Microsoft Azure Infographic 2015 2.5

6/1/2017 Module 1: Introduction to Microsoft Azure
Module 1: Introduction to Microsoft Azure
Contents:
Module Overview
Lesson 1: Cloud technology overview
Lesson 2: Overview of Azure
Lesson 3: Managing Azure with the Azure portal
Lesson 4: Managing Azure with Windows PowerShell
Lesson 5: Overview of Azure Resource Manager
Lesson 6: Azure management services
Lab: Managing Microsoft Azure
Module Review and Takeaways
Module Overview
Organizations are increasingly moving IT workloads to the cloud, so IT professionals need to
understand the principles that form the basis of cloud solutions and learn how to deploy and
manage cloud apps, services, and infrastructure. In particular, IT professionals who are
planning to use Microsoft Azure must learn about the services that Azure provides and how to
manage them.
This module introduces cloud solutions in general and then focuses on the services that Azure
offers. The module goes on to describe the portals that you can use to manage Azure
subscriptions and services before introducing Windows PowerShell as a scripting solution for
https://skillpipe.com/esES/Book/BookPrintView/221b0e25dc2b45f8a14fa19b7566e327?ChapterNumber=3 1/70
managing Azure. Finally, the module provides explanations and guidance for the use of Azure
Resource Manager and Azure management services.
Objectives
After completing this module, you will be able to::
• Identify suitable apps for the cloud.
• Identify the services and capabilities that Azure provides.
• Use Azure portals to manage Azure services and subscriptions.
• Use Windows PowerShell to manage Azure services and subscriptions.
• Use Azure Resource Manager to manage Azure resources.
• Use Azure management services to extend the management and monitoring of Azure.
Lesson 1: Cloud technology overview
Cloud computing plays an increasingly important role in IT infrastructure, and IT professionals
need to be aware of fundamental cloud principles and techniques. This lesson introduces the
cloud and describes the considerations for implementing cloudbased infrastructure services.
Lesson Objectives
After completing this lesson, you will be able to:
• Prepare the environment.
• Describe the key principles of cloud computing.
• Identify common types of cloud services.
Demonstration: Preparing the environment
In this demonstration, you will see how to prepare the Azure environment.
Demonstration Steps
1. On the taskbar, rightclick Windows PowerShell, and then click Run as administrator.
In the User Account Control dialog box, click Yes.
2. Type the following command, and then press Enter:
Setup-Azure
3. At the command prompt, type 1, and then press Enter.
4. Confirm your selection, and then press Enter.
Introduction to cloud computing
Cloud computing, or the cloud, has become a leading trend in IT. However, its definition is
ambiguous, and some of the terminology related to it is confusing. Trying to define the cloud
in purely technological terms is difficult—it is best to think of it as being an abstract concept
that encapsulates techniques used to provide computing services from a pool of shared
resources.
Most cloud solutions are built on virtualization technology, which abstracts physical hardware
as a layer of virtualized resources for processing, memory, storage, and networking. Many
cloud solutions add further layers of abstraction to define specific services that you can
provision and use.
Regardless of the specific technologies that organizations use to implement cloud computing
solutions, the National Institute of Standards and Technology has identified that they exhibit
the following five characteristics:
• Ondemand selfservice. Cloud services are generally provisioned as they are required and
need minimal infrastructure configuration by the consumer. As a result, users of cloud
services can quickly set up the resources they want, typically without having to involve IT
specialists.
• Broad network access. Consumers generally access cloud services over a network
connection, usually either a corporate network or the Internet.
• Resource pooling. Cloud services use a pool of hardware resources that consumers share. A
hardware pool consists of hardware from multiple servers that are arranged as a single
logical entity.
• Rapid elasticity. Cloud services scale dynamically to obtain additional resources from the
pool as workloads intensify, and they release resources automatically when no need for
them exists.
• Measured service. Cloud services generally include a metering capability, making it possible
to track relative resource usage by the users of the services, or subscribers.
Advantages of cloud computing
Cloud computing has several advantages over traditional, datacenterbased computing,
including the following:
• A managed datacenter. With cloud computing, your service provider can manage your
datacenter. This obviates the need for you to manage your own IT infrastructure. With
cloud computing, you can also access computing services irrespective of your location and
the hardware that you use to access those services. Although the datacenter remains a key
element in cloud computing, the emphasis is on virtualization technologies that focus on
delivering apps rather than on infrastructure.
• Lower operational costs. Cloud computing provides pooled resources, elasticity, and
virtualization technology. These factors help you to alleviate issues such as low system use,
inconsistent availability, and high operational costs. It is important to remember that with
cloud computing, you pay for only the services that you use; this can mean substantial
savings on operational costs for most organizations.
• Server consolidation. You can consolidate servers across the datacenter by using the cloud
computing model, because it can host multiple virtual machines on a virtualization host.
• Better flexibility and speed. When you use the cloud computing model with products such
as Microsoft System Center 2012 R2, you can increase resources’ flexibility and the speed
of access to resources.
Public, private, and hybrid clouds
Cloud computing uses three main deployment models:
• Public cloud. Public clouds are infrastructure, platform, or application services that a cloud
service provider delivers for access and consumption by multiple organizations. With public
cloud services, the organization that signs up for the service does not have the management
overhead that the private cloud model requires. This also means that the organization has
less control of the infrastructure and services, because the service provider manages this for
the organization. In addition, the public cloud hosts the infrastructure and services for
multiple organizations (multitenant), so you might need to consider the potential data
sovereignty implications of this model.
• Private cloud. Individual organizations privately own and manage private clouds. Private
clouds offer benefits similar to those of public clouds, but are designed and security
enhanced for a single organization’s use. The organization manages and maintains the
infrastructure for the private cloud in its datacenter. One of the key benefits of this
approach is that the organization has complete control over the cloud infrastructure and
services that it provides. However, the organization also has the management overhead and
costs that are associated with this model.
• Hybrid cloud. In a hybrid cloud, a technology binds two separate clouds (public and
private) together for the specific purpose of obtaining resources from both. You decide
which elements of your services and infrastructure to host privately and which to host in the
public cloud.
Many organizations use a hybrid model when extending to the cloud; that is, they begin to
shift some elements of their apps and infrastructure to the cloud. Sometimes, an organization
shifts an app and its supporting infrastructure to the cloud while maintaining the underlying
database within its own infrastructure. This approach might be useful to address security
concerns with that particular database.
Types of cloud services
Cloud services generally fall into one of the following three categories:
• Software as a Service (SaaS)
• Platform as a Service (PaaS)
• Infrastructure as a Service (IaaS)
SaaS
SaaS offerings consist of fully formed software apps that are delivered as cloudbased
services. Users can subscribe to the service and use the app, normally through a web browser
or by installing a clientside app. Examples of Microsoft SaaS services include Microsoft
Office 365, Skype, and Microsoft Dynamics CRM Online. The primary advantage of SaaS
services is that they enable users to easily access apps without the need to install and maintain
them. Typically, users do not have to worry about issues such as updating apps and
maintaining compliance, because the service provider handles them.
PaaS
PaaS offerings consist of cloudbased services that provide resources on which developers can
build their own solutions. Typically, PaaS encapsulates fundamental operating system
capabilities, including storage and compute, in addition to functional services for custom apps.
Usually, PaaS offerings provide application programming interfaces (APIs), in addition to
configuration and management user interfaces. Azure provides PaaS services that simplify the
creation of solutions such as web and mobile apps. With PaaS, developers and organizations
can create highly scalable custom apps without having to provision and maintain hardware and
operating system resources. Examples of PaaS services include Azure Web apps and Azure
App Service, which can run a web app that your developer team creates.
IaaS
IaaS offerings provide virtualized server and network infrastructure components that can be
easily provisioned and decommissioned as required. Typically, IaaS facilities are managed in a
similar way to onpremises infrastructures and provide an easy migration path for moving
existing apps to the cloud.
A key point to note is that an infrastructure service might be a single IT resource— such as a
virtual server that has a default installation of Windows Server 2012 R2 and Microsoft SQL
Server 2014, or a Linux server that has MySQL Server installed to provide database services
—or it might be a completely preconfigured infrastructure environment for a specific app or
business process. For example, a retail organization might empower departments to provision
their own database servers to use as data stores for custom apps. Alternatively, the
organization might define a set of virtual machine and network templates that can be
provisioned as a single unit to implement a complete, preconfigured infrastructure solution for
a branch or store, including all the required apps and settings.
Other “as a Service” offerings
As cloud services continue to evolve and grow, other IT functions are being presented as
packed cloud services. Some examples of these include:
• Identity as a Service (IDaaS). IDaaS provides identity management services in a packaged
product, usually for resale to customers. In Azure, Azure Active Directory (Azure AD)
provides identity and access management that integrates with Azure services and apps,
whereas Azure AD B2C provides consumer identity management on a more granular scale.
• Disaster Recovery as a Service (DRaaS). DRaaS provides cloudbased backup and
recovery services that are consumable on a payperuse model, highly available, and
scalable to meet demand.
Lesson 2: Overview of Azure
Azure is a cloud offering from Microsoft that individuals and organizations can use to create,
