【AZ-300】Azure Architect Technologies - 試験対策

Azure Site Recovery

Azure VM requirements

Component	Requirements
Guest operating system	Site Recovery supports all operating systems that are supported by Azure.
Guest operating system architecture	32-bit (Windows Server 2008)/64-bit
Operating system disk size	Up to 2,048 GB for generation 1 VMs. Up to 300 GB for generation 2 VMs.
Operating system disk count	1
Data disk count	16 or less
Data disk VHD size	Up to 4,095 GB
Network adapters	Multiple adapters are supported
Shared VHD	Not supported
FC disk	Not supported
Hard disk format	VHD VHDX
BitLocker	Not supported
VM name	Between 1 and 63 characters. Restricted to letters, numbers, and hyphens. The VM name must start and end with a letter or number.
VM type	Generation 1 Generation 2--Windows

Virtual Machines

Q: Secure authorization technique to access CosmosDB
Hash-based message authentication code

Q: Virtual machine scale sets
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-deploy-app#install-an-app-to-a-linux-vm-with-cloud-init

Q: Synchronize files from on-premise server to Azure.
1) Install the Azure File Sync agent
2) Register Windows Server with Storage Sync Service
3) Create a sync group and a cloud endpoint
4) Create a server endpoint

Virtual Networks

• Highly Available Cross-Premises and VNet-to-VNet Connectivity

Create a DNS private Zone

$subnet=New-AzVirtualNetworkSubnetConfig -Name xxSubnet -AddressPrefix 10.2.0.0/24

$vnet=New-AzVirtualNetwork -ResourceGroupName xx-rg -Location eastus -Name xx-net1 -AddressPrefix 10.2.0.0/16 -Subnet $subnet

New-AZDnsZone -Name private.contoso.com -ResourceGroupName xx-rg -ZoneType Private -RegistrationVirtualNetworkId @($vnet.Id)

Query an on-premise SQL database server from Logic Apps

• Installed the on-premises data gateway on a local computer
• From Azure portal, create an On-premises data gateways
• From the Logic App Designer, add a connector
• https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-gateway-connection

Virtual network peering

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview

Site-to-Site connection

• Create the gateway subnet (Azure)
• Create the VPN gateway (Azure)
• Create the local network gateway
• Configure your VPN device
• Create the VPN connection
• Verify the VPN connection

VPN gateways

A VPN gateway is a specific type of VNet gateway that is used to send traffic between an Azure virtual network and an on-premises location over the public internet. You can also use a VPN gateway to send traffic between VNets. Each VNet can have only one VPN gateway.

• Azure VNet <-> on-premises
• Azure VNet <-> Azure VNet (Different Subscription)

Border gateway protocol

An on-premises network gateway can exchange routes with an Azure virtual network gateway using the border gateway protocol (BGP). BGP with site-to-site VPN connections

Support multiple tunnels between a VNet and an on-premises site with automatic failover based on BGP

ExpressRoute circuits and peering

• https://docs.microsoft.com/en-us/azure/expressroute/expressroute-circuit-peerings

Application gateways

Prerequisites

• Azure virtual network
• dedicated subnet

Guarantee an SLA of 99.95% for the application

Ensure 2 or more medium instances are attached to the application gateway instance

Storage Account

Limited access with IP Range

Firewalls and virtual networks

Storage account types

• https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
• Blob
  • General-purpose V2
  • General-purpose V1
  • BlockBlobStorage
  • BlobStorage
• Table
  • General-purpose V2
  • General-purpose V1
• Data Lake
  • General-purpose V2
• VM Disk
  • General-purpose V2
  • General-purpose V1

Support Archive

• General-purpose V2
• BlobStorage

ZRS (General-purpose V2 Only)

Ability for data to remain available even is a data center goes down

Encrypt data at reset

• Azure Storage Service Encryption
• https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption

Azure AD

• SSPR self-service password reset

Authentication and verification methods

Method	Primary authentication	Secondary authentication
Password	Yes
Microsoft Authenticator app	Yes (preview)	MFA and SSPR
FIDO2 security keys (preview)	Yes	MFA-only
OATH software tokens	No	MFA
OATH hardware tokens (preview)	Yes	MFA
SMS	Yes (preview)	MFA and SSPR
Voice call	No	MFA and SSPR
Security questions	No	SSPR-only
Email address	No	SSPR-only
App passwords	No	MFA only in certain cases

Add your custom domain name using the Azure AD

• Add your custom domain name to Azure AD
• Add your DNS information to the domain registrar
• Verify your custom domain name
• https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain

Implement Multi-factor authentication for application

• Upgrade to Azure AD Premium
• create a new conditional access policy.

App Service Plan

• Access resources in the virtual network - Standard
• Deployment Slots - Standard
• Testing in Production - Standard
• Auto-scale - Standard
• Traffic Manager - Standard
• Backup/Restore - Standard
• Always On - Basic
• SSL (IP/SNI) - Basic
• App Service Managed Certificates - Basic
• Integrated Load Balancer - Shared
• Custom Domains - Shared
• Session Affinity - Free
• Authentication and Authorization - Free
• https://azure.microsoft.com/en-us/pricing/details/app-service/plans/

Q: Web app automatically scales when CPU load is about 85 percent and minimize costs

• Upgrade to Standard App Service tier
• Enable autoscaling on the web app
• Add a scale rule
• Configure a scale condition

Azure Migration

Migrate AWS VMs to Azure

• Create a Recovery Services vaults
• Install Azure Site Recovery Unified Setup
• Deploy a server as the configuration server
• Enable replication for VM

Azure Site Recovery replication for VMWare

• In Azure Site Recovery Service valut, ensure to select a protection goal
• In the Azure Portal, download OVA file
• Deploy a new VM in your on-premise environment
• From the new VM, register a configuration server
• Create an assessment

SQL databases

Query a database in on-premise network

• From an on-premise computer, install an on-premise data gateway
• From the Azure portal, create an on-premise data gateway
• From the Logic App Designer in the Azure portal, add a connector

Social Security Number Protection Method

Always Encrypted Property

Azure Function

Could be used to host the Processing system

How much does Functions cost?

• Consumption plan
• Premium plan
• App Service plan

Web App

Enable Autoscaling

• Scale the Web app to use the Standard App Service Plan
• Enable Autoscaling for the Web App
• Add a scale rule
• Configure a scale condition

Logic Apps

• Logic App Contributor role
  • Manages Logic App resources
• Logic App Operator role
  • Read, enable and disable logic app

Azure WebJobs

Triggered

• Starts only when triggered manually or on a schedule.
• Runs on a single instance that Azure selects for load balancing.

Continuous

• Starts immediately when the WebJob is created. To keep the job from ending, the program or script typically does its work inside an endless loop. If the job does end, you can restart it.
  
• Runs on all instances that the web app runs on. You can optionally restrict the WebJob to a single instance.
• Supports remote debugging.