Cloud Computing Students Handbook - v1.3 - 115444

2021
Cloud Computing
LEARNING CLOUD, THE AZURE WAY
Disclaimer: the content is curated for educational purposes only.

© Edunet Foundation. All rights reserved.
This course booklet has been designed by Edunet
Foundation for the Tech-Saksham programme in partnership
with Microsoft and SAP
© Edunet Foundation. All rights reserved.1

Table of Contents
This course booklet has been designed by Edunet Foundation for the Tech-Saksham
programme in partnership with Microsoft and SAP ...................................................... 1
Table of Contents ........................................................................................................ 2
Learning Outcomes ..................................................................................................... 5
Chapter 1: Introduction to Cloud Computing, the Azure Way!.................................. 6
1.1 Introduction to Cloud Computing ........................................................................... 6
1.2 Getting Started With Cloud Platform .................................................................... 15
1.3 Cloud Fundamentals ............................................................................................ 21
1.4 Exploring Service Categories .............................................................................. 36
1.5 Linux Fundamentals ............................................................................................ 45
1.6 Basic Linux Commands ....................................................................................... 60
1.7 Creating Your First Windows VM in Azure cloud ................................................. 74
1.8 Creating Your First Linux VM in Azure cloud ....................................................... 78
1.9 Cloud Deployment & Service Delivery Models..................................................... 82
1.10 Identifying Types of Service Model Offerings..................................................... 94
1.11 Azure Cloud Global Infrastructure.................................................................... 101
1.12 Creating Multi AZ deployment of VMs ............................................................. 104
Chapter 2: Learning Through Cloud Core Services ............................................... 112
2.1 Microsoft Azure Core Services- Compute. ......................................................... 112
2.2 Create Compute Service Linux Instance with Development Environment ......... 115
2.3 Azure Storage Services ..................................................................................... 122
2.4 Creating Storage Service Instances for Archival & Backup ............................... 129
2.5 Basics of Networking & Network Protocols ........................................................ 160
2.6 Creating Custom VPC in Azure ......................................................................... 172
2.7 Networking Services & Security ......................................................................... 180
2.8 Enabling & Maintaining Custom Firewall ........................................................... 197
2.9 Create and Manage a VPN Gateway ................................................................. 205
2.10 Subnetting and Subnet Mask ........................................................................... 219
2.11 Adding Subnets to Custom VPC and Deploy VMs........................................... 223
2.12 Fundamentals of Databases ............................................................................ 230
2.13 Relational Database Operations Using SQL .................................................... 234
2.14 Creating MySQL Database & Perform CRUD Operations ............................... 242

2.15 Exploring Database Services in Azure ............................................................. 252
2.16 Creating Database Services in Azure .............................................................. 258
2.17 SQL DDL & DML Queries ................................................................................ 281
2.18 Connect Cloud Relational Database via Local Terminal .................................. 291
2.19 Caching Databases in Cloud ........................................................................... 304
2.20 Adding Mem-Cache to DB Instance................................................................. 306
2.21 Security Threats and Types ............................................................................. 313
2.22 Security Protocols ............................................................................................ 316
2.23 Security Devices .............................................................................................. 317
2.24 Understanding Cloud Security ......................................................................... 319
2.25 Cloud Security Considerations......................................................................... 319
2.26 Explore and Create Security Services ............................................................. 321
2.27 Security Services- IAM .................................................................................... 323
2.28 Creating User Accounts & Managing Privileges .............................................. 326
2.29 Microsoft Azure Cognitive Services ................................................................. 330
2.30 Creating Chabot Service .................................................................................. 333
2.31 AI Face Service ............................................................................................... 344
2.32 Creating AI Face Instance ............................................................................... 346
2.33 AI Ink Service................................................................................................... 355
2.34 Using AI Recogniser to Identifying Face & Emotions ....................................... 358
2.35 AI NLP Services............................................................................................... 363
2.36 Creating NLP instance and performing basic NLP activity ............................... 367
2.37 Azure Analytics Services ................................................................................. 374
2.38 Creating Azure Analytics Services ................................................................... 377
Chapter 3: Diving Deep- Cloud Web Application Development ............................ 385
3.1 Basics of Web Technologies.............................................................................. 385
3.2 Using HTML & CSS ........................................................................................... 388
3.3 JavaScript for Dynamic Web Pages .................................................................. 406
3.4 Creating a Dynamic Web Page with HTML, CSS & JS ...................................... 414
3.5 JavaScript Dialogue Boxes ................................................................................ 420
3.6 Functions in JavaScript ...................................................................................... 422
3.7 JavaScript Validations ....................................................................................... 424
3.8 Server Side Scripting ......................................................................................... 427
3.9 Custom Services IaaS ....................................................................................... 433

3.10 Fully Managed Services PaaS & SaaS ............................................................ 435
3.11 Azure App Service ........................................................................................... 437
3.12 Creating App Service Starter Application ......................................................... 438
3.13 Serverless Compute- Azure Function .............................................................. 442
3.14 Azure Functions for APIs ................................................................................. 446
Chapter 4: Cloud Modern Application Development.............................................. 450
4.1 Concept of NoSQL Databases........................................................................... 450
4.2 Performing CRUD operations with CosmosDB .................................................. 457
4.3 Understanding DevOps with CI/CD Pipelines .................................................... 462
4.4 Microservices and Container Applications ......................................................... 466
4.5 Creating Container in Azure to Deploy Docker Images ..................................... 471
4.6 The 5 Pillars of the Well-Architected Framework ............................................... 475
4.7 Create Highly Available Multi-Region Deployment ............................................ 479
4.8 Azure Monitoring & Messaging Services ........................................................... 483
4.9 Create Monitored Resources in Cloud ............................................................... 488
References .............................................................................................................. 493

Learning Outcomes
After completing the course, learner should be able to

 Understand Cloud Computing environment and its usage in various application
areas
 Create virtual machine server to act as compute resource for multiple purposes
 Demonstrate the ways any web application can be deployed over cloud virtual
machine server
 Manage and configure cloud database instances and connect them with web
applications
 Configure and manage cloud native networking services and security protocol
management
 Able to design secure, highly available and scalable resources in cloud for
application development & deployment
 Create and use cloud based artificial intelligence services for implementing
cognitive ability into applications

Chapter 1: Introduction to Cloud
Computing, the Azure Way!
Learning Outcomes:
 Understand fundamentals of Cloud Computing
 Understand Cloud service delivery and deployment models
 Create virtual machines in Azure public cloud environment
 Understand global infrastructure of public cloud services
 Deploy virtual machines in multiple regions or data centres
 Use Linux operating system commands and functionalities
1.1 Introduction to Cloud Computing

1.1.1 Introduction to Cloud
Everyone has an opinion on what is cloud computing. It can be the ability to rent a server
or a thousand servers and run a geophysical modelling application on the most powerful
systems available anywhere. It can be the ability to rent a virtual server, load software on
it, turn it on and off at will, or clone it ten times to meet a sudden workload demand. It can
be storing and securing immense amounts of data that is accessible only by authorized
applications and users.
It can be supported by a cloud provider that sets up a platform that includes the OS,
Apache, a MySQL™ database, Perl, Python, and PHP with the ability to scale
automatically in response to changing workloads.
Cloud computing can be the ability to use applications on the Internet that store and
protect data while providing a service — anything including email, sales force automation
and tax preparation. It can be using a storage cloud to hold application, business, and
personal data. And it can be the ability to use a handful of Web services to integrate
photos, maps, and GPS information to create a mashup in customer Web browsers.
1.1.2 Definition
Cloud computing is the delivery of computing services—including servers, storage,
databases, networking, software, analytics, and intelligence—over the Internet (“the
cloud”) to offer faster innovation, flexible resources, and economies of scale. You typically
pay only for cloud services you use, helping lower your operating costs, run your
infrastructure more efficiently and scale as your business needs change.
In brief cloud is essentially a bunch of commodity computers networked together in same
or different geographical locations, operating together to serve a number of customers
with different need and workload on demand basis with the help of virtualization. Cloud

services are provided to the cloud users as utility services like water, electricity, telephone
using pay-as-you-use business model.
These utility services are generally described as XaaS (X as a Service) where X can be
Software or Platform or Infrastructure etc. Cloud users use these services provided by
the cloud providers and build their applications in the internet and thus deliver them to
their end users. So, the cloud users don’t have to worry about installing, maintaining
hardware and software needed. And they also can afford these services as they have to
pay as much they use. So, the cloud users can reduce their expenditure and effort in the
field of IT using cloud services instead of establishing IT infrastructure themselves.
Cloud is essentially provided by large distributed data centers. These data centers are
often organized as grid and the cloud is built on top of the grid services. Cloud users are
provided with virtual images of the physical machines in the data centers. This
virtualization is one of the key concept of cloud computing as it essentially builds the
abstraction over the physical system. Many cloud applications are gaining popularity day
by day for their availability, reliability, scalability and utility model. These applications
made distributed computing easy as the critical aspects are handled by the cloud provider
itself.
Cloud computing is growing now-a-days in the interest of technical and business

organizations but this can also be beneficial for solving social issues. In the recent time
E-Governance is being implemented in developing countries to improve efficiency and
effectiveness of governance. This approach can be improved much by using cloud
computing instead of traditional ICT. In India, economy is agriculture based and most of
the citizens live in rural areas. The standard of living, agricultural productivity etc can be
enhanced by utilizing cloud computing in a proper way. Both of these applications of cloud
computing have technological as well as social challenges to overcome.
Why is cloud computing a buzzword today? i.e. what are the benefits the provider and
the users get using cloud? Though its idea has come long back in 1990 but what situation
made it indispensable today? How is cloud built? What differentiates it from similar terms
like grid computing and utility computing? What are the different services are provided by
the cloud providers? Though cloud computing now-a-days talks about business
enterprises not the non-profit organizations; how can this new paradigm be used in the
services like e-governance and in social development issues of rural India?
1.1.3 Cloud Computing Basics

