1.

Describe Cloud Concepts (25–30%)

1.1 Describe Cloud Computing
 Definition:
 Cloud computing is the delivery of computing services (servers, storage, networking,
databases, software, analytics, etc.) over the internet.
 Expands the tradition it offers to include services like:
o Internet of Things (IOT)
o Machine Learning (ML)
o Artificial Intelligence (AI)
 Instead of investing in physical infrastructure, organizations rent resources on demand to
quickly expand their computing footprint.
 Key Features:
 Agility: Quickly deploy and adjust services as needs change. Example: a company launching
a new app can provision servers instantly.
 Elasticity & Scalability: Scale resources up or down automatically to handle demand spikes.
Example: e-commerce scaling during Black Friday.
 Consumption-based model: Costs are based on usage. No wasted resources.
 High availability (HA): Services stay online even if part of the system fails, thanks to
redundancy.
 Disaster recovery (DR): Data can be replicated across regions, enabling business continuity
in case of outages.
 Resource pooling: Shared infrastructure among customers provides large-scale efficiency.

1.2 Describe the Shared Responsibility Model

Security and management are split between Microsoft and the customer. The division depends on
the service model:

 On-premises: Customer is responsible for everything (physical hardware, networking, OS, apps,
data).
 Infrastructure as a Service (IaaS):
o Microsoft manages the physical infrastructure (datacenters, networking, disks).
Customers manage OS, middleware, applications, and data. (azure cloud)
o Provides raw infrastructure (VMs, networking, storage).
o Full control over OS and applications.
o Example: Azure Virtual Machines.
 Platform as a Service (PaaS):
o Microsoft manages infrastructure, OS, and runtime environment. Customer only
manages apps and data. (azure cloud)
o Pre-built runtime environment (OS, database, frameworks).
o Developers only focus on apps and data.
 oExample: Azure App Service, Azure SQL Database.
 Software as a Service (SaaS):
o Microsoft manages almost everything — the customer only controls user access and
data. (e.x., Hotmail, Microsoft 365) (like a end user )
o Ready-to-use software hosted in the cloud.
o No need to manage infrastructure or platform.
o Example: Microsoft 365, Dynamics 365

Key point: The more you move from IaaS → PaaS → SaaS, the less responsibility you have.

Use Cases:
 IaaS → Lift-and-shift legacy apps.
 PaaS → Build and host custom applications.
 SaaS → Productivity and business apps (email, CRM, ERP)

Benefits of Using Cloud Services

 High availability & scalability: Applications remain online and can handle workload spikes based
on demand.
 Reliability & predictability: Azure offers SLAs with guaranteed uptime.
 Security & governance: Built-in compliance, encryption, Azure AD, and access control.
 Manageability: Easy monitoring and centralized management through Azure Portal, CLI, or APIs.

1.3 Define Cloud Models/types (Public, Private, Hybrid)

 Public Cloud:
o Resources owned/operated by Microsoft and shared among multiple customers.
o Cost-effective and highly scalable.
o Example: Hosting a web app in Azure App Service.
 Private Cloud:
 o Cloud environment dedicated to a single organization, usually on-premises or in a
private datacenter.
o Offers more control and compliance, but higher cost.
o Example: A bank maintaining its own private cloud.
 Hybrid Cloud:
o Combination of public + private cloud.
o Flexible approach: keep sensitive workloads on-premises, move scalable workloads to
the public cloud.
o Example: A hospital storing patient data locally (compliance) while using Azure for
analytics.

Public Cloud Private Cloud Hybrid Cloud

Organizations have complete

No capital expenditure to scale up control over resources and Provides the most flexibility
security

Applications can be quickly Data is not collocated with other Organizations determine where
provisioned and deprovisioned organizations' data to run their applications

Organizations control security,

Organizations pay only for what Hardware must be purchased for
compliance, or legal
they use startup and maintenance
requirements

Organizations are responsible for

Organizations don't have complete
hardware maintenance and
control over resources and security
updates

 Cloud Deployment Models Comparison

 Identify Appropriate Use Cases

o Public: Startups, test/dev environments, unpredictable workloads.
o Private: Financial institutions, healthcare, government (compliance-heavy industries).
o Hybrid: Enterprises needing low latency + compliance but still wanting scalability and
flexibility.

1.4 Describe the Consumption-Based Model

 Pay-as-you-go pricing → you only pay for the resources you use.
 No upfront hardware or maintenance costs.
 Example: An e-commerce store pays more during holiday traffic and less during regular months.
Compare Cloud Pricing Models
 CapEx (Capital Expenditure): (on premises servers = private cloud)

o Traditional model: buy hardware, datacenter, software upfront.

o Fixed assets depreciate overtime.
o Requires capacity planning years in advance. (Lower flexibility)
o Example: Buying physical servers for your office.

 OpEx (Operational Expenditure): (Renting=public cloud)

o Cloud model: ongoing operational costs, flexible, scalable.

o Pay-as-you-go, billed monthly/annually.
o Example: Running a VM in Azure billed per second.

