AZ900 - Azure Fundamentals - 10000ft View
Introduction
For AZ900 there are a number of terms and definitions that you need to know to successfully understand the content and resources discussed with the course.
The Cloud Service Models are fundamental to understanding how various resources are can be used and where they fit into Cloud Services. There are three models:
Infrastructure as a Service (IaaS) - On demand infrastructure, you deploy storage, networking or compute resources to fulfil your requirements.
Platform as a Service (PaaS) - Development platforms and Managed Services, e.g. Azure SQL. Where underlying infrastructure is managed on your behalf by Azure.
Software as a Service (SaaS) - Full applications which you usually commission for use on a per user basis.
The above-mentioned Cloud Service Models should not be confused with Cloud Deployment Models. There are also three models here:
Private Cloud - Your own datacenter deployment automation that allows for services and beahviour supplied in the Cloud Service Models.
Public Cloud - Providers like Azure, AWS or GCP, providing IaaS, PaaS and SaaS services on your behalf.
Hybrid Cloud - A combination of on-premises datacenters, with extension into the public cloud to provide additional capacity and capabilities.
There are various characteristics that all public cloud providers share, which should also be present in a private cloud for it’s success and usability.
Self-Service – users can provision what they need via a Portal without the need to raise a ticket with an IT team.
Automation – provides automated resource deployment without the need to involve speciality teams
Resource Pooling – Public Cloud providers use economies of scale to group a large number of resources within their datacenters
Elasticity – the ability to scale services on demand.
Measured and Metered – supplies cost reports to show exactly what you are consuming
Shared Responsibility Model
This is where you have your own datacenter where you manage your own networking, storage and computing resources, you manage everything including the virtualization layer (eg VMware / Hyper-V), Operating System (eg Windows, Linux), your own applications and user access. You also control the physical access and security of the datacenter. You are responsible for all aspects of the infrastructure. As we look at other service models the responsibility begins to be shared by your cloud service provider.
Looking at Infrastructure as a Service resources, we start to ceed responsibility for maintaining the systems away from internal teams and the cloud service provider. IaaS services still have a large amount of configurability and you are still responsible for patching and maintaining the operating system, application configuration and user access but the physical hardware and security is now controlled by Azure. You are now effectively renting the hardware from Microsoft and creating Virtual Machines on top of this hardware, but you are no longer managing and configuring physical network switches or storage arrays.
The base example of IaaS services as already mentioned are virtual machines these are hosted on Microsoft hardware but you manage the configuration of the machine. Core Networking services and Storage Accounts also fall under the IaaS label. You still do not managed the physical hardware but use software defined networking to configure the networking required for your resources, and storage accounts can be set in a number of ways to store your data.
With Platform as a Service, the focus is on development frameworks and managed services, where the focus is solely on your own applications and data. The responsibility for the operating system, hardware and all associated management and maintenance is now under the control of the cloud vendor. Examples of PaaS service could be Azure WebApps where you can host a Web Application, specify the lanauage used by the application and if it was designed for Windows or Linux. Azure then take over the hosting of this service for you, there are also managed services like Azure SQL or CosmosDB where you are provided a database server to host your databases, but Azure take responsibility for the hosting and patching of the service and hardware, your focus can be with ensure the databases run correctly and have the appropriate structure and indexes applied.
Software as a Service are services like Microsoft 365 or Salesforce. These services are primarily consumed by you and your users. There is little or no configuration you do with the application. All hosting considerations and responsibilities lay with the service provider. You still provide the data and configure user accounts for access. These services generally run using a subscription model where you pay per user per month for access allowing for flexibility in scaling.
Microsoft 365 is an example of a SaaS service, where you are provided Exchange, Office, OneDrive and SharePoint all without having to manage a single server. You still need to create the user accounts and give them access but all the applications and hosting are run by Microsoft. Azure does have some third party solutions within the Marketplace that can be deployed to use within your Azure subscription, one of these services is SendGrid a bulk email messaging service, again you create an account and send the emails to be mailed out but the application hosting is completely out of your hands.
Source : https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
Regions and Region Pairs
Due to the global nature of Azure and the requirement to have resources around with world Azure has a datacenters deployed into a number of locations. In Azure terminology these are Azure Regions a Region is a location where 1 or more datacentres resides. An Azure region could have multiple distinct locations within the region this is the concept of Availabiliity Zones, each location has it’s own power, cooling and internet connections, so if one site is disrupted the others continue to work.
Regions are traditionally grouped into pairs within the same geographic region. For example South East Australia and East Australia or North Europe and West Europe. These pairs are used for disaster recovery and failovers, a range of services offer replication between the region pairs so if the whole of West Europe goes offline your data is safely replicated to North Europe and still accessible from Dublin rather than Amsterdam. The map below shows all the current regions
Source : https://datacenters.microsoft.com/globe/explore
Further Information
Video