Cloud computing is a paradigm of distributed computing to provide the customers on-
demand, utility-based computing services. Cloud users can provide more reliable,
available and updated services to their clients in turn. Cloud itself consists of physical
machines in the data centers of cloud providers.
Virtualization is provided on top of these physical machines. These virtual machines are
provided to the cloud users. Different cloud provider provides cloud services of different

abstraction level. E.g. Amazon EC2 enables the users to handle very low level details
where Google App-Engine provides a development platform for the developers to develop
their applications.
So,the cloud services are divided into many types like Software as a Service, Platform as
a Service or Infrastructure as a Service. These services are available over the Internet in
the whole world where the cloud acts as the single point of access for serving all
customers. Cloud computing architecture addresses difficulties of large-scale data
processing.
1.1.4 Types of Cloud

Cloud can be of three types
1. Private Cloud – This type of cloud is maintained within an organization and used solely
for their internal purpose. So, the utility model is not a big term in this scenario. Many
companies are moving towards this setting and experts consider this is the 1st step for
an organization to move into cloud. Security, network bandwidth are not critical issues for
private cloud.
2. Public Cloud – In this type an organization rents cloud services from cloud provider’s on-
demand basis. Services provided to the users using utility computing model. 3.
3. Hybrid Cloud – This type of cloud is composed of multiple internal or external cloud. This
is the scenario when an organization moves to public cloud computing domain from its
internal private cloud.
1.1.5 Types of Cloud Computing Services

Cloud Computing Services provided by the cloud provider can be classified by the type
of the services. These services are typically represented as XaaS where we can replace
X by Infrastructure or Platform or Hardware or Software or Desktop or Data etc. There
are three main types of services most widely accepted - Software as a Service, Platform
as a Service and Infrastructure as a Service. These services provide different levels of
abstraction and flexibility to the cloud users. This is shown in the Figure

Image: Cloud Service Stack
Reference: https://upload.wikimedia.org/wikipedia/commons/3/3c/Cloud_computing_layers.png
We’ll now discuss some salient features of some of these models –
1. SaaS (Software as a service) – Delivers a single application through the web browser
to thousands of customers using a multitenant architecture. On the customer side, it
means no upfront investment in servers or software licensing; on the provider side,
with just one application to maintain, cost is low compared to conventional hosting.
Under SaaS, the software publisher (seller) runs and maintains all necessary
hardware and software. The customer of SaaS accesses the applications through
Internet.
For example Salesforce.com with yearly revenues of over $300M, offers on-demand
Customer Relationship Management software solutions. This application runs on
Salesforce.com’s own infrastructure and delivered directly to the users over the
Internet.
Salesforce does not sell perpetual licenses but it charges a monthly subscription fee
starting at $65/user/month. Google docs is also a very nice example of SaaS where
the users can create, edit, delete and share their documents, spreadsheets or
presentations whereas Google have the responsibility to maintain the software and
hardware. E.g. - Google Apps, Zoho Office
2. PaaS (Platform as a service) – Delivers development environment as a service. One

can build his/her own applications that run on the provider’s infrastructure that support
transactions, uniform authentication, robust scalability and availability. The applications
built using PaaS are offered as SaaS and consumed directly from the end users’ web

browsers. This gives the ability to integrate or consume third-party web-services from
other service platforms. E.g. – Azure Function
3. IaaS (Infrastructure as a Service) – IaaS service provides the users of the cloud
greater flexibility to lower level than other services. It gives even CPU clocks with OS level
control to the developers. E.g. – Azure VM and Azure Blob store.
Cloud Services
Image: Cloud Service Delivery Models Comparison

Reference: https://media-exp1.licdn.com/dms/image/C4E12AQGLyziDZJD5Tw
1.1.6 Advantages of Using Cloud

The advantages for using cloud services can be of technical, architectural, business etc.
1. Cloud Provider’s Point of View
(a) Most of the data centers today are under-utilized. They are mostly 15% utilized.
These data centers need spare capacity just to cope with the huge spikes that sometimes
get in the server usage. Large companies having those data centres can easily rent those
computing power to other organizations and get profit out of it and also make the
resources needed for running data centre (like power) utilized properly.
(b) Companies having large data centers have already deployed the resources and
to provide cloud services they would need very little investment and the cost would
be incremental

2. Cloud Users’ Point of View
(a) Cloud users need not to take care about the hardware and software they use
and also, they don’t have to be worried about maintenance. The users are no longer tied
to someone traditional system.
(b) Virtualization technology gives the illusion to the users that they are having all
the resources available.
(c) Cloud users can use the resources on demand basis and pay as much as they
use. So, the users can plan well for reducing their usage to minimize their expenditure.
(d) Scalability is one of the major advantages to cloud users. Scalability is provided
dynamically to the users. Users get as much resources as they need. Thus, this model
perfectly fits in the management of rare spikes in the demand
1.1.7 Cloud Architecture

The cloud providers actually have the physical data centers to provide virtualized services
to their users through Internet. The cloud providers often provide separation between
application and data. This scenario is shown in the image below. The underlying physical
machines are generally organized in grids and they are usually geographically distributed.
Virtualization plays an important role in the cloud scenario. The data center hosts provide
the physical hardware on which virtual machines resides. User potentially can use any
OS supported by the virtual machines used.
Image: Basics Cloud Computing Architecture

Reference: https://www.redhat.com/cms/managed-files/styles/wysiwyg_full_width/s3/Screen%20Shot%202019-06-
24%20at%202.27.06%20PM.png?itok=7yByods-

Operating systems are designed for specific hardware and software. It results in the lack
of portability of operating system and software from one machine to another machine
which uses different instruction set architecture. The concept of virtual machine solves
this problem by acting as an interface between the hardware and the operating system
called as system VMs.
Another category of virtual machine is called process virtual machine which acts as an
abstract layer between the operating system and applications. Virtualization can be very
roughly said to be as software translating the hardware instructions generated by
conventional software to the understandable format for the physical hardware.
Virtualization also includes the mapping of virtual resources like registers and memory to
real hardware resources. The underlying platform in virtualization is generally referred to
as host and the software that runs in the VM environment is called as the guest. The
Figure shows very basics of virtualization.
Here the virtualization layer covers the physical hardware. Operating System accesses
physical hardware through virtualization layer. Applications can issue instruction by using
OS interface as well as directly using virtualizing layer interface. This design enables the
users to use applications not compatible with the operating system.
Virtualization enables the migration of the virtual image from one physical machine to
another and this feature is useful for cloud as by data locality lots of optimization is
possible and also this feature is helpful for taking back up in different locations. This
feature also enables the provider to shut down some of the data center physical machines
to reduce power consumption.
Image: Virtualization Basics
1.1.8 Cloud Computing Application

Today most of the studies in cloud computing is related to commercial benefits. But this
idea can also be successfully applied to non-profit organizations and to the social benefit.
In the developing countries like India Cloud computing can bring about a revolution in the
field of low-cost computing with greater efficiency, availability and reliability.

Recently in these countries e-governance has started to flourish. Experts envisioned that
utility-based computing has a great future in e-governance. Cloud computing can also be
applied to the development of rural life in India by building information hubs to help the
concerned people with greater access to required information and enable them to share
their experiences to build new knowledge bases. The major areas of application for cloud
computing can be:
• Application Hosting
• Backup and Storage
• Content Delivery
• Websites
• Enterprise IT
• Databases
1.1.9 Market Trends of Cloud Computing.

Cloud computing is a newly developing paradigm of distributed computing. Virtualization
in combination with utility computing model can make a difference in the IT industry and
as well as in social perspective. Though cloud computing is still in its infancy but its clearly
gaining momentum. Organizations like Google, Yahoo, and Amazon are already
providing cloud services.
The products like Microsoft Azure, Google App-Engine and Amazon EC2 are capturing
the market with their ease of use, availability aspects and utility computing model. Users
don’t have to be worried about the hinges of distributed programming as they are taken
care of by the cloud providers. They can devote more on their own domain work rather
than these administrative works.
Business organizations are also showing increasing interest to indulge themselves into
using cloud services. There are many open research issues in this domain like security
aspect in the cloud, virtual machine migration, dealing with large data for analysis
purposes etc. In developing counties like India cloud computing can be applied in the e-
governance and rural development with great success. Although as we have seen there
are some crucial issues to be solved to successfully deploy cloud computing for these
social purposes.
The cloud services market size was valued at $264.80 billion in 2019, and is projected to
reach $927.51 billion by 2027, growing at a CAGR of 16.4% from 2020 to 2027. Cloud
computing refers to the model or network where a program or applications run, which can
be accessed by many devices or servers at a time.
Cloud computing technology is a shift in the tradition of computing, which has given
newer and faster methods to provide computing solutions, infrastructure solutions, and

application layers. The cloud services market report focuses on the emerging cloud
computing technology and its application.
It also gives a comparative analysis of the cloud computing technology with the
conventional technology and describes how the cloud computing technology scores an
upper hand than the conventional technology. The cloud computing technology
comprises of both hardware as well as the software through which the services are
delivered. This report contains only the services category and excludes the hardware.
Hence, the report also focuses on the cloud services market opportunities. There lies a
great potential in the cloud computing services market due to several benefits such as
access to broader network, on demand service, pay as you go benefits, resource pooling,
business agility, rapid elasticity, cost cutting, and others. The global adoption of cloud
computing services in various sectors such as medical & healthcare, banking financial
services & insurance, and educational sector with the help of various deployment models
determines the scope of further increase in the global cloud computing services market.

1.2 Getting Started With Cloud Platform
Activity Details: This activity is to enable learners create their first Microsoft Azure
Cloud account on the Azure portal and login to the dashboard environment on Azure to
check and confirm login and get familiar with the Azure cloud dashboard elements. You
need an email id to create the new account. Azure provides free credits to new accounts
under various schemes like, free trial accounts, students accounts, etc. Apart from free
credits, Azure also provides several free services quota for each account.
Create a Microsoft Azure Account and Login

Link: - Click here to create your Azure free account today (Using Azure Portal)
Follow the instruction given below to create an Azure Free Account and login into Azure
Portal.
Click on Start Free

Click on Create one! And then Next
Create Account using Mail or Phone Number

Note: - Verify the email or phone by entering the code which was received on your mail
or phone.
Then Click on Sign In

Click on Go to Portal
Click on three vertical line on left side as shown in red block

Click on Dashboard
Azure Dashboard

Click on All Services
Microsoft Azure Services

You can also search services according to categories of your choice.

