[Recap] Day 1: Azure Administration & Governance and Compliance [Azure Administrator] [AZ-104]

This blog post covers a brief overview of the topics covered and some common questions asked on Day 1 Live Interactive training on Azure Administrator Certification [AZ-104].

This post will help you to learn Administration and  Azure Virtual Networking and prepare you for the certification and get a better-paid job in the field of Azure administrator.

On our Day 1 Live Session, we have covered Cloud Concepts, Cloud Service Models, Azure Overview, Azure Region, Azure Governance and Compliance, Subscriptions and Accounts Overview, Azure Resource Manager, Azure Policy, Azure RBAC, Resource Tags, Azure Resource Lock, and also performed hands-on, where we have created Resource Groups and configured Virtual Networks, Virtual Machines, Azure Policy and many more.

1. Azure Administration

An Azure Administrator is responsible for implementing, monitoring, and maintaining Microsoft Azure solutions, including major services related to Compute (Virtual machine, Containers), Storage (Blob Storage, Azure Files), Networking (Load Balancer, DNS, etc.), Database (Azure SQL, MySQL, Cosmos DB, etc) and Security (Key Vault, Azure Security Centre, etc.).

Cloud Services Model

Cloud computing offers different services based on three delivery models. They follow the order of SaaS (Software as a Service), PaaS (Platform as a Service), and IaaS (Infrastructure as a service).

There are three main types of cloud computing services, sometimes called the cloud computing stack because they build on top of one another.

Check more on Cloud Services Models.

Also, Read Our blog post on Azure Front Door. Click here

Virtual Machines

A Virtual Machine (VM) is a computing service that performs most functions of a physical computer, actually behaving like a separate computer system.

A virtual machine is usually known as a guest, is created within another computing environment (i.e., Azure Datacenters) referred to as a “host.”

FAQs asked in the session are:

Q1. Virtual Machine is PaaS or IaaS service model?

Ans. Virtual Machines is an IaaS (Infrastructure as a service) because on a VM you can manage what operation system runs and what software is installed. You are just renting a virtual machine then picking up the OS to run, application frameworks, and storage. So you own more responsibilities compared to PaaS, whereas in PaaS (Platform as a Service) underlying infrastructure is hidden, so you don’t manage the OS, patching, updates, and even scaling and elasticity. That becomes the responsibility of the provider, you just subscribe and use.

On a PaaS, you only manage the software or application that runs in the cloud. (Like Web app services)

Also, Check Our blog post on Azure Administrator Learning Path. Click here

Cloud Deployment Models

The cloud deployments models represent a specific type of cloud environment, primarily distinguished by ownership, size, and access, and also describes the nature and purpose of the cloud. Cloud deployment models are categorized as public clouds, private clouds, and hybrid clouds.

Public Cloud

The public cloud is open to all to store and access information via the Internet using the pay-per-usage method. In the public cloud, computing resources are managed and operated by the Cloud Service Provider (CSP).

Several Public Cloud Providers are Microsoft Azure, Amazon elastic compute cloud (EC2), IBM SmartCloud Enterprise, Google App Engine.

Private Cloud

A private cloud is well known as an internal cloud or corporate cloud. It is offered to selected users over the internet or a private internal network It provides greater security controls. It can be deployed using Opensource tools such as Openstack and Eucalyptus.

Based on the location and management, the National Institute of Standards and Technology (NIST) divide private cloud into the following two parts-

• On-premise private cloud
• Outsourced private cloud

Hybrid Cloud

Hybrid Cloud is an example of both public and private cloud. It shares securities responsibilities. It helps to maintain the strongest controls over sensitive data and processes.

Example- Azure stack hub is an extension of Azure that provides a way to run apps in an on-premise environment and deliver services on your data center.

Q.2 What are the benefits of a hybrid cloud?

Ans. Hybrid cloud provides flexible resources because of the public cloud and security because critical activities are performed by the private cloud. It costs less than the private cloud and also helps organizations to save costs for infrastructure and application support, and provides an excellent way for companies to manage the risk.

