Azure Site Recovery
Component | Requirements
|---|---|---|
Guest operating system| Site Recovery supports all operating systems that are supported by Azure.|
Guest operating system architecture| 32-bit (Windows Server 2008)/64-bit |
Operating system disk size|Up to 2,048 GB for generation 1 VMs.
Up to 300 GB for generation 2 VMs. |
Operating system disk count|1|
Data disk count|16 or less|
Data disk VHD size|Up to 4,095 GB|
Network adapters|Multiple adapters are supported|
Shared VHD|Not supported|
FC disk|Not supported|
Hard disk format|VHD
VHDX |
BitLocker|Not supported|
VM name| Between 1 and 63 characters. Restricted to letters, numbers, and hyphens. The VM name must start and end with a letter or number.|
VM type|Generation 1
Generation 2--Windows|
Virtual Machines
Q: Secure authorization technique to access CosmosDB
Hash-based message authentication code
Q: Virtual machine scale sets
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-deploy-app#install-an-app-to-a-linux-vm-with-cloud-init
Q: Synchronize files from on-premise server to Azure.
- Install the Azure File Sync agent
- Register Windows Server with Storage Sync Service
- Create a sync group and a cloud endpoint
- Create a server endpoint
Virtual Networks
Create a DNS private Zone
$subnet=New-AzVirtualNetworkSubnetConfig -Name xxSubnet -AddressPrefix 10.2.0.0/24
$vnet=New-AzVirtualNetwork -ResourceGroupName xx-rg -Location eastus -Name xx-net1 -AddressPrefix 10.2.0.0/16 -Subnet $subnet
New-AZDnsZone -Name private.contoso.com -ResourceGroupName xx-rg -ZoneType Private -RegistrationVirtualNetworkId @($vnet.Id)
Query an on-premise SQL database server from Logic Apps
- Installed the on-premises data gateway on a local computer
- From Azure portal, create an On-premises data gateways
- From the Logic App Designer, add a connector
- https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-gateway-connection
Virtual network peering
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
Site-to-Site connection
- Create the gateway subnet (Azure)
- Create the VPN gateway (Azure)
- Create the local network gateway
- Configure your VPN device
- Create the VPN connection
- Verify the VPN connection
VPN gateways
A VPN gateway is a specific type of VNet gateway that is used to send traffic between an Azure virtual network and an on-premises location over the public internet. You can also use a VPN gateway to send traffic between VNets. Each VNet can have only one VPN gateway.
- Azure VNet <-> on-premises
- Azure VNet <-> Azure VNet (Different Subscription)
Border gateway protocol
An on-premises network gateway can exchange routes with an Azure virtual network gateway using the border gateway protocol (BGP). BGP with site-to-site VPN connections
Support multiple tunnels between a VNet and an on-premises site with automatic failover based on BGP
ExpressRoute circuits and peering
Application gateways
Prerequisites
- Azure virtual network
- dedicated subnet
Guarantee an SLA of 99.95% for the application
Ensure 2 or more medium instances are attached to the application gateway instance
Storage Account
Limited access with IP Range
Firewalls and virtual networks
Storage account types
- https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
- Blob
- General-purpose V2
- General-purpose V1
- BlockBlobStorage
- BlobStorage
- Table
- General-purpose V2
- General-purpose V1
- Data Lake
- General-purpose V2
- VM Disk
- General-purpose V2
- General-purpose V1
Support Archive
- General-purpose V2
- BlobStorage
ZRS (General-purpose V2 Only)
Ability for data to remain available even is a data center goes down
Encrypt data at reset
- Azure Storage Service Encryption
- https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption
Azure AD
- SSPR self-service password reset
Authentication and verification methods
| Method | Primary authentication | Secondary authentication |
|---|---|---|
| Password | Yes | |
| Microsoft Authenticator app | Yes (preview) | MFA and SSPR |
| FIDO2 security keys (preview) | Yes | MFA-only |
| OATH software tokens | No | MFA |
| OATH hardware tokens (preview) | Yes | MFA |
| SMS | Yes (preview) | MFA and SSPR |
| Voice call | No | MFA and SSPR |
| Security questions | No | SSPR-only |
| Email address | No | SSPR-only |
| App passwords | No | MFA only in certain cases |
Add your custom domain name using the Azure AD
- Add your custom domain name to Azure AD
- Add your DNS information to the domain registrar
- Verify your custom domain name
- https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain
Implement Multi-factor authentication for application
- Upgrade to Azure AD Premium
- create a new conditional access policy.
App Service Plan
- Access resources in the virtual network - Standard
- Deployment Slots - Standard
- Testing in Production - Standard
- Auto-scale - Standard
- Traffic Manager - Standard
- Backup/Restore - Standard
- Always On - Basic
- SSL (IP/SNI) - Basic
- App Service Managed Certificates - Basic
- Integrated Load Balancer - Shared
- Custom Domains - Shared
- Session Affinity - Free
- Authentication and Authorization - Free
- https://azure.microsoft.com/en-us/pricing/details/app-service/plans/
Q: Web app automatically scales when CPU load is about 85 percent and minimize costs
- Upgrade to Standard App Service tier
- Enable autoscaling on the web app
- Add a scale rule
- Configure a scale condition
Azure Migration
Migrate AWS VMs to Azure
- Create a Recovery Services vaults
- Install Azure Site Recovery Unified Setup
- Deploy a server as the configuration server
- Enable replication for VM
Azure Site Recovery replication for VMWare
- In Azure Site Recovery Service valut, ensure to select a protection goal
- In the Azure Portal, download OVA file
- Deploy a new VM in your on-premise environment
- From the new VM, register a configuration server
- Create an assessment
SQL databases
Query a database in on-premise network
- From an on-premise computer, install an on-premise data gateway
- From the Azure portal, create an on-premise data gateway
- From the Logic App Designer in the Azure portal, add a connector
Social Security Number Protection Method
Always Encrypted Property
Azure Function
Could be used to host the Processing system
How much does Functions cost?
- Consumption plan
- Premium plan
- App Service plan
Web App
Enable Autoscaling
- Scale the Web app to use the Standard App Service Plan
- Enable Autoscaling for the Web App
- Add a scale rule
- Configure a scale condition
Logic Apps
- Logic App Contributor role
- Manages Logic App resources
- Logic App Operator role
- Read, enable and disable logic app
Azure WebJobs
Triggered
- Starts only when triggered manually or on a schedule.
- Runs on a single instance that Azure selects for load balancing.
Continuous
- Starts immediately when the WebJob is created. To keep the job from ending, the program or script typically does its work inside an endless loop. If the job does end, you can restart it.
- Runs on all instances that the web app runs on. You can optionally restrict the WebJob to a single instance.
- Supports remote debugging.