1.3 Cloud Fundamentals
1.3.1 Cloud Terminology
• High Availability- Accessible whenever you need it
• Fault Tolerance- Ability to withstand certain amount of failure and still remain
functional
• Scalability- Ability to easily grow in size, capacity and/ or scope when required.
Growth is usually based on demand.
• Elasticity- Ability to grow or scale when required and reduce in size when
resources are no longer needed.
 Cloud bursting- A configuration which is set up between a private cloud and a

public cloud. If 100 percent of the resource capacity in a private cloud is used, then
overflow traffic is directed to the public cloud using cloud bursting
 DevOps-The union of people, process and technology to enable continuous
delivery of value to customers. The practice of DevOps brings development and
operations teams together to speed software delivery and make products more
secure and reliable
 Middleware- Software that lies between an operating system and the applications
running on it. It enables communication and data management for distributed
applications, like cloud-based applications, so, for example, the data in one
database can be accessed through another database. Examples of middleware
are web servers, application servers and content management systems
 Serverless Computing- A computing model in which the cloud provider provisions
and manages servers. It enables developers to spend more time building apps and
less time managing infrastructure.
 Virtual Machine- A computer file (typically called an image) that behaves like an
actual computer. Multiple virtual machines can run simultaneously on the same
physical computer.
 Computer grids-Groups of networked computers that act together to perform large
tasks, such as analyzing huge sets of data and weather modelling. Cloud
computing lets you assemble and use vast computer grids for specific time periods
and purposes, paying only for your usage and saving the time and expense of
purchasing and deploying the necessary resources yourself.
 Virtualization: - The act of creating a virtual rather than a physical version of a
computing environment, including computer hardware, operating system, storage
devices and so forth.

1.3.2 Essential Characteristics of Cloud Computing
There are basically 5 essential characteristics of Cloud Computing.
1. On-demand self-services: The Cloud computing services does not require
any human administrators, user themselves are able to provision, monitor and
manage computing resources as needed.
2. Broad network access:The Computing services are generally provided over
standard networks and heterogeneous devices.
3. Rapid elasticity:The Computing services should have IT resources that are
able to scale out and in quickly and on as needed basis. Whenever the user
require services it is provided to him and it is scale out as soon as its
requirement gets over.
4. Resource pooling: The IT resource (e.g., networks, servers, storage,
applications, and services) present are shared across multiple applications and
occupant in an uncommitted manner. Multiple clients are provided service from
a same physical resource.
5. Measured service: The resource utilization is tracked for each application and
occupant, it will provide both the user and the resource provider with an account
of what has been used. This is done for various reasons like monitoring billing
and effective use of resource.
1.3.3 On-premises vs Cloud
Image: Cloud vs On-premise

Reference: https://encrypted-
tbn0.gstatic.com/images?q=tbn:ANd9GcRWUvBkbN6R_V7theCeoWuijOaJhOEoW61_6g&usqp=CAU
1.3.4 On-premise vs Cloud.

There are companies that still opt for on premise solutions as opposed to the cloud. Both
approaches bring something unique to the table but only after proper consideration can
you determine which type of solution would be a perfect fit for your organisation. Below

are some of the key things that you need to consider when choosing between an on
premise and cloud solution:
1. On Premise Vs Cloud Difference #1: Deployment

 On premise: With on premise software, the company remains responsible
for maintaining the solution and related processes. The deployment is done
in house using the company’s infrastructure.
 Cloud: In a hosted cloud, the service provider maintenance the systems on
their server, accessible by the enterprise at any given time with related
processes taken care of by the host-cloud service provider.
2. On Premise Vs Cloud Difference #2: Control
 On premise: In an on-premises environment, enterprises enjoy complete
control over their systems and maintain 100 percent privacy. These are two
reasons why most big organisations choose to stay away from the cloud.
 Cloud: In a cloud computing environment, even though the data and
encryption keys are shared with the third-party provider, there is shared
ownership and accessibility remains an issue if there is to be any downtime.
3. On Premise Vs Cloud Difference #3: Security
 On premise: Security is an essential requirement of any organisation when
it comes to financial account, customer and employee details. Even though
traditional on premise seems more secure as it is in-house, there are
multiple measures that need to be taken to fully maintain the security of the
data.
 Cloud: With Cloud ERP systems there are very less chances of any
hardware, software of infrastructure malfunction that can hinder the entire
operation and result in hefty losses. The ERP vendor is more likely to have
multiple disaster and redundancy protocols for data security. For both
platforms, reliable network connectivity plays a very important role when it
comes to remote areas.
4. On Premise Vs Cloud Difference #4: Compliance
 On premise: There are regulatory controls that most companies need to
abide by. To meet these government and industry regulations, it is
imperative that companies remain complaint and have their data in place.
This can easily be if all the data is maintained in-house.
 Cloud: When opting for a cloud computing model, companies need to
ensure that the service provider is meeting the regulatory mandates within
their specific industry. It is important that the data of customers, employees
and partners is secure, whereby ensuring privacy.
5. On Premise Vs Cloud Difference #5: Cloud vs on premise cost comparison
 On Premise Cost: A system from the ground up requires a lot of effort and
comes at a hefty cost. Not just the initial investment, along with the purchase

of additional infrastructure and processes but also, the maintenance and
operating costs that the company will have to incur on an ongoing basis.
 Cloud Computing Cost: Comparatively, a cloud service is a lot more cost-
effective, especially those that are small in size. The setting up and run time
is cheaper and faster. Companies have to pay a nominal subscription fee,
whereby the updates and maintenance by the cloud host.
Is cloud computing cheaper than on premise?
Cloud computing is cheaper when it comes to setting-up, running, maintenance
and overall support costs. On premise, even though costs more initially but when
the investment is spread across the entire lifecycle of the system, it may just
amount to the same as Cloud computing. However, it depends on the services
and space required and the plans vendor has to offer. There is cut-and-dried
answer to this as the cost effectiveness ultimately depends on the needs of
individual organisations.
6. On Premise Vs Cloud Difference #6: Mobility

 On premise: On premise ERP systems can be accessed remotely but often
requires third-party support to access the solution and a mobile device. This
increases the risk of security and communication failures. Requiring several
security measures need to be in place if employees to access files on
personal devices.
 Cloud: With cloud systems, you need to have internet connection to access
your data using a mobile device. Mobility and flexibility thereof is one of
the strongest features of this solution. This enables your employees to work
from anywhere at any time, resulting in higher rates of engagement.
7. On premise Vs Cloud #7: Software
The fundamental difference between a cloud and on-premise software is where it
is installed, locally on the servers of the company or hosted on the vendors server.
Software ownership, privacy, cost updates and additional services are also things
that differ. When compared to cloud software, on premise is more flexibility,
reliability and security. Hosted cloud software on the other hand removes the
pressure of maintaining and updating systems, allowing you focus your time, effort
and money into fulfilling your core business strategies. Even though you have real
time access to systems via the internet, a cloud software requires reliable internet.
With higher adoption rates, the more popular of the two today is the cloud.
Cloud Advantages
 Scalability
Get the specific amount of power you need, when you need it, enabling you
to increase and decrease levels to suit your businesses demands.
 Cost savings

Thanks to the utility pricing model of the cloud, you only pay for what you
use. Avoid upfront hardware costs, as well as the costs of maintenance,
software upgrades, power, and the manpower to manage it all.
 Disaster Recovery
A full back-up solution of not just your data but your entire server operating
system and applications.
 Accessibility
Host all your data and systems via a secure leased line connection which
provides a high-speed private link between you and your provider.
 Resilience
Protecting your business against any potential IT failures that could cause
down-time or disruption, fully backed-up to provide a complete disaster
recovery solution.
 Business Focus
When you rely on the cloud, you can apply your time and money towards
your business priorities, rather than worrying about your IT infrastructure.
1.3.5 Introduction to VMs

An introduction to Virtual Machines (VMs), technology for building virtualized computing
environments and the foundation of the first generation of cloud computing.
What is a virtual machine (VM)?

A virtual machine is a virtual representation, or emulation, of a physical computer. They
are often referred to as a guest while the physical machine they run on is referred to as
the host.
Virtualization makes it possible to create multiple virtual machines, each with their own
operating system (OS) and applications, on a single physical machine. A VM cannot
interact directly with a physical computer. Instead, it needs a lightweight software layer
called a hypervisor to coordinate between it and the underlying physical hardware. The
hypervisor allocates physical computing resources—such as processors, memory, and
storage—to each VM. It keeps each VM separate from others so they don’t interfere with
each other.

Image: VM over host OS
Reference: https://www.ionos.com/digitalguide/fileadmin/DigitalGuide/Screenshots_2018/EN-virtual-machine.png
1.3.6 How virtualization works
When a hypervisor is used on a physical computer or server, (also known as bare metal
server), it allows the physical computer to separate its operating system and applications
from its hardware. Then, it can divide itself into several independent “virtual machines.”
Each of these new virtual machines can then run their own operating systems and
applications independently while still sharing the original resources from the bare metal
server, which the hypervisor manages. Those resources include memory, RAM, storage,
etc. The hypervisor acts like a traffic cop of sorts, directing and allocating the bare metal’s
resources to each of the various new virtual machines, ensuring they don’t disrupt each
other.
There are two primary types of hypervisors.
Type 1 hypervisors run directly on the physical hardware (usually a server), taking the
place of the OS. Typically, you use a separate software product to create and manipulate
VMs on the hypervisor. Some management tools, like VMware’s vSphere, let you select
a guest OS to install in the VM.
You can use one VM as a template for others, duplicating it to create new ones.
Depending on your needs, you might create multiple VM templates for different purposes,
such as software testing, production databases, and development environments.
Type 2 hypervisors run as an application within a host OS and usually target single-user
desktop or notebook platforms. With a Type 2 hypervisor, you manually create a VM and
then install a guest OS in it. You can use the hypervisor to allocate physical resources to
your VM, manually setting the amount of processor cores and memory it can use.