deploy, and operate cloudbased apps and infrastructure services. This lesson provides an
overview of Azure and describes the datacenter infrastructure that supports it before
discussing the services, resources, and tools that are available in Azure.
Lesson Objectives
• Describe the key characteristics of Azure datacenters.
• Identify and describe the available Azure services.
• Explain the computer hosting options that Azure provides.
• Explain the Azure service model.
• Describe Azure resources.
• Use Azure resources.
• Identify Azure management tools.
Understanding Azure datacenters
Datacenters managed by Microsoft host Azure services throughout the world. Whenever you
create a new Azure service, you must select an Azure region to determine the datacenter
where the service will run. When you select an Azure region, you should consider where the
users of that service are located and place the service as close to them as possible. Some
services enable you to serve content from more than one Azure region. In this way, you can
serve content to a truly global audience while helping to ensure that a local response gives
them the highest possible performance. The datacenters are located in the following
geographic areas:
• West Europe
• East Asia
• Central US
• East US
• East US 2
• West US
• North Central US
• South Central US
• North Europe
• Southeast Asia
• Japan West
• Japan East
• Brazil South
• Australia East
• Australia Southeast
• South India
• Central India
• West India
A range of architectures that spans several generations and is continually evolving forms the
basis of these datacenters. The latest generation of datacenters has as its basis a fully modular
design that includes the following features:
• Clusters of servers are packaged into preassembled units based on shipping containers,
enabling clusters that contain thousands of servers to be rapidly provisioned and swapped
out.
• The datacenters include uninterruptable power supplies and alternate power supplies for all
components, in addition to backup power that can keep the datacenter running in the event
of a localized disaster.
• The clusters within datacenters are connected by redundant highspeed networks.
• The datacenters are connected to one another and the Internet via highspeed optical
networks.
• The data within a single datacenter can be replicated to three redundant storage devices and
also between pairs of datacenters in the same geographic region.
• The physical and network security for Azure datacenters meets a range of industry and
government standards.
The datacenters are designed to minimize power and water usage for maximum efficiency,
including servers and other hardware, cooling, and support operations.
The servers in each datacenter are provisioned in clusters, and each cluster includes multiple
racks of servers that run Windows Server 2012 R2. A distributed service application, named
Azure Service Fabric, manages provisioning, dynamic scaling, and hardware fault management
for the virtual servers that host cloud services on the physical servers in the cluster.
Additional Reading: For more information, refer to Azure Regions:
http://aka.ms/Ym4ryz
Understanding Azure services
Azure provides a wide range of cloudbased services that you can use as components for
customized cloud solutions and infrastructure:
• Compute:
o Azure Virtual Machines. Create Windows and Linux virtual machines from
predefined templates, or deploy your own custom server images in the cloud.
o Azure Cloud Services. Define multitier PaaS cloud services that you can deploy
and manage on Azure.
o Azure Batch. Run high volume, largescale parallel and highperformance
computing apps on a scaled and managed set of virtual machines.
o Azure RemoteApp. Provision Windows apps on Azure and run them from
essentially any device.
o Service Fabric. Manage and build Azure components.
• Web & Mobile:
o Azure App Service. Integrate and manage web and mobile app solutions with:
▪ The Logic Apps feature in Azure App Service. Automate running business
processes and workflows.
▪ The Web Apps feature in Azure App Service. Deploy web apps to the cloud.
▪ Azure Mobile Services. Develop highly scalable, globally available mobile
apps.
▪ Azure API Management. Provide the building blocks for integrating and
building new apps.
o Notification Hub. Create push notifications for apps and services.
o Azure Mobile Engagement. Use app analytics and app messaging to engage mobile
app users.
• Data & Storage:
o Azure DocumentDB. Implement a NoSQL data store for your apps.
o SQL Database. Implement relational databases for your apps without the need to
provision and manage a database server.
o Azure Redis Cache. Implement highperformance caching solutions for your apps.
o Azure Storage. Store data in files, binary large objects (BLOBs), tables, and
queues.
o StorSimple. Manage the storage between onpremises and cloud storage.
o Azure Search. Provide a fully managed search service.
o SQL Data Warehouse. Store and access large scale, distributed data.
• Analytics:
o Azure HDInsight. Provision Apache Hadoop clusters in the cloud.
o Azure Machine Learning. Run predictive analytics and forecasting from existing
data.
o Azure Stream Analytics. Set up realtime data analysis from many sources.
o Azure Data Factory. Create data pipelines by using data storage, data processing
services, and data movement.
o Azure Event Hubs. Receive and process massive amounts of data from connected
devices and apps.
o Azure Data Catalog. Implement the registration and discovery of enterprise data
sources.
o Azure Data Lake Store. Create hyperscale repositories for big data analytics.
o Azure Data Lake Analytics. Run largescale data analysis jobs.
• Networking:
o Azure Virtual Network. Connect and segment the cloud infrastructure.
o Azure ExpressRoute. Extend your enterprise to Azure through a dedicated private
connection.
o Application Gateway. Build a scalable network capability for applications.
o Azure Traffic Manager. Implement load balancing for high scalability and
availability.
o Azureprovided DNS. Host and manage your DNS domain and records for use
with Azure apps.
o Load Balancer. Create highly available and highperformance cloudbased
networks.
o VPN Gateway. Create network connections between Azure and onpremises
networks.
• Media & Azure Content Delivery Network:
o Azure Media Services. Deliver multimedia content, such as video and audio.
o Content Delivery Network. Distribute content to users throughout the world.
• Hybrid Integration:
o Azure BizTalk Services. Build integrated business orchestration solutions that
integrate enterprise apps with cloud services.
o Azure Service Bus. Connect apps across onpremises and cloud environments.
o Azure Backup. Back up virtual machines and send backup data to Azure for
retention and recovery.
o Azure Site Recovery. Create and implement disaster recovery solutions for the
cloud and onpremises infrastructure.
• Identity and Access Management:
o Azure AD. Integrate your corporate directory with cloud services for a single sign
on (SSO) solution.
o Azure MultiFactor Authentication. Implement additional security measures in your
apps to verify user identity.
o Azure AD DS. Host domain controller functionality in the cloud.
o Azure AD B2C. Provide scalable identity and access management solutions for
customerfacing apps.
• Developer Services:
o Visual Studio Application Insights. Provide a cloudbased analysis and diagnosis of
app usage.
o Azure DevTest Labs. Create, monitor, and manage virtual machines in a dedicated
test environment.
• Management:
o Key Vault. Track and manage cryptographic information.
o Scheduler. Create and schedule automation of cloud services.
o Automation. Automate longrunning, frequently repeated, and timeconsuming
tasks.
o Operational Insights. Use machine data to build operational intelligence.
o Azure Internet of Things (IoT) Hub. Enable and encrypt communications between
IoT connected devices and apps.
o Security Center. Monitor and manage control of and access to Azure resource
security.
Note: Azure is continually being improved and enhanced, and new services are added
on a regular basis.
Additional Reading: For more information, refer to The cloud for modern business:
http://aka.ms/Gcdrky
Compute hosting options provided by Azure
Azure provides several options to provide apps and computebased services from the cloud.
The five functional components for providing apps from within Azure are:
• App Service and App Service Environment
• Azure Cloud Services
• Azure Virtual Machines
• Azure Service Fabric
• Azure Container Service
App Service and App Service Environment
You can use App Service to quickly provision and create web apps in Azure. App Service is a
PaaS solution, so App Service solutions run in a virtual machine environment. Therefore, the
infrastructure and operating system details and management are virtualized and transparent to
the app that Azure hosts. You can create App Service solutions by using Microsoft ASP.NET,
PHP, Node.js, and Python. Web apps that use App Service can also integrate with other
Azure services, including SQL Database, Service Bus, or BLOB storage. By using multiple
copies of an app inside separate virtual machines, you can rapidly provision and scale web
apps that use App Service. Because virtual machines are already in place, provisioning a web
app takes significantly less time than a virtual machine. You can publish code for App Service
apps by using the Microsoft Web Deployment Tool (Web Deploy), Microsoft Visual Studio,
Git, GitHub, File Transfer Protocol (FTP), Bitbucket, CodePlex, Mercurial, Dropbox,
Microsoft Team Foundation Server, and the cloudbased Team Foundation Service from
Visual Studio Online. You can also migrate existing onpremises sites to Azure by using
existing tools and guidance, which later modules in this course cover.
You can also use Azure App Service Environment to create a dedicated environment in which
you can run Azure apps such as Web apps, Mobile apps, and Logic apps. Apps within an App
Service Environment can connect to each other inside a virtual network that defines the
network scope of the App Service Environment.
Azure Cloud Services
With Azure Cloud Services, you can extend the functionality of your cloudbased solution.
Azure Cloud Services supports scalability for apps and greater control over the hosting
environment. When using Azure Cloud Services, you can connect to your virtual machines
and perform simple management tasks, such as app installation. You typically use Azure Cloud
Services to deploy more complex solutions than an App Service web app can provide. Azure
Cloud Services is best suited to:
• Multitiered web apps.
• Web apps that require a highly scalable, highperformance environment.
• Web apps that have relatively simple additional requirements, such as secondary apps or
minor environment changes.
Azure Virtual Machines
Azure Virtual Machines provides the greatest flexibility and control of the available compute
options. As an IaaS solution, Azure Virtual Machines operates in much the same way as
Microsoft HyperV virtual machines on Windows Server 2012 R2. You have complete control
over the virtual machine at the operating system level, and you also must maintain the virtual
machine at the operating system level, including maintaining business continuity and installing
updates. You can choose to start from scratch and install a supported operating system of your
choice, or you can choose from one of the virtual machine images available in Azure. You can
