An expert guide for IT administrators needing to create and manage a public cloud and virtual network using Microsoft Azure
With Microsoft Azure challenging Amazon Web Services (AWS) for market share, there has been no better time for IT professionals to broaden and expand their knowledge of Microsoft’s flagship virtualization and cloud computing service. Microsoft Azure Infrastructure Services for Architects: Designing Cloud Solutions helps readers develop the skills required to understand the capabilities of Microsoft Azure for Infrastructure Services and implement a public cloud to achieve full virtualization of data, both on and off premise. Microsoft Azure provides granular control in choosing core infrastructure components, enabling IT administrators to deploy new Windows Server and Linux virtual machines, adjust usage as requirements change, and scale to meet the infrastructure needs of their entire organization.
This accurate, authoritative book covers topics including IaaS cost and options, customizing VM storage, enabling external connectivity to Azure virtual machines, extending Azure Active Directory, replicating and backing up to Azure, disaster recovery, and much more. New users and experienced professionals alike will:
- Get expert guidance on understanding, evaluating, deploying, and maintaining Microsoft Azure environments from Microsoft MVP and technical specialist John Savill
- Develop the skills to set up cloud-based virtual machines, deploy web servers, configure hosted data stores, and use other key Azure technologies
- Understand how to design and implement serverless and hybrid solutions
- Learn to use enterprise security guidelines for Azure deployment
Offering the most up to date information and practical advice, Microsoft Azure Infrastructure Services for Architects: Designing Cloud Solutions is an essential resource for IT administrators, consultants and engineers responsible for learning, designing, implementing, managing, and maintaining Microsoft virtualization and cloud technologies.
Table of Contents
Introduction xix
Chapter 1 The Cloud and Microsoft Azure Fundamentals 1
The Evolution of the Datacenter 1
Introducing the Cloud 2
The Private Cloud and Virtualization 4
Types of Service in the Cloud 10
Microsoft Azure 101 13
Microsoft Datacenters and Regions 14
Microsoft Network 24
Azure Resource Providers 26
Getting Access to Microsoft Azure 30
Free Azure Trials and Pay-as-You-Go 31
Azure Benefits from Visual Studio Subscriptions 31
Enterprise Enrollments for Azure 33
Reserved Instances and Azure Hybrid Benefit 37
Reserved Instances 37
Azure Hybrid Benefit 39
Increasing Azure Limits 40
The Azure Portal 41
Portal Basics 42
Azure Portal Dashboards 45
Chapter 2 Governance 47
What is Governance? 47
Understanding Governance Requirements in Your Organization 49
Azure Subscriptions and Management Groups 52
Subscriptions 52
Management Groups 55
Resource Groups 62
Role-Based Access Control 63
Naming Conventions 69
Using Tags 70
Azure Policy 75
Azure Templates 80
Azure Blueprints 83
Azure Resource Graph 86
Cost Management 88
Visibility 89
Accountability 91
Optimization 93
Chapter 3 Identity 95
The Importance of Identity 95
A Brief Refresher on Active Directory 97
Using Cloud Services, Federation and Cloud Authentication 98
Federation 98
Cloud Authentication and Authorization 101
Azure Active Directory Fundamentals 103
Azure AD SKUs 106
Populating Azure AD 108
Azure AD B2B 122
Azure AD Authentication Options 128
Azure AD Groups 137
Azure AD Entitlements and Application Publishing 138
Chapter 4 Identity Security and Extended Identity Services 145
Azure AD Security 145
Multi-Factor Authentication 145
Password Policies 149
Azure AD Conditional Access 150
Azure AD Identity Protection 153
Azure AD Log Inspection 154
Azure AD Privileged Identity Management 156
Azure Advanced Threat Protection 158