Depending on the hypervisor’s capabilities, you can also set options like 3D acceleration
for graphics.
1.3.7 Advantages and benefits of VMs
VMs offer several benefits over traditional physical hardware:
 Resource utilization and improved ROI: Because multiple VMs run on a single
physical computer, customers don’t have to buy a new server every time they want
to run another OS, and they can get more return from each piece of hardware they
already own.
 Scale: With cloud computing, it’s easy to deploy multiple copies of the same virtual
machine to better serve increases in load.
 Portability: VMs can be relocated as needed among the physical computers in a
network. This makes it possible to allocate workloads to servers that have spare
computing power. VMs can even move between on-premises and cloud
environments, making them useful for hybrid cloud scenarios in which you share
computing resources between your data center and a cloud service provider.
 Flexibility: Creating a VM is faster and easier than installing an OS on a physical
server because you can clone a VM with the OS already installed. Developers and
software testers can create new environments on demand to handle new tasks as
they arise.
 Security: VMs improve security in several ways when compared to operating
systems running directly on hardware. A VM is a file that can be scanned for
malicious software by an external program. You can create an entire snapshot of
the VM at any point in time and then restore it to that state if it becomes infected
with malware, effectively taking the VM back in time. The fast, easy creation of
VMs also makes it possible to completely delete a compromised VM and then
recreate it quickly, hastening recovery from malware infections.
1.3.8 Use cases for VMs
VMs have several uses, both for enterprise IT administrators and users. Here are a few
options:
 Cloud computing: For the last 10+ years, VMs have been the fundamental unit
of compute in cloud, enabling dozens of different types of applications and
workloads to run and scale successfully.
 Support DevOps: VMs are a great way to support enterprise developers, who can
configure VM templates with the settings for their software development and
testing processes. They can create VMs for specific tasks such as static software
tests, including these steps in an automated development workflow. This all helps
streamline the DevOps toolchain.

 Test a new operating system: A VM lets you test-drive a new operating system
on your desktop without affecting your primary OS.
 Investigate malware: VMs are useful for malware researchers that frequently
need fresh machines on which to test malicious programs.
 Run incompatible software: Some users may prefer one OS while still needing
a program that is only available in another. One good example is the Dragon range
of voice dictation software. Its vendor, Nuance, has discontinued the macOS
version of its product. However, running a desktop-focused hypervisor—such as
VMware Fusion or Parallels—enables you to run Windows in a VM, giving you
access to that version of the software.
 Browse securely: Using a virtual machine for browsing enables you to visit sites
without worrying about infection. You can take a snapshot of your machine and
then roll back to it after each browsing session. This is something that a user could
set up themselves, using a Type 2 desktop hypervisor. Alternatively, an admin
could provide a temporary virtual desktop located on the server
1.3.9 Remote Access RDP & SSH

Remote Access Using RDP
Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft which
provides a user with a graphical interface to connect to another computer over a network
connection. The user employs RDP client software for this purpose, while the other
computer must run RDP server software.
How to use Remote Desktop
Use Remote Desktop on your Windows, Android, or iOS device to
connect to a Windows 10 PC from afar.
1. Set up the PC you want to connect to so it allows remote connections:

 Make sure you have Windows 10 Pro. To check, go
to Start > Settings > System > About and look for Edition. For info on
how to get it, go to Upgrade Windows 10 Home to Windows 10 Pro.
 When you're ready, select Start > Settings > System > Remote
Desktop, and turn on Enable Remote Desktop.

 Make note of the name of this PC under How to connect to this PC. You'll
need this later.

2. Use Remote Desktop to connect to the PC you set up
 On your local Windows 10 PC: In the search box on the taskbar,
type Remote Desktop Connection, and then select Remote Desktop
Connection. In Remote Desktop Connection, type the name of the PC you
want to connect to (from Step 1), and then select Connect.

 On your Windows, Android, or iOS device: Open the Remote Desktop
app (available for free from Microsoft Store, Google Play, and the Mac App
Store), and add the name of the PC that you want to connect to (from Step
1). Select the remote PC name that you added, and then wait for the
connection to complete.
1.3.10 Remote Access Using SSH

The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating
network services securely over an unsecured network. Typical applications include
remote command-line, login, and remote command execution, but any network
service can be secured with SSH.
SSH provides a secure channel over an unsecured network by using a client–
server architecture, connecting an SSH client application with an SSH server.
Secure Shell, sometimes referred to as Secure Socket Shell, is a protocol which allows
you to connect securely to a remote computer or a server by using a text-based interface.
What is SSH?
Secure Shell, sometimes referred to as Secure Socket Shell, is a protocol which allows
you to connect securely to a remote computer or a server by using a text-based interface.

When a secure SSH connection is established, a shell session will be started, and you
will be able to manipulate the server by typing commands within the client on your local
computer.
System and network administrators use this protocol the most, as well as anyone who
needs to manage a computer remotely in a highly secure manner.
How Does SSH Work?
In order to establish an SSH connection, you need two components: a client and the
corresponding server-side component. An SSH client is an application you install on the
computer which you will use to connect to another computer or a server. The client uses
the provided remote host information to initiate the connection and if the credentials are
verified, establishes the encrypted connection.
On the server’s side, there is a component called an SSH daemon that is constantly
listening to a specific TCP/IP port for possible client connection requests. Once a client
initiates a connection, the SSH daemon will respond with the software and the protocol
versions it supports and the two will exchange their identification data. If the provided
credentials are correct, SSH creates a new session for the appropriate environment.
The default SSH protocol version for SSH server and SSH client communication is
version 2.
How to Enable an SSH Connection
Since creating an SSH connection requires both a client and a server component, you
need to make sure they are installed on the local and the remote machine, respectively.
An open source SSH tool—widely used for Linux distributions— is OpenSSH. Installing
OpenSSH is relatively easy. It requires access to the terminal on the server and the
computer that you use for connecting. Note that Ubuntu does not have SSH server
installed by default.
How to Install an OpenSSH Client
Before you proceed with installing an SSH client, make sure it is not already installed.
Many Linux distributions already have an SSH client. For Windows machines, you can
install PuTTY or any other client of your choice to gain access to a server.
To check if the client is available on your Linux-based system, you will need to:
1. Load an SSH terminal. You can either search for “terminal” or
press CTRL + ALT + T on your keyboard.
2. Type in ssh and press Enter in the terminal.
3. If the client is installed, you will receive a response that looks like this:
username@host:~$ ssh

usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option
] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote
_tun]]
[user@]hostname [command]
username@host:~$
This means that you are ready to remotely connect to a physical or virtual machine.
Otherwise, you will have to install the OpenSSH client:
1. Run the following command to install the OpenSSH client on your
computer: sudo apt-get install openssh-client
2. Type in your superuser password when asked.
3. Hit Enter to complete the installation.
You are now able to SSH into any machine with the server-side application on it, provided
that you have the necessary privileges to gain access, as well as the hostname or IP
address.
How to Install an OpenSSH Server
In order to accept SSH connections, a machine needs to have the server-side part of the
SSH software toolkit.
If you first want to check if OpenSSH server is available on the Ubuntu system of the
remote computer that needs to accept SSH connections, you can try to connect to the
local host:
1. Open the terminal on the server machine. You can either search for “terminal”
or press CTRL + ALT + T on your keyboard.
2. Type in ssh localhost and hit enter.
3. For the systems without the SSH server installed the response will look similar
to this:
username@host:~$ ssh localhost

ssh: connect to host localhost port 22: Connection refused username@host:~$

If the above is the case, you will need to install the OpenSSH server. Leave the terminal
open and:
1. Run the following command to install the SSH server:
sudo apt-get install openssh-server ii.
2. Type in your superuser password when asked.

3. Enter and Y to allow the installation to continue after the disk space prompt.
The required support files will be installed, and then you can check if the SSH server is
running on the machine by typing this command:
sudo service ssh status
The response in the terminal should look similar to this if the SSH service is now running
properly:
username@host:-$ sudo service ssh status
• ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enab
Active: active (running) since Fr 2018-03-12 10:53:44 CET; 1min 22s ago Process: 1174
ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCES
Main PID: 3165 (sshd)
Another way to test if the OpenSSH server is installed properly and will accept
connections is to try running the ssh localhost command again in your terminal prompt.
The response will look similar to this screen when you run the command for the first time:
username@host:~$ ssh localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established. ECDSA key fingerpri
nt is SHA256:9jqmhko9Yo1EQAS1QeNy9xKceHFG5F8W6kp7EX9U3Rs. Are you sure y
ou want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.

username@host:~$
Enter yes or y to continue.
Congratulations! You have set up your server to accept SSH connection requests from a
different
computer using an SSH client.
TIP
You can now edit the SSH daemon configuration file, for example, you can change the
default port for SSH connections. In the terminal prompt, run this command:
sudo nano /etc/ssh/sshd_config
The configuration file will open in the editor of your choice. In this case, we used Nano.
If you need to install Nano, run this command:
sudo apt-get install nano
Please note that you need to restart SSH service every time you make any changes to
the sshd_config file by running this command:
sudo service ssh restart
How to Connect via SSH

Now that you have the OpenSSH client and server installed on every machine you need,
you can establish a secure remote connection with your servers. To do so:
1. Open the SSH terminal on your machine and run the following command:
ssh your_username@host_ip_address
If the username on your local machine matches the one on the server you are
trying to connect to, you can just type:
ssh host_ip_address
And hit Enter.

2. Type in your password and hit Enter. Note that you will not get any feedback on
the screen while typing. If you are pasting your password, make sure it is stored
safely and not in a text file.
3. When you are connecting to a server for the very first time, it will ask you if you
want to continue connecting. Just type yes and hit Enter. This message appears
only this time since the remote server is not identified on your local machine.
4. An ECDSA key fingerprint is now added and you are connected to the remote
server.
If the computer you are trying to remotely connect to is on the same network, then it is
best to use the private IP address instead of the public IP address. Otherwise, you will
have to use the public IP address only. Additionally, make sure that you know the correct
TCP port OpenSSH is listening to for connection requests and that the port forwarding
settings are correct. The default port is 22 if nobody changed configuration in the
sshd_config file. You may also just append the port number after the host IP address.
Here is the example of a connection request using the OpenSSH client. We will specify
the port number as well:
username@machine:~$ ssh raman@185.52.53.222 –p7654 raman@185.52.53.222’s p

assword:
The authenticity of host '185.52.53.222 (185.52.53.222)' can't be established. ECDSA ke

y fingerprint is SHA256:9lyrpzo5Yo1EQAS2QeHy9xKceHFH8F8W6kp7EX2O3Ps. Are y
ou sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ' 185.52.53.222' (ECDSA) to the list of known hosts.
username@host:~$
You are now able to manage and control a remote machine using your terminal. If you
have trouble connecting to a remote server, make sure that:
 The IP address of the remote machine is correct.
 The port SSH daemon is listening to is not blocked by a firewall or forwarded
incorrectly.
 Your username and password are correct.
 The SSH software is installed properly.