1.5 Describe Serverless

 Serverless means developers don’t manage servers — infrastructure is abstracted away.
 Automatically scales based on demand.
 You only pay when the code runs (per execution).
 Best for event-driven workloads.
 Examples: Azure Functions, Azure Logic Apps.

2. Describe Azure Architecture and Services (35–40%)

2.1 Core Architectural Components of Azure
o Physical architecture
o Regions
 o A region is a set of Azure datacenters deployed within a defined geographical area.
o Each region provides high availability and disaster recovery options.
o Example: East US, West Europe.
o Importance:
 Proximity → reduce latency for users.
 Compliance → some data must remain in specific countries.
o Region Pairs
 Every region is paired with another region in the same geography (except Brazil).
 Benefits:
o Disaster recovery → replication within the pair.
o Updates are rolled out to only one region in the pair at a time, minimizing
downtime.
o Example: East US ↔ West US.
o Availability Zones (AZs)
o Physically separate datacenters within a region (independent power, cooling,
networking).
o Provide resilience against datacenter failures.
o Services may be:
o Zonal → deployed into a specific AZ(Availability zone ).
o Zone-redundant → automatically spread across AZs.
o Example: Deploying VMs across 3 AZs within East US for HA.
o Sovereign Regions
o Regions operated separately for compliance/regulations.
o Examples:
 US Gov Cloud (for U.S. government workloads).
 China 21Vianet (operated by a Chinese partner).
o Azure Datacenters
o Physical facilities containing servers, networking, cooling, power redundancy.
o Basis of Azure’s global infrastructure.

o
Resource
Hierarchy
 o Resources: Basic building blocks (VMs, storage, etc.).
o Resource Groups (RGs): Logical containers for related resources (same lifecycle).
o Subscriptions: Billing boundary + access control for RGs.
o Management Groups: Higher-level container to apply policies, RBAC, and governance across
multiple subscriptions.
o Hierarchy: Management Group → Subscription → Resource Group → Resources.

2.2 Azure Compute and Networking Services

1. Compute services
o Virtual Machines:
 IaaS → Full control over OS, software, and configurations.
 Scaling Options:
o Scale Sets → Group of identical VMs; supports autoscaling
o Availability Sets → Distribute VMs across fault domains (racks) and update domains
(patching).
 Used for testing, development, running apps, extending data centers, and disaster recovery.
o Virtual Desktops:
o Cloud-hosted Windows 10/11 desktops, accessible anywhere.
o Integrated with Entra ID, supports MFA & RBAC.
 o Multi-session, data separated from local hardware.
o Containers :
o Lightweight, no full OS, ideal for microservices.
o Options in Azure:
 Azure Container Instances (ACI): Simple, fast deploy. (PaaS)
 Azure Container Apps: Scaling + load balancing. (PaaS)
 Azure Kubernetes Service (AKS): Orchestration for large deployments.
o Popular engine: Docker.

o Functions:
o serverless
o Event-driven code; auto-scales; pay-per-execution
o Stateless by default (can use Durable Functions for stateful).
o Application Hosting (PaaS):
o host Web, Mobile, API, or Logic apps.
o Integrates with GitHub/Azure DevOps for CI/CD.
o Supports Windows & Linux.
2. Networking services:
o Virtual Networking:
o Azure Virtual Network (VNet) → Private network for Azure resources.
o It can be divided into subnets for organization/security.
o VNet Peering → Connect VNets privately across regions.
o Azure DNS → Domain management + resolution inside Azure. Supports both public and
private DNS zones.
o VPN Gateway → Secure connection between on-premises and Azure.
o Site-to-Site VPN → Data center ↔ Azure.
o Point-to-Site VPN → Individual client device ↔ Azure.
o ExpressRoute → Private, dedicated connection (not over the public internet). More
secure, reliable, low latency than VPN.
o Endpoints:
 o Public Endpoints: Internet-facing.
o Private Endpoints: Secure, private access via VNet.
o Network Security:
o NSG (Network Security Group): Allow/deny rules based on IP, port, protocol.
o NVA (Network Virtual Appliance): Firewall/security appliance deployed as VM.

2.3 Azure Storage Services

 Storage Account
o Logical container for all storage services.
o Types: General Purpose v2 (most common), Premium (SSD-backed).
 Storage Types
o Blob Storage → Unstructured data (images, video, logs).
o File Storage → Managed file shares accessible via SMB.
o Queue Storage → storing and managing Messages between components.
o Table Storage → NoSQL storage key-value data.
o Disks → Block level storage for VMs.