also create virtual machines by importing existing HyperV virtual machines from your on
premises virtualization infrastructure. Azure Virtual Machines is best suited to:
• Highly customized apps that require complex infrastructure components.
• Hosting Windows Server or Linux apps and infrastructure servers, such as domain
controllers, DNS servers, or database servers.
Azure Service Fabric
Service Fabric provides a reliable and flexible technology that you can use to build apps.
Service Fabric supports both stateful and stateless apps. Service Fabric apps are composed of
microservices running on a shared pool of computers referred to as a Service Fabric cluster.
Service Fabric is primarily used to build complex cloud apps, and it is used to power such
Microsoft services as Microsoft Intune, Skype for Business, and Cortana.
Azure Container Service
With Azure Container Service, you can create clusters to support apps. Although Azure
Container Service is new, it is positioned to enable enterprises to build rapidly scalable
clustered apps. Azure Container Service supports Mesos clusters and Dockerbased apps.
Understanding the Azure service model
Multitenancy within a scalable and highly available cloudbased infrastructure forms the basis
of the Azure service model. A subscription model that dictates the level of access a subscriber
has to Azure and the billing structure in place for the subscriber together define that
subscriber’s access to Azure services. Azure services are primarily payperuse, with
subscribers using different services and functionalities in Azure and paying for the cloud
resources that these services and functionalities consume.
Accounts and subscriptions
An Azure account determines how and to whom your Azure usage is reported. With a
subscription, you can organize your access to your cloud services and resources. A
subscription helps you to control how your resource usage is reported, billed, and paid for.
Each of your subscriptions can have a different billing and payment setup. As a result, you can
have different subscriptions and different plans by department, project, regional office, or
other factors. Every cloud service belongs to a subscription, and the subscription ID is often
required for some operations.
Signing in to Azure
To manage Azure, you must sign in by using a user ID, which takes the form of an email
address. Two types of user IDs exist:
• Microsoft accounts. These take the form of user@outlook.com, user@hotmail.com, or
something similar.
• Organizational accounts. These take the form of user@contoso.onmicrosoft.com or
user@contoso.com.
Organizational accounts differ from Microsoft accounts because they are based in Azure AD.
As a result, you have more options for managing organizational accounts. For example, you
can supplement organizational accounts with multifactor authentication, which requires the
user to enter additional information to verify his or her identity. Generally, you should use
organizational accounts whenever you need to assign administrative access to Azure. Every
Azure subscription has a default directory that you can use to create organizational accounts.
Pricing and billing
Five pricing options for Azure exist:
• PayAsYouGo. Choose this option if you want a flexible pricing plan. You pay only for
the services you use. You can cancel this subscription at any time. You can make payments
only by using credit or debit cards. It is important to note that usage quotas apply to this
plan, including limits on cloud services, virtual machines, storage, and Azure AD.
Additional Reading: For more information, refer to PayAsYouGo:
http://aka.ms/Uis9fx
• Annual prepaid subscription. Prepaid subscriptions carry the same billing model as PayAs
YouGo subscriptions but with an additional five percent discount on Azure services and a
minimum prepay cost.
Additional Reading: For more information, refer to 12Month Prepay Offer:
http://aka.ms/M22av1
• Buying from a Microsoft reseller. To work with the same resellers from whom you
currently purchase Microsoft software under the Microsoft Open License program, you can
select this option. You must purchase Azure in Open credits from your vendor. You can
then activate your subscription by using those credits. You can apply Azure in Open credits
toward any Azure service that is eligible for monetary commitments when purchased online.
Services that are not eligible for use with monetary commitments, such as Azure Rights
Management Services and Azure AD Premium, cannot be procured by using Azure in
Open.
Additional Reading: For more information, refer to Get Started with Azure in
Open Licensing: http://aka.ms/Mq0oy5
• Enterprise Agreement. This option is best suited to large organizations that sign an
Enterprise Agreement and make an upfront commitment to purchase Azure services.
Customers who select this option can use the Azure Enterprise Portal to administer their
subscription. Microsoft bills these customers annually, based on their service usage. This
can make it easier to accommodate unplanned growth.
Additional Reading: For more information, refer to Licensing Azure for the
Enterprise: http://aka.ms/Br93cj
• Azure Compute Option. The Azure Compute Option is designed to ease the transition from
an onpremises infrastructure to Azure. This option provides discounted hours for compute
services when you purchase addons to your Windows Server annuity licenses. The
discount increases with the number of addons purchased.
Additional Reading: For more information, refer to Microsoft Azure Compute
Option: http://aka.ms/Cqueg2
Support plans
You can also purchase support plans from Microsoft that provide varying levels of support for
your Azure environment. You can choose from one of four support plans:
• Developer. The Developer plan is designed for test or nonproduction environments and
includes all day, every day technical support for Azure with a minimum initial response time
of less than eight hours.
• Standard. The Standard plan offers the same features as the Developer plan, and the initial
response time is reduced to less than two hours.
• Professional Direct. This plan is designed for organizations that depend on Azure for
businesscritical apps or services, and it includes everything in the Standard plan in addition
to basic advisory services, pooled support account management, escalation management,
and a minimum response time of less than one hour.
• Premier. This is the highest level of support, and it extends to all Microsoft products,
including Azure. With Premier, you receive customerspecific advisory services, a dedicated
support account manager, cloud service dependency mapping, onsite services, and a
response time of less than 15 minutes, in addition to all of the features included with
Professional Direct.
Additional Reading: For more information, refer to Azure Support For Customers:
http://aka.ms/N613e7
Understanding other Azure resources
Microsoft provides several resources that you can use to further manage and implement your
Azure environment:
• Azure Marketplace. The Azure Marketplace contains thousands of certified, open source,
and community apps as well as developer services that you can implement in Azure. You
can download preconfigured virtual machines, developer tools, and a wide variety of apps
and APIs.
• VM Depot. The VM Depot offers communityprovided virtual machine images based on
open source operating systems that are configured for a wide variety of functionalities.
Many VM Depot images come preconfigured with a specific app, but images with other
functionalities, such as OpenVPN and database engines, are available as well.
• GitHub. GitHub contains APIs, SDKs, and open source projects uploaded and curated by
the Azure community. Developers can use GitHub resources in their Azure projects to save
time and development effort and upload their own code for reuse by other Azure users.
Azure Trust Center. The Azure Trust Center provides information and guidance around
security, privacy, and compliance in Azure.
Demonstration: Working with Azure resources
In this demonstration, you will see how to:
• Use the Azure Marketplace.
• Use the VM Depot.
• Use GitHub.
• Use the Azure Trust Center.
Demonstration Steps
Use the Azure Marketplace
1. In Internet Explorer, navigate to the Azure Marketplace.
2. Search for Windows resources.
3. View the entry for the Windows Server 2012 R2 virtual machine.
4. On the Windows Server 2012 R2 Datacenter page, click Create Virtual Machine to
start the virtual machine creation process in Azure.
5. In Internet Explorer, sign in to the Azure portal, and then view the Windows Server 2012
R2 Datacenter blade.
6. In the Azure portal, click New, and then, next to Marketplace, click See all. View the
available options from the Azure Marketplace.
7. Search for and click the Windows Server 2012 R2 Datacenter virtual machine image.
Note that the Windows Server 2012 R2 Datacenter blade is the same as the one shown
earlier in the demonstration.
Use the VM Depot
1. In Internet Explorer, go to http://vmdepot.msopentech.com.
2. View the available categories, and then filter the list by the Database and NoSQL
category. Note the filtered list of virtual machine images that appear. Also, note the
options available for each virtual machine image entry: Create Virtual Machine,
Deployment Script, and Deployment Tutorial.
Use GitHub
1. In Internet Explorer, go to http://www.github.com/azure.
2. View the available repositories.
3. View the available templates under the azurequickstarttemplates repository.
Use the Azure Trust Center
• In Internet Explorer, go to http://azure.microsoft.com/support/trustcenter to view the
home page for the Azure Trust Center.
Azure management tools
You can use several different tools to manage the Azure environment. These include graphical
browserbased consoles, command shells, and plugins. The following list explains the tools
available to you:
• Azure portals. You can use two browserbased portal sites to manage your Azure
infrastructure:
o The Azure classic portal offers the original Azure portal experience.
o The Azure portal, formerly known as the Azure preview portal, is the default portal
for Azure, and you can use it to administer Azure from most web browsers.
• Windows PowerShell. You can use Windows PowerShell and the associated Azure modules
to manage your Azure environment.
• Azure Automation. The Azure Automation extension for Windows PowerShell Integrated
Scripting Environment (ISE) enables runbook creation for Azure PowerShell workflows
from within the Windows PowerShell ISE. You can use Azure Automation to create and
test runbooks from your local computer.
• Azure CLI. The Azure commandline interface (CLI) provides a set of open source, cross
platform commands for working with the Azure platform. The latest version of the Azure
CLI is available from GitHub and installable on the Windows and Linux platforms.
For example, an administrator can interrogate account information by typing azure
account. The Azure CLI can manage both resources and services. To configure resources,
run the config mode command azure config mode arm. To return to service management
mode, run azure config mode asm.
• Visual Studio. You can use Visual Studio to deploy resources in Azure by creating and
applying Azure Resource Manager templates. You can also use Visual Studio to create and
publish websites. Doing so involves the following highlevel steps:
a. Set up the development environment. To use Visual Studio to publish your website
content, you must first install the Azure SDK. When you install the Azure SDK, it