1.4 Exploring Service Categories
Cloud computing service created by Microsoft for building, testing, deploying, and
managing applications and services through Microsoft-managed data centres.
1.4.1 Compute
Access cloud compute capacity and scale on demand—and only pay for the resources
you use
API Apps
Easily build and consume Cloud APIs
App Service
Quickly create powerful cloud apps for web and mobile
Azure CycleCloud
Create, manage, operate and optimise HPC and big compute clusters of any scale
Azure Functions
Process events with serverless code
Azure Kubernetes Service (AKS)
Simplify the deployment, management and operations of Kubernetes
Azure Quantum PREVIEW
Experience quantum impact today on Azure
Azure Spring Cloud
A fully managed Spring Cloud service, jointly built and operated with VMware
Azure VMware Solution
Run your VMware workloads natively on Azure
Batch
Cloud-scale job scheduling and compute management
Cloud Services
Create highly-available, infinitely-scalable cloud applications and APIs
Container Instances
Easily run containers on Azure without managing servers
Linux Virtual Machines
Provision virtual machines for Ubuntu, Red Hat and more
Mobile Apps
Build and host the backend for any mobile app
Service Fabric
Develop microservices and orchestrate containers on Windows or Linux

SQL Server on Virtual Machines
Host enterprise SQL Server apps in the cloud
Static Web Apps PREVIEW
A modern web app service that offers streamlined full-stack development from
source code to global high availability
Virtual Machine Scale Sets
Manage and scale up to thousands of Linux and Windows virtual machines
Virtual Machines
Provision Windows and Linux virtual machines in seconds
Web Apps
Quickly create and deploy mission critical web apps at scale
Windows Virtual Desktop
The best virtual desktop experience, delivered on Azure
Azure Dedicated Host
A dedicated physical server to host your Azure VMs for Windows and Linux
1.4.2 Containers
Develop and manage your containerised applications faster with integrated tools
API Apps
Azure Functions
Process events with serverless code
Azure Kubernetes Service (AKS)
Simplify the deployment, management and operations of Kubernetes
Azure Red Hat OpenShift
Fully managed OpenShift service, jointly operated with Red Hat
Container Instances
Easily run containers on Azure without managing servers
Container Registry
Store and manage container images across all types of Azure deployments
Mobile Apps
Build and host the backend for any mobile app
Service Fabric
Develop microservices and orchestrate containers on Windows or Linux

Web App for Containers
Easily deploy and run containerised web apps that scale with your business
Web Apps
1.4.3 Databases
Support rapid growth and innovate faster with secure, enterprise-grade and fully managed
database services
Azure API for FHIR
Easily create and deploy a FHIR service for health data solutions and
interoperability
Azure Cache for Redis
Accelerate applications with high-throughput, low-latency data caching
Azure Cosmos DB
Fast NoSQL database with open APIs for any scale
Azure Database for MariaDB
Managed MariaDB database service for app developers
Azure Database for MySQL
Fully managed, scalable MySQL Database
Azure Database for PostgreSQL
Fully managed, intelligent and scalable PostgreSQL
Azure Database Migration Service
Simplify on-premises database migration to the cloud
Azure SQL
Managed, always up-to-date SQL instance in the cloud
Azure SQL Database
Managed, intelligent SQL in the cloud
Azure SQL Edge
Consume Services privately on Azure Platform
Azure SQL Managed Instance
Managed, always up-to-date SQL instance in the cloud
SQL Server on Virtual Machines
Host enterprise SQL Server apps in the cloud
Table Storage
NoSQL key-value store using semi-structured datasets

Azure Managed Instance for Apache Cassandra PREVIEW
Cloud Cassandra with flexibility, control and scale

1.4.4 Developer Tools
Build, manage and continuously deliver cloud applications—using any platform or
language
App Configuration
Fast, scalable parameter storage for app configuration
Azure DevOps
Services for teams to share code, track work and ship software
Azure DevTest Labs
Quickly create environments using reusable templates and artifacts
Azure Lab Services
Set up labs for classrooms, trials, development and testing and other scenarios
Azure Pipelines
Continuously build, test and deploy to any platform and cloud
SDKs
Get the SDKs and command-line tools you need
Visual Studio
The powerful and flexible environment for developing applications in the cloud
Visual Studio Code
A powerful, lightweight code editor for cloud development
1.4.5 DevOps
Deliver innovation faster with simple, reliable tools for continuous delivery
Azure Artifacts
Create, host and share packages with your team
Azure Boards
Plan, track and discuss work across your teams
Azure DevOps
Services for teams to share code, track work and ship software
Azure DevTest Labs
Quickly create environments using reusable templates and artifacts
Azure Monitor
Full observability into your applications, infrastructure and network

Azure Pipelines
Continuously build, test and deploy to any platform and cloud
Azure Repos
Get unlimited, cloud-hosted private Git repos for your project
Azure Test Plans
Test and ship with confidence with a manual and exploratory testing toolkit
DevOps tool integrations
Use your favourite DevOps tools with Azure
1.4.6 Identity
Manage user identities and access to protect against advanced threats across devices,
data, apps, and infrastructure
Azure Active Directory
Synchronise on-premises directories and enable single sign-on
Azure Active Directory Domain Services
Join Azure virtual machines to a domain without domain controllers
Azure Information Protection
Better protect your sensitive information—anytime, anywhere
Azure Active Directory External Identities
Consumer identity and access management in the cloud
1.4.7 Internet of Things
Bring IoT to any device and any platform, without changing your infrastructure.
Azure IoT Central
Accelerate the creation of IoT solutions
Azure IoT Edge
Extend cloud intelligence and analytics to edge devices managed by Azure IoT
Hub
Azure IoT Hub
Connect, monitor and manage IoT assets with a scalable platform
Azure IoT solution accelerators
Create fully customisable solutions with templates for common IoT scenarios
Azure RTOS
Making embedded IoT development and connectivity easy

1.4.8 Management and Governance
Simplify, automate and optimise the management and compliance of your cloud
resources.
Automation
Simplify cloud management with process automation
Azure Advisor
Your personalised Azure best practices recommendation engine
Azure Backup
Simplify data protection and protect against ransomware
Azure Monitor
Full observability into your applications, infrastructure and network
Azure Policy
Implement corporate governance and standards at scale for Azure resources
Azure Resource Manager
Simplify how you manage your app resources
Azure Cost Management and Billing
Manage your cloud spending with confidence
Log Analytics
Collect, search and visualise machine data from on-premises and cloud
1.4.9 Mobile
Build and deploy cross-platform and native apps for any mobile device
API Management
Publish APIs to developers, partners, and employees securely and at scale
App Service
Azure Cognitive Search
AI-powered cloud search service for mobile and web app development
Azure Maps
Simple and secure location APIs provide geospatial context to data
Azure Cognitive Services
Add smart API capabilities to enable contextual interactions
Notification Hubs
Send push notifications to any platform from any back end

1.4.10 Networking
Connect cloud and on-premises infrastructure and services to provide your customers
and users the best possible experience
Application Gateway
Build secure, scalable and highly available web front ends in Azure
Azure Bastion
Private and fully managed RDP and SSH access to your virtual machines
Azure DDoS Protection
Protect your applications from Distributed Denial of Service (DDoS) attacks
Azure DNS
Host your DNS domain in Azure
Azure ExpressRoute
Dedicated private network fiber connections to Azure
Azure Firewall
Native firewalling capabilities with built-in high availability, unrestricted cloud
scalability and zero maintenance
Load Balancing
Deliver high availability and network performance to your applications
Azure Firewall Manager
Central network security policy and route management for globally distributed,
software-defined perimeters
Azure Front Door
Secure, fast and reliable cloud CDN with intelligent threat protection
Content Delivery Network
Ensure secure, reliable content delivery with broad global reach
Network Watcher
Network performance monitoring and diagnostics solution
Traffic Manager
Route incoming traffic for high performance and availability
Virtual Network
Provision private networks, optionally connect to on-premises datacenters
VPN Gateway
Establish secure, cross-premises connectivity

Web Application Firewall
A cloud-native web application firewall (WAF) service that provides powerful
protection for web apps
1.4.11 Security
Protect your enterprise from advanced threats across hybrid cloud workloads
Application Gateway
Build secure, scalable and highly available web front ends in Azure
Azure Active Directory
Synchronise on-premises directories and enable single sign-on
Azure Active Directory Domain Services
Join Azure virtual machines to a domain without domain controllers
Azure Defender
Protect hybrid cloud workloads
Azure DDoS Protection
Protect your applications from Distributed Denial of Service (DDoS) attacks
Azure Front Door
Secure, fast and reliable cloud CDN with intelligent threat protection
Key Vault
Safeguard and maintain control of keys and other secrets
Security Center
Unify security management and enable advanced threat protection across hybrid
cloud workloads
VPN Gateway
Establish secure, cross-premises connectivity
A cloud-native web application firewall (WAF) service that provides powerful
protection for web apps
1.4.12 Storage
Get secure, massively scalable cloud storage for your data, apps and workloads
Archive Storage
Industry leading price point for storing rarely accessed data
Azure Backup
Simplify data protection and protect against ransomware
Azure Data Lake Storage
Massively scalable, secure data lake functionality built on Azure Blob Storage

Azure Data Share
A simple and safe service for sharing big data with external organizations
Azure Files
File shares that use the standard SMB 3.0 protocol
Azure Disk Storage
High-performance, highly durable block storage for Azure Virtual Machines
1.4.13 Web
Build, deploy, and scale powerful web applications quickly and efficiently
API Apps
API Management
Publish APIs to developers, partners, and employees securely and at scale
App Service
Azure Cognitive Search
AI-powered cloud search service for mobile and web app development
Azure Maps
Simple and secure location APIs provide geospatial context to data
Azure SignalR Service
Add real-time web functionalities easily
Ensure secure, reliable content delivery with broad global reach
Notification Hubs
Send push notifications to any platform from any back end
Web Apps

