at least one but potentially multiple datacenters that are nearby and networked together with a low-latency network. Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced.

Special Azure Regions
    US DoD Central, US Gov Virginia, US Gov Iowa and more:
        These regions are physical and logical network-isolated instances of Azure for U.S. government agencies and partners. These datacenters are operated by screened U.S. personnel and include additional compliance certifications.
    China East, China North, and more: 
        These regions are available through a unique partnership between Microsoft and 21Vianet, whereby Microsoft doesn't directly maintain the datacenters.
There are two other terms you should also be aware of: geographies and availability zones.

Availability Zones

Availability zones are physically separate datacenters within an Azure region. Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking. An availability zone is set up to be an isolation boundary. If one zone goes down, the other continues working. Availability zones are connected through high-speed, private fiber-optic networks.

Availability zones are primarily for VMs, managed disks, load balancers, and SQL databases. Azure services that support availability zones fall into two categories:
    Zonal services: You pin the resource to a specific zone (for example, VMs, managed disks, IP addresses).
    Zone-redundant services: The platform replicates automatically across zones (for example, zone-redundant storage, SQL Database).

Azure Region Pairs

Each Azure region is always paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away. This approach allows for the replication of resources (such as VM storage) across a geography that helps reduce the likelihood of interruptions because of events such as natural disasters, civil unrest, power outages, or physical network outages that affect both regions at once. If a region in a pair was affected by a natural disaster, for instance, services would automatically failover to the other region in its region pair.

(ref:https://docs.microsoft.com/en-us/learn/modules/azure-architecture-fundamentals/regions-availability-zones)

Azure Resource Groups
All resources must be in a resource group, and a resource can only be a member of a single resource group. Many resources can be moved between resource groups with some services having specific limitations or requirements to move. Resource groups can’t be nested. Before any resource can be provisioned, you need a resource group for it to be placed in.
Resource groups exist to help manage and organize your Azure resources.
If you delete a resource group, all resources contained within it are also deleted.
By applying RBAC permissions to a resource group, you can ease administration and limit access to allow only what’s needed.

Azure Resource Manager [ARM]
Azure Resource Manager is the deployment and management service for Azure.
When a user sends a request from any of the Azure tools, APIs, or SDKs, Resource Manager receives the request. It authenticates and authorizes the request. Resource Manager sends the request to the Azure service, which takes the requested action. Because all requests are handled through the same API, you see consistent results and capabilities in all the different tools.
A Resource Manager template is a JSON file that defines what you want to deploy to Azure.
Deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually.
Redeploy your solution throughout the development life cycle
Define the dependencies between resources so they’re deployed in the correct order.
Apply access control to all services because RBAC is natively integrated into the management platform.
Apply tags to resources to logically organize all the resources in your subscription.
Clarify your organization’s billing by viewing costs for a group of resources that share the same tag.

Azure App Service
Types –
1. Web apps
2. API apps
3. WebJobs
4. Mobile apps

That’s an important difference between App Service and a VM.
With VM – you pay only when the VM is On.
With App Service – The only way to stop paying for it is to completely delete it.

(ref:https://docs.microsoft.com/en-us/learn/modules/azure-architecture-fundamentals/resources-resource-manager)

Database –

Relational DB – Strong Consistency: Call returns only after successful commit in all replicas (High availability)
NoSQL DB – Eventual Consistency: Call returns immediately, commit in replicas happens later (Low latency)

CosmosDB Consistency Level
1. Strong (<= as in regular relational DB)
2. Bounded Staleness
3. Session
4. Consistent Prefix
5. Eventual (<= as in regular NoSQL DB)

Azure Storage Services
Tiers in Storage
> Hot > Cold > Archive

Types in Storage
    > Azure Disk Storage
        HDD (Hard Disk Drive)
        SSD (Solid State Drive)
            Premium, Standard
    > Azure Blob Storage    (Object)
    > Azure Files Storage   (File)

VPN Gateway Network
> Site-to-Site Connection: Connect on-premises datacenters to virtual networks
> Point-toSite Connection: Connect individual devices to virtual networks
> Network-to-Network Connection: Connect virtual networks to other virtual networks

VPN Gateway Types
> Policy based
> Route based