will automatically install Visual Studio Express for Web.
b. Create your app. To create the app, launch Visual Studio, and then choose to create
a new project. You can then select the type of app that you want to use on your
website—for example, an ASP.NET web app. The subsequent options that you
must configure vary, depending on the type of app you initially selected.
c. Host in the cloud/Create remote resources. This option varies, depending on the
edition of Visual Studio. You can use this option to create the website during the
publish process. It is enabled by default. If you choose to create the website during
publishing, you must define the site name, region, and database options.
d. Deploy the app to Azure. After you create your app, you can publish it to Azure by
using the Publish Web Wizard. You must specify the server name and port, site
name, user credentials to authenticate with the website, and destination URL.
Lesson 3: Managing Azure with the Azure portal
Azure provides webbased portals in which you can provision and manage Azure subscriptions
and services. These portals usually provide the initial environment in which you work with
Azure, and knowing how to navigate and use them is a fundamental skill that IT professionals
need to manage Azure services.
Lesson Objectives
• Explain the Azure classic portal.
• Explain the Azure portal.
• Describe how to manage account subscriptions with the Azure portal.
• Use the Azure portals to manage Azure.
Using the Azure classic portal
The Azure classic portal is the original user interface for provisioning and managing Azure
services. It is implemented as a web app at https://manage.windowsazure.com and requires
that you sign in by using a Microsoft account or an organizational account that is associated
with one or more Azure subscriptions.
The Azure classic portal consists of a page for each Azure service. The portal also includes an
All Items page, where you can view all the provisioned services in your subscriptions, and a
Settings page, where you can configure subscriptionwide settings.
Provisioning services
You can provision a new instance of a service by clicking the New option on any page. Most
services provide a dialog box in which you can enter the userdefinable settings for the service
before creating it. Service provisioning happens asynchronously, and an indicator is displayed
at the bottom of the page to show the current activity. You can expand this indicator to show a
list of completed and inprocess tasks.
Managing services
Your provisioned services are listed on the All Items page and on each servicespecific page.
The list shows the name, status, and servicespecific settings for each service. You can click a
service name in the list to view the dashboard for that service instance, where you can use
multiple tabbed subpages to view and configure the servicespecific settings. In most cases,
you make changes to a service by using the dynamic toolbar of contextspecific icons that
displays at the bottom of the subpage.
Adding coadministrators
When you provision an Azure subscription, you automatically become the administrator for
that subscription, and you can manage all the services and settings for the subscription. You
can add coadministrators on the Settings tab of the Azure classic portal.
Using the Azure portal
The Azure portal, at https://portal.azure.com, formerly known as the Azure preview portal,
is the new default portal for browserbased administration in Azure. The new portal represents
a significant change in the way that you perform administrative tasks in Azure.
Portal elements and concepts
The new portal contains the following user interface elements:
• Dashboard. The home page for your Azure environment. You can pin commonly used
items to the dashboard to make it easier to navigate to them. By default, the dashboard
includes tiles that show the global Azure service health, a shortcut to the Azure gallery of
available services, and a summary of billing information for your subscriptions.
• Blades. Panes in which you can view and configure the details of a selected item. Each
blade displays as a pane in the user interface, often containing a list of services or other
items that you can click to open other blades. New blades open to the right side. In this
way, you can navigate through several blades to view the details of a specific item in your
Azure environment. You can maximize and minimize some blades to optimize the screen
space and simplify navigation.
• Hub menu. A bar on the left side of the page, which contains the following icons:
o Home. Returns the page to the left side so that the Hub menu and dashboard are
visible.
o Notifications. Opens a blade on which you can view notifications about the status
of tasks.
o Browse. Starts a journey to view the details of a service in your Azure
environment.
o Billing. Provides details about charges and the remaining credit for your
subscriptions. Billing is also available on a resource group basis.
o New. Creates a new service in your Azure environment.
Managing account subscriptions with the Azure portal
To manage your Azure subscriptions, you can sign in to the Azure portal. From here, you can
view and edit your subscription, including usage statistics and billing details. You can also edit
your profile. You can open the subscriptions page from the full portal by clicking your
account name and then clicking View my bill.
The following options are available on the subscriptions page:
• Change payment method
• Download usage details
• Contact Microsoft support
• Edit subscription details
• Change subscription address
• View partner information
• Cancel your subscription
On the subscriptions page, you can also enable preview features in your subscriptions.
Preview features are Azure services that have not been fully released but that have been made
available for testing and evaluation.
Additional Reading: For more information, refer to Sign in to Azure:
http://aka.ms/J1breg
Note: If you have an Enterprise Agreement with Microsoft, you can also manage
Azure accounts and usage data for all the accounts in your organization by using the
Azure Enterprise Portal.
Additional Reading: For more information, refer to ea.microsoftazure.com:
http://aka.ms/V91c9h
Demonstration: Using the Azure portals
• Use the Azure classic portal.
• Use the new Azure portal.
• Manage Azure subscriptions.
Demonstration Steps
Use the Azure classic portal
1. In Internet Explorer, browse to http://manage.windowsazure.com, and then sign in by
using the Microsoft account that is associated with your Azure subscription.
2. Navigate to Settings and then Subscriptions. View the Administrator accounts.
3. Create a new storage account.
4. After the storage account is created, view the configuration settings of the storage
account.
5. View All Items and ensure that the new storage account is displayed.
Use the Azure portal
1. At the top of the Azure classic portal, click Check out the new portal, and then click
Launch. A new tab opens in Internet Explorer.
2. View the tiles on the Dashboard page of the new portal.
3. View the Service Health page.
4. Browse to the Storage account (classic) resource to show the storage account created
in the Azure classic portal.
5. View the details of the storage account, and then pin it to the dashboard.
6. Create a new web app in the DemoWebApp resource group, and then add it to the
Dashboard.
7. Switch to the tab containing the Azure classic portal, and then refresh the page.
Note: The website you created in the Azure portal is listed on the ALL ITEMS page.
Manage Azure subscriptions
1. In the upper right of the Azure classic portal, click your Microsoft account name, and
then click View my bill. A new tab opens in Internet Explorer. If prompted, sign in by
using the Microsoft account credentials associated with your Azure subscription.
2. On the subscriptions page, click your subscription. Then review the summary of usage
and billing that displays.
3. Close Internet Explorer, closing all tabs if prompted.
Lesson 4: Managing Azure with Windows PowerShell
The Azure portals provide a graphical user interface (GUI) for managing Azure subscriptions
and services, and in many cases, they are the primary management tools for service
provisioning and operations. However, it is common to want to automate tasks by creating
reusable scripts or to combine the management of Azure resources with the management of
other network and infrastructure services. Windows PowerShell provides a scripting platform
for managing Windows and can be extended to a wide range of other infrastructure elements,
including Azure, by importing modules of encapsulated code, called cmdlets. This lesson
explores how you can use Windows PowerShell to connect to an Azure subscription and to
provision and manage Azure services.
Lesson Objectives
• Identify the Azure modules for Windows PowerShell.
• Explain the differences between Azure AD Authentication and certificate authentication.
• Identify the Windows PowerShell cmdlets used for the classic deployment model and for
Azure Resource Manager.
• Use Windows PowerShell to manage Azure.
Azure PowerShell modules
You can implement several modules for Windows PowerShell to enable the administration of
Azure by using Windows PowerShell.
Azure PowerShell
Azure PowerShell includes the following modules:
• Azure. A core set of cmdlets for managing Azure services.
• AzureRM. A set of cmdlets for managing resource groups.
• AzureProfile. A set of cmdlets for managing authentication and execution context.
The Azure PowerShell module has a dependency on the Microsoft .NET Framework 4.5 and
the Web Platform Installer (Web PI) checks for this during installation.
You must install Azure PowerShell on a computer before you can use the Azure PowerShell
cmdlets. You can install Azure PowerShell in several ways, including:
• Web PI. You can launch the Web PI from https://azure.microsoft.com/enus/downloads/.
• PowerShell Gallery. You can import the Azure PowerShell modules from PowerShell
Gallery by running the following cmdlets directly from a PowerShell prompt.
Install-Module AzureRM
Install-Module Azure
Import-AzureRM
Import-Module Azure
These cmdlets download the modules and install them into Windows PowerShell, provided
your computer is connected to the Internet and you are running Windows PowerShell as an
Administrator.
Note: This functionality requires Windows Management Framework (WMF) 5.0 or
PackageManagement PowerShell modules. At the time of writing this content, the
PackageManagement PowerShell modules are in preview.
Azure AD module for Windows PowerShell
If you plan to implement Azure AD, you can install the Azure AD module for Windows
PowerShell to manage users, groups, and other aspects of the directory from Windows
PowerShell. This module requires the Microsoft Online Services SignIn Assistant to be
installed.
Additional Reading: For more information, refer to AzureADHelp:
http://aka.ms/X4nin4
Azure Automation authoring toolkit
Azure Automation is a service that you can use to run Windows PowerShell workflows and
scripts as runbooks directly in Azure, either on demand or based on a schedule. While it is
possible to develop Azure Automation runbooks directly in the Azure portal, you can also use
the Windows PowerShell ISE for this purpose. To simplify the process of developing
runbooks in the Windows PowerShell ISE, install the Azure Automation Authoring Toolkit
from the PowerShell Gallery by running the following cmdlets.
Install-Module AzureAutomationAuthoringToolkit -Scope CurrentUser