1.5 Linux Fundamentals
1.5.1 What Is Linux
Linux is an open-source operating system like other operating systems such as

Microsoft Windows, Apple Mac OS, iOS, Google android, etc. An operating system is a
software that enables the communication between computer hardware and software. It
conveys input to get processed by the processor and brings output to the hardware to
display it. This is the basic function of an operating system. Although it performs many
other important tasks, let's not talk about that.
Linux is around us since the mid-90s. It can be used from wristwatches to

supercomputers. It is everywhere in our phones, laptops, PCs, cars and even in
refrigerators. It is very much famous among developers and normal computer users.
1.5.2 Evolution of Linux OS
The Linux OS was developed by Linus Torvalds in 1991, which sprouted as an idea to
improve the UNIX OS. He suggested improvements but was rejected by UNIX designers.
Therefore, he thought of launching an OS, designed in a way that could be modified by
its users.
Nowadays, Linux is the fastest-growing OS. It is used from phones to supercomputers by

almost all major hardware devices.
1.5.3 Structure of Linux Operating System
An operating system is a collection of software, each designed for a specific function.
Linux OS has following components:
Image: Linux Components

Reference: https://static.javatpoint.com/linux/images/what-is-linux.png

1) Kernel
Linux kernel is the core part of the operating system. It establishes communication
between devices and software. Moreover, it manages system resources. It has four
responsibilities:
Image: Structure in Linux OS

Reference: https://static.javatpoint.com/linux/images/what-is-linux2.png
o Device Management: A system has many devices connected to it like CPU, a
memory device, sound cards, graphic cards, etc. A kernel stores all the data
related to all the devices in the device driver (without this kernel won't be able to
control the devices). Thus kernel knows what a device can do and how to
manipulate it to bring out the best performance. It also manages communication
between all the devices. The kernel has certain rules that have to be followed by
all the devices.
o Memory Management: Another function that kernel has to manage is the memory
management. The kernel keeps track of used and unused memory and makes
sure that processes shouldn't manipulate data of each other using virtual memory
addresses.
o Process Management: In the process, management kernel assigns enough time
and gives priorities to processes before handling CPU to other processes. It also
deals with security and ownership information.

o Handling System Calls: Handling system calls means a programmer can write a
query or ask the kernel to perform a task.
2) System Libraries
System libraries are special programs that help in accessing the kernel's features. A
kernel has to be triggered to perform a task, and this triggering is done by the applications.
But applications must know how to place a system call because each kernel has a
different set of system calls. Programmers have developed a standard library of
procedures to communicate with the kernel. Each operating system supports these
standards, and then these are transferred to system calls for that operating system. The
most well-known system library for Linux is Glibc (GNU C library).
3) System Tools
Linux OS has a set of utility tools, which are usually simple commands. It is a software
which GNU project has written and publish under their open source license so that
software is freely available to everyone.
With the help of commands, you can access your files, edit and manipulate data in your
directories or files, change the location of files, or anything.
4) Development Tools
With the above three components, your OS is running and working. But to update your
system, you have additional tools and libraries. These additional tools and libraries are
written by the programmers and are called toolchain. A toolchain is a vital development
tool used by the developers to produce a working application.
5) End User Tools
These end tools make a system unique for a user. End tools are not required for the
operating system but are necessary for a user.
Some examples of end tools are graphic design tools, office suites, browsers, multimedia
players, etc.
1.5.4 Why use Linux?
This is one of the most asked questions about Linux systems. Why do we use a different
and bit complex operating system, if we have a simple operating system like Windows?
So, there are various features of Linux systems that make it completely different and one
of the most used operating systems. Linux may be a perfect operating system if you want
to get rid of viruses, malware, slowdowns, crashes, costly repairs, and many more.

Further, it provides various advantages over other operating systems, and we don't have
to pay for it. Let's have a look at some of its special features that will attract you to switch
your operating system.
Free & Open Source Operating System
Most OS come in a compiled format means the main source code has run through a
program called a compiler that translates the source code into a language that is known
to the computer.
Modifying this compiled code is a tough job.
On the other hand, open-source is completely different. The source code is included with
the compiled version and allows modification by anyone having some knowledge. It gives
us the freedom to run the program, freedom to change the code according to our use,
freedom to redistribute its copies, and freedom to distribute copies, which are modified by
us.
In short, Linux is an operating system that is "for the people, by the people." And we
can dive in Linux without paying any cost. We can install it on multiple machines without
paying any cost.
It is secure
Linux supports various security options that will save you from viruses, malware,
slowdowns, and crashes. Further, it will keep your data protected. Its security feature is
the main reason that it is the most favourable option for developers. It is not completely
safe, but it is less vulnerable than others. Each application needs to authorize by the
admin user. The virus cannot be executed until the administrator provides the access
password. Linux systems do not require any antivirus program.
Favourable choice of Developers
Linux is suitable for the developers, as it supports almost all of the most used
programming languages such as C/C++, Java, Python, Ruby, and more. Further, it
facilitates with a vast range of useful applications for development.
Developers find that the Linux terminal is much better than the Windows command line,
So, they prefer terminal over the Windows command line. The package manager on Linux
system helps programmers to understand how things are done. Bash scripting is also a
functional feature for the programmers. Also, the SSH support helps to manage the
servers quickly.

A flexible operating system
Linux is a flexible OS, as, it can be used for desktop applications, embedded systems,
and server applications. It can be used from wristwatches to supercomputers. It is
everywhere in our phones, laptops, PCs, cars and even in refrigerators. Further, it
supports various customization options.
Linux Distributions
Many agencies modified the Linux operating system and makes their Linux distributions.
There are many Linux distributions available in the market. It provides a different flavor of
the Linux operating system to the users. We can choose any distribution according to our
needs. Some popular distros are Ubuntu, Fedora, Debian, Linux Mint, Arch Linux, and
many more.
For the beginners, Ubuntu and Linux Mint are considered useful and, for the proficient
developer, Debian and Fedora would be a good choice. To get a list of distributions,
visit Linux Distributions.
1.5.5 How does Linux work?
Linux is a UNIX-like operating system, but it supports a range of hardware devices from
phones to supercomputers. Every Linux-based operating system has the Linux kernel
and set of software packages to manage hardware resources.
Also, Linux OS includes some core GNU tools to provide a way to manage the kernel
resources, install software, and configure the security setting and performance, and many
more. All these tools are packaged together to make a functional operating system.
1.5.6 How to use Linux?
We can use Linux through an interactive user interface as well as from the terminal
(Command Line Interface). Different distributions have a slightly different user interface
but almost all the commands will have the same behavior for all the distributions. To run
Linux from the terminal, press the "CTRL+ALT+T" keys. And, to explore its functionality,
press the application button given on the left down corner of your desktop.
1.5.7 Advantages of Linux
Linux is an open-source operating system like Windows and MacOS. It is not just limited
to the operating system, but nowadays, it is also used as a platform to run desktops,
servers, and embedded systems. It provides various distributions and variations as it is
open source and has a modular design. The kernel is a core part of the Linux system.

Linux system is used to manage various services such as process scheduling,
application scheduling, basic peripheral devices, file system, and
more. Linux provides various advantages over other operating systems such as
Windows and MacOS. So, it is used in almost every field, from cars to home appliances
and smartphones to servers (supercomputers).
1. Pen Source
As it is open-source, its source code is easily available. Anyone having programming

knowledge can customize the operating system. One can contribute, modify, distribute,
and enhance the code for any purpose.
2. Security
The Linux security feature is the main reason that it is the most favorable option for
developers. It is not completely safe, but it is less vulnerable than others. Each application
needs to authorize by the admin user. The virus is not executed until the administrator
provides the access password. Linux systems do not require any antivirus program.
3. Free
Certainly, the biggest advantage of the Linux system is that it is free to use. We can easily
download it, and there is no need to buy the license for it. It is distributed under GNU GPL
(General Public License). Comparatively, we have to pay a huge amount for the license
of the other operating systems.
4. Lightweight
Linux is lightweight. The requirements for running Linux are much less than other
operating systems. In Linux, the memory footprint and disk space are also lower.
Generally, most of the Linux distributions required as little as 128MB of RAM around the
same amount for disk space.
5. Stability
Linux is more stable than other operating systems. Linux does not require to reboot the
system to maintain performance levels. It rarely hangs up or slow down. It has big up-
times.
6. Performance
Linux system provides high performance over different networks. It is capable of handling
a large number of users simultaneously.

7. Flexibility
Linux operating system is very flexible. It can be used for desktop applications, embedded
systems, and server applications too. It also provides various restriction options for
specific computers. We can install only necessary components for a system.
8. Software Updates
In Linux, the software updates are in user control. We can select the required updates.
There a large number of system updates are available. These updates are much faster
than other operating systems. So, the system updates can be installed easily without
facing any issue.
9. Distributions/ Distros
There are many Linux distributions available in the market. It provides various options
and flavours of Linux to the users. We can choose any distros according to our needs.
Some popular distros are Ubuntu, Fedora, Debian, Linux Mint, Arch Linux, and many
more.
For the beginners, Ubuntu and Linux Mint would be useful and, Debian and Fedora would
be good choices for proficient programmers.
10. Live CD/USB
Almost all Linux distributions have a Live CD/USB option. It allows us to try or run the
Linux operating system without installing it.
11. Graphical User Interface
Linux is a command-line based OS but, it provides an interactive user interface

like Windows.
12. Suitable for programmers
It supports almost all of the most used programming languages such

as C/C++, Java, Python, Ruby, and more. Further, it offers a vast range of useful
applications for development.
The programmers prefer the Linux terminal over the Windows command line. The
package manager on Linux system helps programmers to understand how things are
done. Bash scripting is also a functional feature for the programmers. It also provides
support for SSH, which helps in managing the servers quickly.