Azure AD Application Proxy 158
Azure AD B2C 160
Active Directory in the Cloud 162
Active Directory Site Configuration 163
Placing a Domain Controller in Azure 164
Azure AD Domain Services 167
Chapter 5 Networking 171
Connectivity 171
Virtual Networks 171
Adding a VM to a Virtual Network 174
NIC IP Configurations 174
Reserved IPs for VM 176
Accelerated Networking 177
Azure DNS Services and Configuration Options 177
Connecting Virtual Networks 178
Connectivity to Azure 181
Azure Virtual WANs and ExpressRoute Global Reach 193
PaaS VNet Integration 194
Protection 196
Network Security Groups and Application Security Groups 196
Firewall Virtual Appliances 199
Distributed Denial-of-Service Protection 202
Delivery 202
Intra-Region Load Balancing 203
Inter-Region Load Balancing 206
Monitoring 210
Chapter 6 Storage 213
Azure Storage Services 213
Azure Storage Architecture 213
Using Storage Accounts and Types of Replication 215
Storage Account Keys 219
Azure Storage Services 221
Storage with Azure VMs 235
VM Storage Basics 235
Temporary Storage 236
Managed Disks 237
Bulk Data Options 242
Azure Import/Export and Azure Data Box Disk 242
Azure Data Box 242
Azure Data Box Gateway and Data Box Edge 242
Azure Database Offerings 243
Azure SQL Database 243
Azure Cosmos DB 246
Chapter 7 Azure Compute 249
Virtual Machines 249
Fundamentals of IaaS 249
Types of Virtual Machines 252
Azure VM Agent and Extensions 258
Boot Diagnostics 260
Ephemeral OS Disks 261
Proximity Placement Groups 262
Virtual Machine Scale Sets 263
Low-Priority VMs 264
Azure Dedicated Host 264
Windows Virtual Desktop 265
VMware in Azure? 265
Platform as a Service Offerings 266
Containers 266
Azure Application Services 275
Azure Serverless Compute Services 278
Chapter 8 Azure Stack 281
Azure Stack Foundation 281
Azure Stack 101 281
Services Available on Azure Stack 284
How to Buy Azure Stack 285
When to Use Azure Stack 287
Managing Azure Stack 288
How to Interact with Azure Stack 288
Marketplace Syndication 290
Plans, Offers, and Subscriptions 292
Updating Azure Stack 294
Privileged Endpoint and Support Session Tokens 295
Understanding Azure Stack HCI 296
Chapter 9 Backup, High Availability, Disaster Recovery, and Migration 297
Availability 101 297
Distinguishing High Availability vs. Disaster Recovery vs. Backup 297
Understanding Application Structure and Requirements 299
Architecting for Multi-Region Application Deployments 301
Backups in Azure 305
Thinking About Backups 305
Using Azure Backup 307
High Availability in Azure 311
Disaster Recovery in Azure 312
On-Premises Disaster Recovery 313
On Premises to Azure Disaster Recovery 314
Azure to Azure 317
Migrating Workloads to Azure 318
Migration Benefits 319
Migration Approaches 320
Migration Phases 320
Chapter 10 Monitoring and Security 325
Azure Monitoring 325
Why Monitor? 325
Types of Telemetry in Azure 326
Azure Monitor Fundamentals 329
Azure Monitor Logs Fundamentals 334
Alerting 341
Security in Azure 350
Advanced Threat Protection (ATP) 350
Azure Security Center (ASC) 353
Azure Sentinel 355
Keeping Secrets with Azure Key Vault and Managed Identities 357
Chapter 11 Managing Azure 359
Command Line, Scripting, and Automation with Azure 359
Using PowerShell with Azure 360
Using the CLI with Azure 370
Leveraging Azure Cloud Shell 371
Automating with Azure Automation and Azure Functions 376
Deploying Resources with ARM JSON Templates 383
Everything is JSON 383
Anatomy of an ARM JSON Template 386
Template Tips 389
Additional Useful Technologies for Azure Management 393
Azure Bastion Host 393
Windows Admin Center 395
Chapter 12 What to Do Next 399
Understanding and Addressing Azure Barriers 399
Building Trust 400
Understanding Risks for Azure 400
Why You Should Use Azure and Getting Started 408
Understanding Azure’s Place in the Market 408
First Steps with Azure IaaS 411
Index 415