Regions in Azure

An Azure region is a set of data centers deployed within a defined perimeter and interconnected through a dedicated regional low-latency network that is located around the globe. Azure region assigns and controls the resources within each region to ensure workloads are balanced in an appropriate manner. This gives you the flexibility to bring applications closer to your users no matter which region they belong to.

Q3. Does every azure region have multiple data centers? 

Ans. Yes, we can have multiple data centers in a region, there are up to 3 Availability Zones that are unique physical locations within an Azure region. Each zone is made up of one or more data centers equipped with independent power, cooling, and networking. To ensure resiliency, there’s a minimum of three separate zones in all enabled regions. 

Q4. High Availability (second VM) can be created in other regions?

Ans. Yes, we can ensure the high availability of a VM in another region by deploying the second VM behind a “Traffic Manager”.

A multi-region architecture can provide higher availability than deploying to a single region. If a regional outage affects the primary region, you can use Traffic Manager to failover to the secondary region. This architecture can also help if an individual subsystem of the application fails.

Do check out our blog to know more about High Availability options in Azure.

>Governance and Compliance

The first step is the migration strategy, which lays down how you plan to migrate your applications to the Cloud. Logically, the next step is to determine how to integrate the new environment into your organization. That’s where Cloud Governance comes in.

Compliance strategy helps customers address business objectives and industry standards & regulations, including ongoing evaluation and adoption of emerging standards and practices.

The Microsoft compliance framework for online services maps controls to multiple regulatory standards, which helps drive the design and building of services that meet today’s high level of security and privacy needs.

>Subscriptions and Accounts Overview

Azure Subscriptions are a logical unit of Azure services that are linked to an Azure account. In order to take advantage of Azure’s cloud-based services, you must have a subscription as it serves as a single billing unit for Azure resources used in that account.

➝Read more about Subscription

>Azure Account

An Azure account is a globally unique entity that gets you to access to Azure and your Azure subscriptions. You can create multiple subscriptions in your Azure account to create separation. For example – for billing and management purposes.

To use the azure, we would be creating the azure account. An account in azure is tied to

• Name, email & contact details
• Billing information

>Azure Subscription

An Azure subscription is a logical container used to provision resources in Microsoft Azure. It holds the details of all your resources like virtual machines, databases, etc.

For each account, you can have multiple subscriptions. Azure supports the following subscriptions

• Free
• Pay-As-You-Go
• Enterprise Agreement Support

One can also create multiple subscriptions in Azure!

Q5. Can we delete a free subscription?

Ans. If you have a free trial subscription, you don’t have to wait 30 days for the subscription to automatically delete. You can delete your subscription three days after you cancel it. The Delete subscription option will not be available after three days you cancel your subscription.

>Azure Resource Manager

Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

➝Read more about Azure Resource Manager

Q6: What is the difference between ASM and ARM templates?

1. ASM is an old portal that provides Cloud service for IaaS Workload and a few specific PaaS Workload and ARM is a new portal that provides service for all Workload of IaaS and PaaS
2. Removal or Deletion is not easy as Azure Resource Manager in ASM and Removal of resource is easier by deleting their source group (RSG) which will help to delete all the resources present in the RSG

Q7. Why should you ARM templates?

Ans. Templates help you implement an infrastructure-as-code solution for Azure. Your organization can repeatedly and reliably deploy the required infrastructure to different environments.

>Resource Groups

A resource group is a logical container that holds related resources for an Azure solution. It helps in managing all the resources in a group. It helps us to allocate resources to a resource group and generally, add resources that share the same lifecycle to the same resources group so you can easily deploy, update, and delete them as a group.

➝Read more about Resource Groups.

Q8. Who has the right to delete the resource groups or virtual machines, the owner or the administrators?

Ans. An administrator has login access to the platform and as an administrator can add and delete resource groups and virtual machines. An administrator can only delete A particular resource group and virtual machine based on their user role. And the owner cannot delete the resource group and virtual machines due to the particular role assigned to the various administrators and the administrators can only handle their role.