13. Community Support
Linux provides large community support. We can find support from various sources.
There are many forums available on the web to assist users. Further, developers from
the various open source communities are ready to help us.
14. Privacy
Linux always takes care of user privacy as it never takes much private data from the user.
Comparatively, other operating systems ask for the user's private data.
15. Networking
Linux facilitates with powerful support for networking. The client-server systems can be
easily set to a Linux system. It provides various command-line tools such as ssh, ip, mail,
telnet, and more for connectivity with the other systems and servers. Tasks such as
network backup are much faster than others.
16. Compatibility
Linux is compatible with a large number of file formats as it supports almost all file formats.
17. Installation
Linux installation process takes less time than other operating systems such as Windows.
Further, its installation process is much easy as it requires less user input. It does not
require much more system configuration even it can be easily installed on old machines
having less configuration.
18. Multiple Desktop Support
Linux system provides multiple desktop environment support for its enhanced use. The
desktop environment option can be selected during installation. We can select any
desktop environment such as GNOME (GNU Network Object Model
Environment) or KDE (K Desktop Environment) as both have their specific
environment.
19. Multitasking
It is a multitasking operating system as it can run multiple tasks simultaneously without

affecting the system speed.

20. Heavily Documented for Beginners
There are many command-line options that provide documentation on commands,

libraries, standards such as manual pages and info pages. Also, there are plenty of
documents available on the internet in different formats, such as Linux tutorials, Linux
documentation project Serverfault, and more.
1.5.8 Installation of Ubuntu Desktop

1. Overview
The Ubuntu desktop is easy to use, easy to install and includes everything you need
to run your organisation, school, home or enterprise. It’s also open source, secure,
accessible and free to download.
2. Requirements
You’ll need to consider the following before starting the installation:
 Connect your laptop to a power source.

 Ensure you have at least 25 GB of free storage space, or 5 GB for a minimal
installation.
 Have access to either a DVD or a USB flash drive containing the version of Ubuntu
you want to install.
 Make sure you have a recent backup of your data. While it’s unlikely that anything
will go wrong, you can never be too prepared.
3. Boot from DVD
It’s easy to install Ubuntu from a DVD. Here’s what you need to do:
1. Put the Ubuntu DVD into your optical/DVD drive.

2. Restart your computer.
As soon as your computer boots you’ll see the welcome window.

Image: Ubuntu setup beginning, language selection
From here, you can select your language from a list on the left and choose between either
installing Ubuntu directly, or trying the desktop first (if you like what you see, you can also
install Ubuntu from this mode too).
Depending on your computer’s configuration, you may instead see an alternative boot
menu showing a large language selection pane. Use your mouse or cursor keys to select
a language and you’ll be presented with a simple menu.
Select the second option, ‘Install Ubuntu’, and press return to launch the desktop installer
automatically. Alternatively, select the first option, ‘Try Ubuntu without installing’, to test
Ubuntu (as before, you can also install Ubuntu from this mode too).
A few moments later, after the desktop has loaded, you’ll see the welcome window. From
here, you can select your language from a list on the left and choose between either
installing Ubuntu directly, or trying the desktop first.
4. Boot from USB flash drive

Most computers will boot from USB automatically. Simply insert the USB flash drive and
either power on your computer or restart it. You should see the same welcome window
we saw in the previous ‘Install from DVD’ step, prompting you to choose your language
and either install or try the Ubuntu desktop.
If your computer doesn’t automatically boot from USB, try holding F12 when your
computer first starts. With most machines, this will allow you to select the USB device
from a system-specific boot menu.

5. Prepare to install Ubuntu
You will first be asked to select your keyboard layout. If the installer doesn’t guess the
default layout correctly, use the ‘Detect Keyboard Layout’ button to run through a brief
configuration procedure.
After selecting Continue you will be asked what apps you would like to install to start
with. The two options are ‘Normal installation’ and ‘Minimal installation’. The first is the
equivalent to the old default bundle of utilities, applications, games and media players —
a great Launchpad for any Linux installation. The second takes considerably less storage
space and allows you to install only what you need.
Beneath the installation-type question are two checkboxes; one to enable updates while
installing and another to enable third-party software.
 We advise enabling both Download updates and Install third-party software.

 Stay connected to the internet so you can get the latest updates while you install
Ubuntu.
 If you are not connected to the internet, you will be asked to select a wireless
network, if available. We advise you to connect during the installation so we can
ensure your machine is up to date
Image: Type selection in installation

6. Allocate drive space
Use the checkboxes to choose whether you’d like to install Ubuntu alongside another
operating system, delete your existing operating system and replace it with Ubuntu, or —
if you’re an advanced user — choose the ’Something else’ option.
Image: Options related to side-by-side installation or erasing a previous installation are only offered when pre-existing
installations are detected.
7. Begin installation
After configuring storage, click on the ‘Install Now’ button. A small pane will appear with
an overview of the storage options you’ve chosen, with the chance to go back if the details
are incorrect.Click Continue to fix those changes in place and start the installation
process.
Image: Changes acceptance prompt

8. Select your location
If you are connected to the internet, your location will be detected automatically. Check
your location is correct and click ’Forward’ to proceed.
If you’re unsure of your time zone, type the name of a local town or city or use the map
to select your location.
Image: If you’re having problems connecting to the Internet, use the menu in the top-right-hand corner to select a
network.
9. Login details
Enter your name and the installer will automatically suggest a computer name and
username. These can easily be changed if you prefer. The computer name is how your
computer will appear on the network, while your username will be your login and account
name.
Next, enter a strong password. The installer will let you know if it’s too weak. You can
also choose to enable automatic login and home folder encryption. If your machine is
portable, we recommend keeping automatic login disabled and enabling encryption. This
should stop people accessing your personal files if the machine is lost or stolen.

Image: If you enable home folder encryption and you forget your password, you won’t be able to retrieve any
personal data stored in your home folder.
10. Background installation

The installer will now complete in the background while the installation window teaches
you a little about how awesome Ubuntu is. Depending on the speed of your machine and
network connection, installation should only take a few minutes.
Image: Installation progress screen

11. Installation complete
After everything has been installed and configured, a small window will appear asking
you to restart your machine. Click on Restart Now and remove either the DVD or USB
flash drive when prompted. If you initiated the installation while testing the desktop, you
also get the option to continue testing.
Image: Completion Prompt
Congratulations! You have successfully installed the world’s most popular Linux operating
system!

1.6 Basic Linux Commands
1.6.1 Linux Directories
What are Commands
A command is an instruction given to our computer by us to do whatever we want. In Mac
OS, and Linux it is called terminal, whereas, in windows it is called command prompt.
Commands are always case sensitive.
Commands are executed by typing in at the command line followed by pressing enter
key.
This command further passes to the shell which reads the command and execute it. Shell
is a method for the user to interact with the system. Default shell in Linux is called bash
(Bourne-Again Shell).
There are two types of shell commands:
o Built-in shell commands: They are part of a shell. Each shell has some built in
commands.
o External/Linux commands: Each external command is a separate executable
program written in C or other programming languages.
Linux Directory Structure Diagram

A standard Linux distribution follows the directory structure as provided below with
Diagram and explanation.
Image: Linux Directory Structure

Reference: https://media.geeksforgeeks.org/wp-content/uploads/linuxDir.jpg

Each of the above directory (which is a file, at the first place) contains important
information, required for booting to device drivers, configuration files, etc. Describing
briefly the purpose of each directory, we are starting hierarchically.
1. /bin : All the executable binary programs (file) required during booting,
repairing, files required to run into single-user-mode, and other important,
basic commands viz., cat, du, df, tar, rpm, wc, history, etc.
2. /boot : Holds important files during boot-up process, including Linux
Kernel.
3. /dev : Contains device files for all the hardware devices on the machine
e.g., cdrom, cpu, etc
4. /etc : Contains Application’s configuration
files, startup, shutdown, start, stop script for every individual program.
5. /home : Home directory of the users. Every time a new user is created, a
directory in the name of user is created within home directory which
contains other directories like Desktop, Downloads, Documents, etc.
6. /lib : The Lib directory contains kernel modules and shared
library images required to boot the system and run commands in root file
system.
7. /lost+found : This Directory is installed during installation of Linux, useful
for recovering files which may be broken due to unexpected shut-down.
8. /media : Temporary mount directory is created for removable devices
viz., media/cdrom.
9. /mnt : Temporary mount directory for mounting file system.
10. /opt : Optional is abbreviated as opt. Contains third party application
software. Viz., Java, etc.
11. /proc : A virtual and pseudo file-system which contains information
about running process with a particular Process-id aka pid.
12. /root : This is the home directory of root user and should never be confused
with ‘/‘
13. /run : This directory is the only clean solution for early-runtime-
dir problem.
14. /sbin : Contains binary executable programs, required by System
Administrator, for Maintenance. Viz., iptables, fdisk, ifconfig, swapon,
reboot, etc.
15. /srv : Service is abbreviated as ‘srv‘. This directory contains server specific
and service related files.
16. /sys : Modern Linux distributions include a /sys directory as a virtual
filesystem, which stores and allows modification of the devices connected
to the system.
17. /tmp :System’s Temporary Directory, Accessible by users and root. Stores
temporary files for user and system, till next boot.