Install-AzureAutomationIseAddOn
Authenticating to Azure by using Windows PowerShell
After you install the Azure PowerShell module, you need to connect it to the Azure
subscriptions that you want to manage with it. You can take two approaches to accomplish
this: Azure AD Authentication and certificatebased authentication.
Azure AD Authentication
You can use Azure AD Authentication to sign in to an Azure account by using one of the
following credentials:
• A Microsoft account that is associated with an Azure subscription
• An organizational account that is defined in Azure AD
To connect an Azure account to the local Windows PowerShell environment, you can use the
LoginAzureRmAccount cmdlet. This opens a browser window in which the user can
interactively sign in to Azure by entering a valid user name and password.
Azure AD Authentication is token based, and after signing in, the user remains authenticated
until the authentication token expires. The expiration time for an Azure AD token is 12 hours,
although you can refresh it in the Windows PowerShell session.
After you authenticate, you can use the GetAzureRmContext cmdlet to view a list of the
Azure accounts and subscriptions that you have associated with the local Windows PowerShell
environment. Similarly, you can use the GetAzureRmSubscription cmdlet if you want to
view a list of subscriptions. If you have multiple subscriptions, you can set the current
subscription by using the SetAzureRmContext cmdlet with the name or ID of the
subscription that you want to use.
Certificatebased authentication
Most tools for managing Azure support Azure AD Authentication, and it is the recommended
authentication model. However, in some cases, it might be more appropriate to authenticate by
using certificates. Examples of where certificatebased authentication is appropriate include
older tools that do not support Azure AD Authentication and Windows PowerShell scripts that
will run for long periods of time in which an authentication token might expire.
Specifics of implementing certificatebased authentication depend on whether you intend to
execute Azure Service Management or Azure Resource Manager cmdlets. Azure Service
Management cmdlets support the use of management certificates. Once you generate such a
certificate, you need to store its private key in the local certificate store and upload the
corresponding public key into the target subscription. With Azure Resource Manager, the
process involves creating an Azure AD application and a corresponding service principal.
During this step, you have the option of associating the application instance with a certificate
by uploading its public key.
Additional Reading: For more information, refer to Authenticating a service principal
with Azure Resource Manager: http://aka.ms/Yym3a7
Using an Azuregenerated certificate in Azure Service Management
An Azure management certificate is an X.509 (v3) certificate that associates a client app or
service with an Azure subscription. You can use an Azuregenerated management certificate,
or you can generate your own by using your organization’s public key infrastructure solution
or a tool such as MakeCert.
To use an Azuregenerated certificate in Windows PowerShell, run the Get
PublishSettingsFile cmdlet, which opens a web browser in which you can sign in to your
Azure account and then download a certificate file. After the file downloads, use the Import
PublishSettingsFile cmdlet to register the certificate on the local computer.
Note: Important: The downloaded certificate file, which has the file name extension
.publishsettings by default, contains sensitive information. You should download this to
a securityenhanced location and delete it after you import the certificate.
After you import the certificate, you can run the GetAzureSubscription cmdlet to verify that
the subscription from which you downloaded the certificate file is available in Windows
PowerShell, and you can use the SetAzureSubscription cmdlet to make it the default
subscription.
Note: Using a .publishsettings file works only in the Azure Service Management
model. Azure Resource Manager cmdlets will not work with a .publishsettings file.
Using your own certificate in Azure Service Management
When you use your own certificate, you should store the certificate in the personal certificate
store for the user account under which requests to Azure will be made and then export the
certificate to a .cer file that does not include the private key. You can then upload the
certificate to your Azure subscription in the Azure portal.
To authenticate by using the certificate in Windows PowerShell, you can use the Set
AzureSubscription cmdlet, specifying the subscription name, subscription ID, and certificate.
You can obtain the subscription ID from the Azure portal, and you can reference the
certificate in Windows PowerShell by using the GetItem cmdlet.
The following code example shows how to set the current subscription by using a specific
certificate.
Using a Specific Certificate
$subName = "<the subscription name">