Q9. What is the best practice to Audit or Govern the Root Permission?

Ans. The best practice for Governance is that there should be a minimum of 2 Owners and the rest can be given according to their job roles in the organization. For Audit, you can enable RBAC Policy. Also, this topic will be covered in Module 10 Manage identities and governance of this training.

>Azure Policy

Policies are sets of rules that specify what can and cannot be created in either a single resource group or a full subscription. These can be used to ensure users are able to create and work with approved resources without creating over-provisioned machines racking up major costs on your Azure bill.

Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements.

➝Read more about Azure Policy

Q10. What is the main function of policies in Azure?

Ans. Azure Policy helps you manage and prevent IT issues with policy definitions that enforce rules and effects for your resources.

Q11. What are azure policy effects?

Ans. Append, Audit, AuditIfNotExists, Deny, DeployIfNotExists, Disabled, Modify are Azure policy effects.

Q12: Is Azure policy free?

Answer: Azure Policy is a free service, therefore, it does not have a financially backed SLA.

>Azure RBAC (Role-Based Access Control)

Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise. RBAC lets employees have access rights only to the information they need to do their jobs and prevents them from accessing information that doesn’t pertain to them.

➝Read more about Azure RBAC

Q13. What is the definition of the role in Azure?

Ans. A role definition is a collection of permissions that can be performed, such as read, write, and delete. It’s typically just called a role. Azure role-based access control (Azure RBAC) has over 120 built-in roles or you can create your own custom roles.

>Resource Tags

Azure Resource tags logically organize resources. Tags are a crucial part of organizing your Azure resources into a taxonomy.

Azure tags are name-value pairs that are used to organize resources in Azure Portal. You can apply tags for individual resources or tag the resource group that they are part of.

Features of Tags

Implementing a proper tagging strategy can help organizations gain much better control over and visibility of the resources that are hosted in their Azure subscriptions.

For example, you can apply the name “Environment” and the value “Production” to all the resources in production.

After you apply tags, you can retrieve all the resources in your subscription with that tag name and value. Tags enable you to retrieve related resources from different resource groups. This approach is helpful when you need to organize resources for billing or management.

➝Read more about Resource Tags

>Azure Resource Lock

The Resource Lock in Azure is a Super powerful Resource Manager that provides Azure Admins a way to lock down required Azure Resources and prevent them from accidental deletions and modifying of the resources.

➝Read more about Azure Resource Lock

Q14. How many locks can an Azure resource have?

Ans. Azure has basically two kinds of locks known as read-only and deletes locks. A read-only lock is something similar to assigning a reader role for your users. The authorized users will not be able to modify the resource, but they can only read from the resource.

Q15. What is the use of tags in Azure?

Ans. You apply tags to your Azure resources, resource groups, and subscriptions to logically organize them into a taxonomy. Each tag consists of a name and a value pair.

For example, you can apply the name Environment and the value Production to all the resources in production.

Quiz Time (Sample Exam Questions)

With our Microsoft Azure Administrator training program, we cover 150+ sample exam questions to help you prepare for the certification AZ-104.

Check out one of the questions and see if you can solve this.

Ques: I have some private servers on my premises, also I have distributed some of my workloads on the public cloud, what is this architecture called?

A. Virtual Private Network

B. Private Cloud

C. Virtual Private Cloud

D. Hybrid Cloud

Comment your answer in the comment box.

Related/References

• [AZ-104] Microsoft Azure Administrator Exam: Everything You Need To Know
• Activity Guides/Hands-on Lab Exercise
• Cloud Services Model
• Cloud Computing – Overview & Benefits
• Azure Region and Availablity Zone
• How to create a free tier account on Azure

Next Task For You

Begin your journey toward Mastering Azure Cloud and landing high-paying jobs. Just click on the register now button on the below image to register for a Free Class on Mastering Azure Cloud: How to Build In-Demand Skills and Land High-Paying Jobs. This class will help you understand better, so you can choose the right career path and get a higher paying job.