 Storage Tiers
o Hot → Frequently accessed data.
o Cool → Infrequently accessed (≥30 days).
o Cold → rarely accessed data with 90+ day retention.
o Archive → Rarely accessed (≥180 days); cheapest.
 Redundancy Options
o LRS (Locally Redundant): 3 copies in one datacenter.
o ZRS (Zone-Redundant): 3 Copies across multiple zones in one region.
o GRS (Geo-Redundant): 3 local copies and replicates 3 more to another region .
o RA-GRS (read access geo redundant storage): adds read access to the secondary region
o GZRS (geo zone redundant storage): ZRS locally + replication to paired region for high
resilience.
 o RA-GZRS (read access geo zone redundant storage): adds read access to the secondary
region
 Data Transfer Tools
o AzCopy → Command-line tool for data migration.
o Storage Explorer → GUI tool to manage storage.
o Azure File Sync → Sync on-prem file servers with Azure.
 Migration Options
o Azure Migrate → Assess and move workloads to Azure.
o Azure Data Box → Physical device for large data transfers.

2.4 Azure Identity, Access, and Security

 Directory Services
o Microsoft Entra ID (Azure AD) → Cloud identity provider for authentication & authorization.
o Entra Domain Services → Managed domain join, LDAP, Group Policy for lift-and-shift
scenarios.
 Authentication Methods
o Single Sign-On (SSO) → One login for multiple apps.
o MFA → At least two factors (password + phone/token).
o Passwordless → Biometrics, FIDO2 keys, Authenticator app.
  External Identities
o B2B: Allow external organizations to collaborate.
o B2C: Enable customer logins (social accounts, custom apps)
 Conditional Access
o Policy based rules (e.g., require MFA if login is outside corporate network).
 RBAC (Role-Based Access Control)
o Assign permissions based on roles (Owner, Contributor, Reader, Custom Roles).
 Zero Trust Model
o “Never trust, always verify.”
o Continuous verification of users, devices, and activities.
 Defense-in-Depth
o Multiple layers of security approach
o Layers: Physical → Identity → Perimeter → Network → Compute → Apps → Data.
 Microsoft Defender for Cloud
o Unified security management & threat protection.
o Helps with compliance, alerts, and hardening recommendations.

3. Describe Azure Management and Governance (30–35%)

3.1 Cost Management in Azure
o Factors Affecting Costs
o Resource type → VM size, storage tier, etc.
o Usage time → Pay per second/minute for compute.
o Location → Prices vary by region.
o Traffic → Data egress (outbound internet traffic) adds cost.
o Licensing → Bring-your-own-license (BYOL) vs. Azure-provided.
o Pricing Tools
o Pricing Calculator → Estimate cost of planned workloads before deployment. (short term
and individual planning)
o TCO (Total Cost of Ownership) Calculator → Compare on-premises infrastructure cost vs.
Azure cloud cost. ()
o Cost Management Features
o Budgets → Define spending thresholds; get alerts when exceeded.
o Cost Analysis → Breakdown of costs by subscription, RG, or resource.
o Cost Alerts → Azure Advisor suggests cost optimizations (e.g., resize or shut down idle
VMs).
o Tags for Cost Tracking
o Apply key value pairs(metadata)(e.g., Environment: Dev, Owner: Finance) that help you
organize azure resources.
o Useful for allocating costs to departments/projects.
3.2 Governance and Compliance in Azure
o Microsoft Purview
o Unified data governance and compliance solution.
o Helps discover, classify, and manage sensitive data across Azure, M365, on-prem, and multi-
cloud.
o Azure Policy
o Enforces rules (guardrails) on resources.
o Examples:
o Restrict VM sizes allowed.
o Enforce HTTPS on storage accounts.
o Require specific tags.
o Modes: Deny, Audit, DeployIfNotExists, Append.
o Resource Locks
o Prevent accidental deletion/changes.
o Types:
o Delete → Cannot delete resource.
o Read-only → Cannot modify or delete.

3.3 Managing and Deploying Azure Resources

o Azure Portal
o Web-based GUI for managing resources.
o Intuitive but not ideal for automation.
o Azure Cloud Shell
o Browser-based CLI/PowerShell environment inside the portal.
o Provides immediate access without local installation.
o Azure CLI & PowerShell
o Command-line tools for scripting and automation.
o Cross-platform, useful for DevOps and automation.
o Azure Arc
o Extends Azure management to on-premises, multi-cloud, and edge.
o Enables unified governance and services beyond Azure datacenters.
o Infrastructure as Code (IaC)
o Automating infrastructure deployment using declarative templates.
o ARM Templates (JSON) → Define desired end state of resources.
o Bicep → Simplified, human-friendly language that transpiles into ARM JSON.
o Terraform → Third-party, multi-cloud IaC tool.
o Azure Resource Manager (ARM)
o Management layer for Azure resources.
o Ensures consistency, role-based access, and dependency management.
3.4 Monitoring Tools in Azure
o Azure Advisor
o Personalized recommendations for cost, security, performance, and reliability.
o Azure Service Health
o Provides information about service issues and planned maintenance.
o Alerts when Azure outages impact your resources.
o Azure Monitor
o Comprehensive monitoring platform.
o Key Components:
o Log Analytics → Collect and query log data.
o Metrics → Performance counters (CPU, memory, disk).
o Alerts → Trigger notifications/actions on conditions.
o Application Insights → Monitor live apps for performance and errors.