$subID = "<copy the subscription ID from the Azure portal>"
$thumbprint = "<the thumbprint of the certificate you want to
use>"
$cert = Get-Item cert:\\currentuser\my\$thumbprint
Set-AzureSubscription -SubscriptionName $subName, -SubscriptionId
$subId -Certificate $cert
To obtain the certificate thumbprint, you can either view the certificate in Certificate Manager
or use the Windows PowerShell command GetItem cert:\\currentuser\my\* to obtain a list
of all the personal certificates and their thumbprints.
Azure PowerShell cmdlets for the classic deployment
model and for Azure Resource Manager
After you connect your Windows PowerShell environment to your Azure subscription, you
can use Azure PowerShell cmdlets to view, provision, and manage Azure services. You can
use two different deployment models: classic and Azure Resource Manager. The classic
deployment model uses the Azure module for PowerShell, whereas the Azure Resource
Manager model uses the AzureRM module for PowerShell.
The primary difference between the cmdlets in the two modules is the inclusion of the letters
Rm in the Azure Resource Manager module cmdlets. For example, the NewAzureVM cmdlet
in the Azure module is replaced by NewAzureRmVM in the Azure Resource Manager
module. The following table illustrates further differences between the two models.
Functionality or Classic Azure Resource Manager

command
PowerShell module used ImportModule Azure ImportModule AzureRm
Create a resource group New_AzureResourceGroup NewAzureRmResourceGroup
Create a virtual machine NewAzureVM NewAzureRmVM
Create a web app NewAzureWebsite NewAzureRmWebapp
Signin to Azure AddAzureAccount LoginAzureRmAccount
GUI Element Classic portal Azure portal
Manage resources created in No Yes
other model
Demonstration: Using Azure PowerShell
• Create a resource group.
• Create a storage account.
• Configure a storage account.
• Delete a storage account.
• Delete a resource group.
Demonstration Steps
Create a resource group
1. Open the Windows PowerShell ISE.
2. In the Windows PowerShell ISE, open
D:\Demofiles\Mod01\UsingAzurePowerShell.ps1.
3. In the Windows PowerShell ISE, at the command prompt, type the following command,
and then press Enter.
Login-AzureRmAccount
4. Enter your Azure credentials.
5. In the Windows PowerShell ISE, change the $saName variable on line 8 to a value that
will be unique in Azure.
6. In the Windows PowerShell ISE, change the $locName variable to the Azure region you
will be using throughout the course, as provided by your instructor.
7. In the Windows PowerShell ISE, select the following lines, rightclick them, and then
click Run Selection.
$locName = "East US"

$rgName = "TestRG1"
$saName = "<enter unique name here>"
$saType = "Standard_LRS"
$newsaType = "Standard_GRS"
New-AzureRmResourceGroup -Name $rgName -Location $locName
Create and configure a storage account
New-AzureRmStorageAccount -Name $saName -ResourceGroupName

$rgName –Type $saType -Location $locName
Set-AzureRmStorageAccount -Name $saName -ResourceGroupName

$rgName –Type $newsaType
Delete a storage account
Remove-AzureRmStorageAccount -Name $saName -ResourceGroupName

$rgName
Get-AzureRmStorageAccount
Delete a resource group
Remove-AzureRmResourceGroup -Name $rgName
2. In the Confirm selection window, click Yes.
Get-AzureRmResourceGroup
Reset the environment
1. In the Windows PowerShell ISE, type the following command, and then press Enter:
Reset-Azure
2. When prompted (twice), sign in by using the Microsoft account associated with your
Azure subscription.
3. If you have multiple Azure subscriptions, select the one you want the script to target.
4. When prompted for confirmation, type y.
5. Wait for the script to complete, and then close all open windows.
Lesson 5: Overview of Azure Resource Manager
With Azure Resource Manager, you can administer your Azure resources as a logical group.
You can perform administrative tasks such as deploying, updating, and deleting resources for a
solution or similar group of resources in a single, coordinated operation. This lesson introduces
you to the core components and functionality of Azure Resource Manager and explains
methodologies and best practices.
Lesson Objectives
• Describe Azure Resource Manager.
• Explain resources and resource groups.
• Describe the Azure Resource Manager deployment methodologies.
• Explain the implementation guidelines for IaaS v2.
What is Azure Resource Manager?
Azure Resource Manager introduces a logical approach to managing Azure resources. Azure
service instances, or resources, can be logically stored in resource groups. Resource groups
provide a common management point for the resources belonging to the group. They can be
created, managed, monitored, or deleted together. Azure Resource Manager also offers the
concept of deployment templates. This allows you to define a collection of resources in the
form of a template and then use this template to deploy these resources into a resource group.
Resource groups and deployment templates are ideal for scenarios where you need to quickly
build out development, test, quality assurance, or production environments. Developers can
quickly delete their environment by removing a resource group and create a new environment
by redeploying a template. The resource groups can be monitored to determine the billing rate
or resource usage at a higher level than that of monitoring individual resources.
Azure Resource Manager vs. classic deployment mode
In classic deployment mode (formerly known as Azure Service Management), services are
created in the Azure classic portal or through the Service Management Azure PowerShell
cmdlets. In this case, configuration of virtual machines is determined by:
• A mandatory cloud service that serves as a logical container for virtual machines.
• A mandatory storage account that hosts the virtual machines’ operating systems and data
disk .vhd files.
• An optional virtual network that allows you to implement direct connectivity among virtual
machines in different cloud services and onpremises networks.
To create resources through Azure Resource Manager, you use the new portal or the Azure
Resource Manager cmdlets in Azure PowerShell. The resources carry the following
characteristics:
• A virtual machine depends on a storage account defined by the storage resource provider to
store its .vhd files in BLOB storage.
• A virtual machine references a specific network adapter defined by the network resource
provider.
• The network adapter determines the virtual machine’s private IP address, referencing the
subnet of the virtual network, and an optional network security group.
The following resource providers differentiate between resources created using the classic
deployment mode versus those created by Azure Resource Manager:
• Compute
• Storage
• Network
For these resources, the supported operations differ between the management modes.
Using templates and tags
You can use templates and tags to further streamline your management of resource groups
with Azure Resource Manager:
• Templates provision all of the resources for your solution in a single, managed operation. In
the template, you dictate the resources that the solution needs and set deployment
parameters to provide values for different environments. When you create a template, you
need to know:
o Which types of resources you need to deploy.
o Where resources will be stored.
o What the order is for the deployment of resources.
o How and when you will pass values to the deployment, and what those values will
be.
• You can create tags in templates or in the portal to logically organize resources. Tags are
key/value pairs that you define to properly identify resource properties. You can use tags to
view or manage resources according to the tags assigned to them.
Advantages of Azure Resource Manager
Azure Resource Manager carries several advantages over the classic deployment mode:
• Manage resources as a group, rather than individually.
• Reuse solutions and consistently deploy resources.
• Create templates to quickly deploy and redeploy large solutions.
• Define dependencies and resource deployment order.
• Use rolebased access control (RBAC) to apply access control to a group of resources.
• Logically organize resources by using tags.
Resources and resource groups
Every Azure resource belongs to a resource group. You can choose to create a new resource
group or to use an existing resource group when creating a resource.
When you deploy a solution that consists of a few resources working together, you should
create a dedicated resource group so that you can manage the life cycle of all the related assets
by using this resource group. You can add or remove additional resources from the resource
group as your app evolves. For example, the Website + SQL option in the Azure portal
creates a new resource group that consists of a website, a web hosting plan, and an Azure
SQL database, along with other resources.
You can view resource groups either by using the new portal or Azure PowerShell. By using
the Azure portal, you can view and monitor resource groups as a group. The portal displays
each resource group as a blade, providing you with the information about its characteristics.
Adding resources
You can add resources to a resource group at any time. The Azure portal has an Add option
that you can use to add a new resource to a resource group. Resource groups also enable you
to manage the life cycle of all the contained resources. Deleting a resource group will delete all
the resources contained within it.
The Azure Resource Manager mode in Azure PowerShell allows you to manage resource
groups in your Azure subscription. You can create resource groups by using the New
AzureRmResourceGroup cmdlet. You can then use the NewAzureRmResource cmdlet to
manually create resources and add them to the resource group. You can also use a deployment
template to add resources to a resource group.
Moving resources
You can move resources between resource groups, and you might do so for several reasons:
• A resource needs to be located in a different logical grouping or Azure subscription.
• A resource does not share the same life cycle with other resources that were in its group.
It is important to consider the following factors when moving a resource:
• You cannot change a resource’s location. After you create a resource, it must remain in the
same datacenter.
• You should group resources only with other resources that share the same life cycle.
• You should use the latest version of the Azure PowerShell module if you are using it to
move resources.
• Both the source and destination resource groups are blocked for deletion while the move
operation takes place.
• The ability to move resources is limited to specific resource types only.
Additional Reading: For more information, refer to Move resources to new resource
group or subscription: http://aka.ms/Ry0sqz
Azure Resource Manager deployment methodologies
With Azure Resource Manager, the template you create defines the infrastructure for your
solution, how to configure that infrastructure, and how to implement the solution on top of
that infrastructure. Azure Resource Manager analyzes dependencies to help ensure that
resources are created in the correct order before allowing resources to be deployed.
When creating templates, you should divide your deployment components into a set of
targeted, purposespecific templates. You can easily reuse these templates for different
solutions. To deploy a particular solution, you create a master template that links all of the
required templates.
You can also use the template for updates to the infrastructure. For example, you can add a
new resource to your solution. You can also delete resources that exist in your solution by
excluding them from the template before its deployment.
You can specify parameters in your template to allow for customization and flexibility in
deployment. For example, you can pass parameter values that tailor the deployment for your
test environment. By specifying different parameters, you can use the same template for a
deployment to the production environment.
Azure Resource Manager provides extensions for scenarios when you need to configure
operating systems within Azure virtual machines. These extensions include a number of
configuration management services, such as Desired State Configuration, Chef, or Puppet.
When you create a solution from the Azure Marketplace, the solution automatically includes a
deployment template. You do not have to create your template from scratch, because you can
start with the template for your solution and customize it to meet your specific needs.
Finally, templates support versioning. You can check them in to your source code repository
and update them as your app evolves. You can edit the template through Visual Studio.
Best practices
Some of the best practices for deploying solutions by using templates include:
• Use a consistent deployment method.
• Use resource groups to group all resources in a solution together.
• Use RBAC to grant access to resources.
• Define and deploy your infrastructure through the declarative syntax in Azure Resource
Manager templates rather than through imperative commands.
• Define all the deployment and configuration steps in the template. You should have no
manual steps for setting up your solution.
• Run imperative commands to manage your resources, such as to start or stop an app or
virtual machine.
• Arrange resources with the same life cycle in a resource group. Use tags for all other
organization of resources.
Azure IaaS v2 implementation guidelines
There are certain guidelines to consider when implementing IaaS solutions by using Azure as
listed under the following headings.
General naming conventions
You should establish a consistent naming convention for all the resources you create within
Azure. Consider the following:
• Ensure that names are consistent across the entire organization and across Azure
subscriptions.
• Identify Azure resources by using either a prefix or a suffix for the resource. For example,
you can use RGOrdersApp or OrdersAppRG to denote a resource group named
OrdersApp.
• Use a consistent format when indicating dates.
• Ensure that virtual machines have the same name as the host name of the operating system
instance within the virtual machine.
• Ensure that storage account names use only lowercase letters and numbers and are globally
valid and unique.
• Some services might require or prohibit the use of certain character types, such as
lowercase, uppercase, or symbols.
Storage
Consider the following when working with storage:
• Use multiple storage accounts to increase the I/O capability.
• Name the underlying disks and BLOBs logically, according to use.
Virtual networks
Consider the following when working with virtual networks:
• Plan IP addressing in subnets. Azure uses five IP addresses in each network of a subnet.
Virtual machines
Consider the following when working with virtual machines:
• Azure, by default, assigns the computer name as the name of the associated cloud service
when creating a virtual machine in the Azure classic portal.
Lesson 6: Azure management services
You can manage and monitor your Azure environment by using both the builtin tools in Azure
and external tools, such as System Center. This lesson outlines the primary management
services and methods available for Azure and explains how you can use them in your
environment.
Lesson Objectives
• Describe the Microsoft Operations Management Suite (OMS).
• Explain how to run logging and diagnostics in Azure.
• Explain how to manage accounts, subscriptions, and administrative roles in Azure.
OMS
OMS extends an organization’s existing System Center deployment into the cloud, providing
enterprisewide infrastructure management from a single console. OMS enhances the
following operational aspects when you administer your Azure environment:
• Operational visibility and management:
o Proactive smart alerts
o Operations dashboard and reporting
o Realtime, customizable reporting
• Security:
o Security log collection
o Breach and threat detection
o Forensic analysis
• Performance monitoring and analytics:
o Resource monitoring for Windows and Linux
o Onpremises server performance monitoring
o Azure server performance monitoring
o Storage area network (SAN) storage analytics
• Log management:
o Universal log collection and analysis
o Virtually unlimited data retention
o A dashboard powered by search queries
• Capacity planning:
o Forecasts of resource utilization trends
o Virtual machine placement optimization
o The identification of storage bottlenecks
• Automation:
o Virtual machine provisioning
o App deployment
o A runbook gallery
o A graphical designer
• Configuration and change tracking:
o Detection of configuration issues
o Identification of deviations from best practices
o Monitoring of software, Windows services, and the registry
o Tracking of group policies and file changes
• Site recovery:
o Automated protection and replication of virtual machines
o Customizable recovery plans
o Support for the replication and recovery of physical and virtual machines
o Orchestrated recovery
• Backup:
o Support for app, server, and data backups, including georeplication capabilities.
Logging and diagnostics in Azure
You can use several different methods to monitor Azure:
• Logs. All Azure services provide operations logs to record operational information as it
relates to Azure management. You can access operations logs via the GUI in two ways:
o From the dashboard of the job or service in the Azure portal
o From Management Services in the Azure classic portal
Logs contain the events that have impacted any of your subscriptions and provide the
following information:
o The level of the event. For example, it might be just something to track
(Informational) or something that has gone wrong that you need to know about
(Error).
o The status. The final status is generally Succeeded or Failed, but it might be
Accepted for longrunning operations.
o When the event occurred.
o The user or service that performed the corresponding operation.
o The Correlation ID of the event. This is the unique identifier of the corresponding
operation.
You can filter audit log events by subscription, resource group, resource type, or specific
resource. You can access the audit logs from the Azure portal under Audit logs.
• Azure Diagnostics. Azure Diagnostics allows you to collect diagnostic telemetry data from
services running in Azure. The telemetry data is stored in an Azure storage account and can
be used for debugging and troubleshooting, measuring performance, monitoring resource
usage, analyzing traffic and capacity planning, and auditing.
In case of virtual machines, Azure Diagnostics collects a superset of telemetry data, including:
o Microsoft Internet Information Services (IIS) logs. Information about IIS websites.
o Azure Diagnostics infrastructure logs. Information about Azure Diagnostics.
o IIS failed request logs. Information about failed requests to an IIS site or app.
o Windows event logs. Information sent to the Windows event logging system.
o Performance counters. Operating system and custom performance counters.
o Crash dumps. Information about the state of the process in the event of an app
crash.
o Custom error logs. Logs created by your app or service.
o .NET EventSource logs. Events generated by your code by using the .NET
EventSource class.
Azure access management
Your Azure subscription is related to your Azure account and administrative roles. It is
important to understand the differences among accounts, subscriptions, and administrative
roles in Azure so that you can effectively manage your Azure environment.
Accounts and subscriptions
An Azure account determines how and to whom your Azure usage is reported. A subscription
helps you to organize your access to your cloud services and resources, and also to control
how your resource usage is reported, billed, and paid for.
Each of your subscriptions can have a different billing and payment setup. As a result, you can
have different subscriptions and different plans by department, project, regional office, or
other factor. Every cloud service belongs to a subscription, and the subscription ID is often
required for some operations.
Administrative roles
Three Azure administrative roles exist:
• Account administrator. Each Azure account has one account administrator. The account
administrator has the authority to access the Azure Account Center, in which he or she can
create subscriptions, cancel subscriptions, change the billing for a subscription, and change
service administrators, among other tasks.
• Service administrator. Each Azure subscription has one service administrator. The service
administrator can access all resources in the subscription. By default, the user account
associated with this role is the same as that of the account administrator when your
subscription is created.
• Coadministrator. This role has the same functions as the service administrator, but it
cannot change the association of subscriptions with an Azure AD tenant.
Note: The account administrator for a subscription is the only person who has access
to the Azure Account Center. Account administrators do not have any other access to
services in that subscription.
The following table summarizes the differences among the three Azure administrative roles.
Administrative role Limit Summary
Account administrator One per Azure account Authorized to access the Azure

Account Center (create
subscriptions, cancel subscriptions,
change the billing for a subscription,
change service administrators, and
more).
Service administrator One per Azure subscription Authorized to access the Azure portal

for all the resources in the
subscription. By default, same as the
account administrator when a
subscription is created.
Coadministrator Unlimited Authorized with the same access as

the service administrator, but this
role cannot change the association of
subscriptions with an Azure AD
tenant.
RBAC
Azure supports RBAC for granular access management. By using RBAC, you can separate
duties within your teams and grant users only the level of access that they require to perform
their jobs.
Azure RBAC has three basic roles that can apply to all resource types:
• Owner. Has full access to all resources, including the right to delegate access to others.
• Contributor. Can create and manage all Azure resource types but cannot grant access to
them.
• Reader. Can view existing Azure resources.
The rest of the RBAC roles in Azure allow the management of specific Azure resources. For
instance, the Virtual Machine Contributor role allows the creation and management of virtual
machines but does not permit the management of the virtual network or the subnet that the
virtual machine is connected to.
You can also create your own roles for RBAC, and define access for the roles according to
your needs.
Note: RBAC role assignment is available when using the Azure portal. Azure RBAC
allows you to grant appropriate access to Azure AD users, groups, and services by
assigning roles to them on a subscription, resource group, or individual resource level.
The assigned role defines the level of access that the users, groups, or services have to
the Azure resource.
Additional Reading: For more information, refer to Azure RoleBased Access
Control: http://aka.ms/Uwlokh
Lab: Managing Microsoft Azure
Scenario
A. Datum Corporation wants to expand their cloud presence by taking advantage of the
benefits of Azure. You have been asked to explore and compare the available IaaS v2 features
by using the Azure portals and Windows PowerShell.
Objectives
After completing this lab, you will be able to:
• Use the Azure portals.
• Use Azure Resource Manager features via the Azure portal.
• Use Azure PowerShell.
Lab Setup
Estimated Time: 50 minutes
Virtual machine: 20533CMIACL1
User name: Student
Password: Pa$$w0rd
Before you start this lab, ensure that you have completed the tasks in the “Preparing the
environment” demonstration, which is in the first lesson of this module. Also ensure that the
setup script has completed.
Exercise 1: Using the Azure portals
Scenario
You have been asked to explore the available browserbased Azure portals to assess how A.
Datum Corporation will use them. In the Azure classic portal, you must create a co
administrator account and confirm the domain name of your subscription for use in your
testing.
In the Azure portal, you must observe the organization of resources and customize the
interface to make your testing environment more accessible. In the account page of the Azure
portal, you must view and download your current billing data and sign up for an available
preview feature that you will use later in your testing.
The main tasks for this exercise are as follows:
1. Use the Azure classic portal
2. Use the Azure portal
3. Use the account page of the Azure portal
Task 1: Use the Azure classic portal
1. Ensure that you are signed in to the 20533CMIACL1 virtual machine as Student with the
password Pa$$w0rd. You should have already run the preparation script in the “Preparing the
environment” demonstration at the beginning of the module.
2. Open Internet Explorer, and then go to https://manage.windowsazure.com.
3. Sign in by using the email address and password you set up for this course.
4. Open the settings page and then the ADMINISTRATORS page.
5. Add a coadministrator account by using a random, unique email address ending with
@outlook.com.
6. In Internet Explorer, navigate to the ACTIVE DIRECTORY page in the Azure classic portal. If the
Let’s talk about Azure AD page appears, clear all checkboxes, and then click the checkmark at
the bottom of the page.
7. On the Domains page, note the domain name for your subscription.
8. On the Users page, note the two users: your user account and the coadministrator account you
created earlier.
Task 2: Use the Azure portal
1. Go to the Azure portal at https://portal.azure.com.
2. Click the Edit dashboard option to edit the layout of the Dashboard page.
3. Resize the All resources tile to 4x6.
4. Resize the Service health tile to 2x4.
5. Click Done customizing to confirm the changes to the Dashboard page.
6. On the Hub menu, use the Browse menu to pin the Storage accounts item to the Hub menu.
Task 3: Use the account page of the Azure portal
1. In Internet Explorer, go to the account page of the Azure portal at
https://account.windowsazure.com.
2. Sign in by using the email address and password you set up for this course.
3. Go to the Subscriptions page, and then click your subscription. View the billing summary for your
subscription on the page.
4. Click Download usage details, download the version 1 usage details for your subscription, and
then view them in Notepad. Note that this is intended to simply review its content – typically to
analyze it in more details, you would use Microsoft Excel or other program capable of parsing csv
files.
Result: After completing this exercise, you will have used the Azure portals.
Exercise 2: Using the Azure Resource Manager features in the
Azure portal
Scenario
You have been asked to create some temporary resources in Azure to test the management
interface of the Azure portal. You must create a resource group in Azure, create a new storage
account and a new virtual machine in the Azure portal, and then tag the resources as test
resources before assigning your newly added coadministrator to the Automation Operator role
in the Azure portal.
1. Create and manage a resource group
2. Create Azure resources
3. Configure tagging
4. Configure RBAC
Task 1: Create and manage a resource group
1. In Internet Explorer, go to https://portal.azure.com.
2. In the Azure portal, create a new resource group named TestRG1 in your preferred location.
Task 2: Create Azure resources
• On the Azure portal page, create a new IaaS v2 storage account assigned to the TestRG1 resource
group. Use the current date and your initials to create a unique name in the format
storageMMDDYYYYab format.
Note: For example, a student named Ed Meadows might use storage04252016em.
All alphabetical characters must be lowercase.
Task 3: Configure tagging
1. In the Azure portal, open the TestRG1 resource group pane.
2. Create a tag named project:Test, and then assign it to the TestRG1 resource group.
3. Assign the project:Test tag to the storageDDMMYYYYab storage account, and then pin the
project:Test tag to the dashboard.
4. On the Dashboard page, view the resources that are tagged with the project:Test tag.
Task 4: Configure RBAC
• From the Dashboard page, add the user you created earlier in this lab as a Storage Account
Contributor for the TestRG1 resource group.
Result: After completing this exercise, you will have used the Azure Resource Manager
features in the Azure portal.
Exercise 3: Using Azure PowerShell
Scenario
You have been asked to investigate the capabilities of Azure PowerShell for A. Datum
Corporation. You must connect to your Azure subscription by using Azure PowerShell and
then use Azure PowerShell to create an IaaS v2 web app, create a new resource group named
TestWebRG, and reassign the web app to the new resource group.
1. Connect Azure PowerShell to your Azure subscription
2. Manage Azure services and resource groups
3. Reset the environment
Task 1: Connect Azure PowerShell to your Azure subscription
1. On MIACL1, on the taskbar, click Start, type ISE, and then click Windows PowerShell ISE.
2. In the Windows PowerShell ISE, at the command prompt, type the following command, and then
press Enter:
Login-AzureRMAccount
3. In the signin window that appears, sign in to your Azure account.
4.
In the Windows PowerShell ISE window, at the command prompt, type the following cmdlet, and
then press Enter:
Get-AzureRmSubscription
5. In the Windows PowerShell ISE window, at the command prompt, type the following cmdlet, and
then press Enter:
Get-AzureRmResourceProvider
6. View the Azure resource providers, resource types, and the Azure regions where these resources
are available.
Task 2: Manage Azure services and resource groups
1. In the Windows PowerShell ISE window, open the D:\Labfiles\Lab01\Starter\Lab01Starter.ps1
file.
2. In the ISE, in the #Variables section, modify the $locName variable to match the Azure location
that your instructor asked you to use.
3. In the ISE, in the #Variables section, modify the $webappName variable to a unique name by using
the current date and your initials in the TestWebAppMMDDYYAB format.
4. In the ISE, under the line that starts: #Create a web app, use the NewAzureRmWebApp cmdlet
to create a new web app, using the variables in the script.
5. Type the following command, and then press Enter to view the resources in the TestRG1 resource
group:
Get-AzureRmResource | Where {$_.ResourceGroupName -eq $rgName}
6. At the PowerShell prompt, create a new resource group for the web app by using the $newrgname
and $locname variables.
7. In the Windows PowerShell ISE window, in the script pane, under the line that starts with #Move
the web app, create a variable named $resource, and assign the results of the following cmdlet to
the variable by typing the following code and pressing Enter:
Get-AzureVMResource –ResourceName $webappName –ResourceGroupName $rgName
8. In the Windows PowerShell ISE window, under the line you just created, use the Move
AzureRmResource cmdlet to move the web app in the $resource variable to the resource group
contained in the $newrgname variable. You need to use the ResourceID parameter with the value
of $resource.ResourceID for the cmdlet to run successfully.
9. Select the code you created in steps 7 and 8, and then run the selection.
10. Run the following command to view the resources in the TestWebRG resource group:
Get-AzureRmResource | Where {$_.ResourceGroupName -eq $newrgName}
Task 3: Reset the environment
1. Launch Windows PowerShell as an administrator.
2. From the Windows PowerShell prompt, run the following command:
Reset-Azure
3. When prompted (twice), sign in by using the Microsoft account associated with your Azure
subscription.
4. If you have multiple Azure subscriptions, select the one you want the script to target.
5. When prompted for confirmation, type y.
Note: This script removes Azure services in your subscription. Therefore, we recommend that
you use an Azure trial pass that was provisioned specifically for this course and not your own
Azure account.
The script resets your Azure environment so that it is ready for the next lab.
The script removes all storage accounts, virtual machines, virtual networks, cloud services, and
resource groups containing these resources.
Result: After completing this exercise, you will have used Azure PowerShell to create and
manage Azure resources.
Review Information
Review Question(s)
Module Review and Takeaways
Realworld Issues and Scenarios
• You can use the Azure module for Windows PowerShell to create simple and easytouse
provisioning scripts that enable you to create complex cloudbased solutions and
infrastructure components on demand.
Tools
The following table lists the tools that this module references:
Tool Use to Where to find it
The Azure portal Manage Azure Additional Reading: For more

information, refer to the Azure portal:
https://portal.azure.com
The Azure classic portal Manage Azure Additional Reading: For more

information, refer to Microsoft Azure:
https://manage.windowsazure.com
The Azure Enterprise portal Manage multiple Azure Additional Reading: For more

subscriptions under an information, refer to
Enterprise Agreement ea.microsoftazure.com:
http://aka.ms/V91c9h
Tool Use to Where to find it
Azure modules for PowerShell Manage Azure from PowerShell Install by using the Microsoft Web Deployment

Tool (Web Deploy) or from the PowerShell
Gallery.

Microsoft Azure Infographic 2015 2.5

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Microsoft Azure Infographic 2015 2.5

Uploaded by

Copyright:

Available Formats

6/1/2017 Module 1: Introduction to Microsoft Azure

Install-Module AzureAutomationAuthoringToolkit -Scope CurrentUser

$subName = "<the subscription name">

Functionality or Classic Azure Resource Manager

PowerShell module used Import­Module Azure Import­Module AzureRm

Create a resource group New_AzureResourceGroup New­AzureRmResourceGroup

Create a virtual machine New­AzureVM New­AzureRmVM

Create a web app New­AzureWebsite New­AzureRmWebapp

Sign­in to Azure Add­AzureAccount Login­AzureRmAccount

GUI Element Classic portal Azure portal

$locName = "East US"

New-AzureRmResourceGroup -Name $rgName -Location $locName

New-AzureRmStorageAccount -Name $saName -ResourceGroupName

Set-AzureRmStorageAccount -Name $saName -ResourceGroupName

Remove-AzureRmStorageAccount -Name $saName -ResourceGroupName

Remove-AzureRmResourceGroup -Name $rgName

Administrative role Limit Summary

Account administrator One per Azure account Authorized to access the Azure

Service administrator One per Azure subscription Authorized to access the Azure portal

Co­administrator Unlimited Authorized with the same access as

Get-AzureRmResource | Where {$_.ResourceGroupName -eq $rgName}

Get-AzureVMResource –ResourceName $webappName –ResourceGroupName $rgName

Get-AzureRmResource | Where {$_.ResourceGroupName -eq $newrgName}

Tool Use to Where to find it

The Azure portal Manage Azure Additional Reading: For more

The Azure classic portal Manage Azure Additional Reading: For more

The Azure Enterprise portal Manage multiple Azure Additional Reading: For more

Tool Use to Where to find it

Azure modules for PowerShell Manage Azure from PowerShell Install by using the Microsoft Web Deployment

You might also like

PowerShell module used ImportModule Azure ImportModule AzureRm

Create a resource group New_AzureResourceGroup NewAzureRmResourceGroup

Create a virtual machine NewAzureVM NewAzureRmVM

Create a web app NewAzureWebsite NewAzureRmWebapp

Signin to Azure AddAzureAccount LoginAzureRmAccount

Coadministrator Unlimited Authorized with the same access as