18. /usr : Contains executable binaries, documentation, source
code, libraries for second level program.
19. /var : Stands for variable. The contents of this file is expected to grow. This
directory contains log, lock, spool, mail and temp files.
1.6.2 Basics Linux Commands
1. pwd Command
The pwd command is used to display the location of the current working directory.
Syntax:
~$: pwd
2. mkdir Command
The mkdir command is used to create a new directory under any directory.
Syntax:
~$: mkdir <directory name>
3. rmdir Command
The rmdir command is used to delete a directory.
Syntax:
~$: rmdir <directory name>
4. ls Command
The ls command is used to display a list of content of a directory.
Syntax:
~$: ls
5. cd Command
The cd command is used to change the current directory.
Syntax:

~$: cd <directory name>
Linux File commands
6. touch Command
The touch command is used to create empty files. We can create multiple empty files by
executing it once.
Syntax:
~$: touch <file name>

~$: touch <file1> <file2> ....
7. cat Command
The cat command is a multi-purpose utility in the Linux system. It can be used to create
a file, display content of the file, copy the content of one file to another file, and more.
Syntax:
~$: cat [OPTION]... [FILE]..
To create a file, execute it as follows:
~$: cat > <file name>

~$: // Enter file content
Press "CTRL+ D" keys to save the file. To display the content of the file, execute it as
follows:
~$: cat <file name>
8. rm Command
The rm command is used to remove a file.
Syntax:
~$: rm <file name>
9. cp Command

The cp command is used to copy a file or directory.
Syntax:
To copy in the same directory:
~$: cp <existing file name> <new file name>
10. mv Command
The mv command is used to move a file or a directory form one location to another
location.
Syntax:
~$: mv <file name> <directory path>
11. rename Command
The rename command is used to rename files. It is useful for renaming a large group of
files.
Syntax:
~$: rename 's/old-name/new-name/' files
For example, to convert all the text files into pdf files, execute the below command:
~$: rename 's/\.txt$/\.pdf/' *.txt
Linux File Content Commands
12. head Command
The head command is used to display the content of a file. It displays the first 10 lines of
a file.
Syntax:
~$: head <file name>
13. tail Command

The tail command is similar to the head command. The difference between both
commands is that it displays the last ten lines of the file content. It is useful for reading
the error message.
Syntax:
~$: tail <file name>
14. tac Command
The tac command is the reverse of cat command, as its name specified. It displays the
file content in reverse order (from the last line).
Syntax:
~$: tac <file name>
15. more command
The more command is quite similar to the cat command, as it is used to display the file
content in the same way that the cat command does. The only difference between both
commands is that, in case of larger files, the more command displays screenful output at
a time.
In more command, the following keys are used to scroll the page:
ENTER key: To scroll down page by line.
Space bar: To move to the next page.
b key: To move to the previous page.
/ key: To search the string.
Syntax:
~$: more <file name>
16. less Command

The less command is similar to the more command. It also includes some extra features
such as 'adjustment in width and height of the terminal.' Comparatively, the more
command cuts the output in the width of the terminal.
Syntax:
~$: less <file name>
Linux User Commands
17. su Command
The su command provides administrative access to another user. In other words, it allows
access of the Linux shell to another user.
Syntax:
~$: su <user name>
18. id Command
The id command is used to display the user ID (UID) and group ID (GID).
Syntax:
~$: id
19. useradd Command
The useradd command is used to add or remove a user on a Linux server.
Syntax:
~$: useradd username
20. passwd Command
The passwd command is used to create and change the password for a user.
Syntax:
~$: passwd <username>
21. groupadd Command

The groupadd command is used to create a user group.
Syntax:
~$: groupadd <group name>

Linux Filter Commands
22. cat Command
The cat command is also used as a filter. To filter a file, it is used inside pipes.
Syntax:
~$: cat <fileName> | cat or tac | cat or tac |. . .
23. cut Command
The cut command is used to select a specific column of a file. The '-d' option is used as
a delimiter, and it can be a space (' '), a slash (/), a hyphen (-), or anything else. And, the
'-f' option is used to specify a column number.
Syntax:
~$: cut -d(delimiter) -f(columnNumber) <fileName>
24. grep Command
The grep is the most powerful and used filter in a Linux system. The 'grep' stands for
"global regular expression print." It is useful for searching the content from a file.
Generally, it is used with the pipe.
Syntax:
~$: command | grep <searchWord>
25. comm Command
The 'comm' command is used to compare two files or streams. By default, it displays three
columns, first displays non-matching items of the first file, second indicates the non-
matching item of the second file, and the third column displays the matching items of both
files.
Syntax:

~$: comm <file1> <file2>
26. sed command
The sed command is also known as stream editor. It is used to edit files using a regular
expression. It does not permanently edit files; instead, the edited content remains only on
display. It does not affect the actual file.
Syntax:
~$: command | sed 's/<oldWord>/<newWord>/'
27. tee command
The tee command is quite similar to the cat command. The only difference between both
filters is that it puts standard input on standard output and also write them into a file.
Syntax:
~$: cat <fileName> | tee <newFile> | cat or tac |.....
28. tr Command
The tr command is used to translate the file content like from lower case to upper case.
Syntax:
~$: command | tr <'old'> <'new'>
29. uniq Command
The uniq command is used to form a sorted list in which every word will occur only once.
Syntax:
~$: command <fileName> | uniq
30. wc Command
The wc command is used to count the lines, words, and characters in a file.
Syntax:
~$: wc <file name>

31. od Command
The od command is used to display the content of a file in different s, such as

hexadecimal, octal, and ASCII characters.
Syntax:
~$: od -b <fileName> // Octal format

~$: od -t x1 <fileName> // Hexa decimal format
~$: od -c <fileName> // ASCII character format
32. sort Command
The sort command is used to sort files in alphabetical order.
Syntax:
~$: sort <file name>
33. gzip Command
The gzip command is used to truncate the file size. It is a compressing tool. It replaces
the original file by the compressed file having '.gz' extension.
Syntax:
~$: gzip <file1> <file2> <file3>...
34. gunzip Command
The gunzip command is used to decompress a file. It is a reverse operation of gzip

command.
Syntax:
~$: gunzip <file1> <file2> <file3> …
Linux Utility Commands
35. find Command
The find command is used to find a particular file within a directory. It also supports
various options to find a file such as byname, by type, by date, and more.

The following symbols are used after the find command:
(.) : For current directory name
(/) : For root
Syntax:
~$: find . -name "*.pdf"
36. locate Command
The locate command is used to search a file by file name. It is quite similar to find
command; the difference is that it is a background process. It searches the file in the
database, whereas the find command searches in the file system. It is faster than the find
command. To find the file with the locates command, keep your database updated.
Syntax:
~$: locate <file name>
37. date Command
The date command is used to display date, time, time zone, and more.
Syntax:
~$: date
38. cal Command
The cal command is used to display the current month's calendar with the current date
highlighted.
Syntax:
~$: cal
39. sleep Command
The sleep command is used to hold the terminal by the specified amount of time. By
default, it takes time in seconds.
Syntax:

~$: sleep <time>
40. time Command
The time command is used to display the time to execute a command.
Syntax:
~$: time
41. zcat Command
The zcat command is used to display the compressed files.
Syntax:
~$: zcat <file name>
42. df Command
The df command is used to display the disk space used in the file system. It displays the
output as in the number of used blocks, available blocks, and the mounted directory.
Syntax:
~$: df
43. mount Command
The mount command is used to connect an external device file system to the system's
file system.
Syntax:
~$: mount -t type <device> <directory>
44. exit Command
Linux exit command is used to exit from the current shell. It takes a parameter as a
number and exits the shell with a return of status number.
Syntax:

~$: exit
After pressing the ENTER key, it will exit the terminal.
45. clear Command
Linux clear command is used to clear the terminal screen.
Syntax:
~$: clear
After pressing the ENTER key, it will clear the terminal screen.
Linux Networking Commands
46. ip Command
Linux ip command is an updated version of the ipconfig command. It is used to assign an

IP address, initialize an interface, disable an interface.
Syntax:
~$: ip a or ip addr
47. ssh Command
Linux ssh command is used to create a remote connection through the ssh protocol.
Syntax:
~$: ssh user_name@host(IP/Domain_name)</p>
48. mail Command
The mail command is used to send emails from the command line.
Syntax:
~$: mail -s "Subject" <recipient address>
49. ping Command
The ping command is used to check the connectivity between two nodes, that is whether
the server is connected. It is a short form of "Packet Internet Groper."

Syntax:
~$: ping <destination>
50. host Command
The host command is used to display the IP address for a given domain name and vice
versa. It performs the DNS lookups for the DNS Query.
Syntax:
~$: host <domain name> or <ip address>

1.7 Creating Your First Windows VM in Azure cloud
Azure virtual machines (VMs) can be created through the Azure portal. This method
provides a browser-based user interface to create VMs and their associated resources.
This quick start shows you how to use the Azure portal to deploy a virtual machine (VM)
in Azure that runs Windows Server 2019. To see your VM in action, you then RDP to the
VM and install the IIS web server.
1.7.1 Sign in to Azure
Sign in to the Azure portal at https://portal.azure.com
1.7.2 Create virtual machine
1. Type virtual machines in the search.

2. Under Services, select Virtual machines.
3. In the Virtual machines page, select Add then Virtual machine.
4. In the Basics tab, under Project details, make sure the correct subscription is
selected and then choose to Create new resource group.
Type myResourceGroup for the name.
5. Under Instance details, type myVM for the Virtual machine name and choose East
US for your Region. Choose Windows Server 2019 Datacenter for
the Image and Standard_DS1_v2 for the Size. Leave the other defaults.

6. Under Administrator account, provide a username, such as azureuser and a
password. The password must be at least 12 characters long and meet the defined
complexity requirements.
7. Under Inbound port rules, choose Allow selected ports and then select RDP
(3389) and HTTP (80) from the drop-down.
8. Leave the remaining defaults and then select the Review + create button at the
bottom of the page.

9. After validation runs, select the Create button at the bottom of the page.
10. After deployment is complete, select Go to resource.
1.7.3 Connect to virtual machine
Create a remote desktop connection to the virtual machine. These directions tell you how
to connect to your VM from a Windows computer. On a Mac, you need an RDP client
such as this Remote Desktop Client from the Mac App Store.
1. On the overview page for your virtual machine, select the Connect button then
select RDP.
2. In the Connect with RDP page, keep the default options to connect by IP address,
over port 3389, and click Download RDP file.

3. Open the downloaded RDP file and click Connect when prompted.
4. In the Windows Security window, select More choices and then Use a different
account. Type the username as localhost\username, enter the password you
created for the virtual machine, and then click OK.
5. You may receive a certificate warning during the sign-in process.
Click Yes or Continue to create the connection.
1.7.4 Clean up resources
When no longer needed, you can delete the resource group, virtual machine, and all
related resources.
Go to the resource group for the virtual machine, then select Delete resource group.
Confirm the name of the resource group to finish deleting the resources.

1.8 Creating Your First Linux VM in Azure cloud
Azure virtual machines (VMs) can be created through the Azure portal. The Azure portal
is a browser-based user interface to create Azure resources. This quick start shows you
how to use the Azure portal to deploy a Linux virtual machine (VM) running Ubuntu 18.04
LTS. To see your VM in action, you also SSH to the VM and install the NGINX web server.
Sign in to the Azure portal if you haven't already.
1.8.2 Create virtual machine
1. Type virtual machines in the search.

2. Under Services, select Virtual machines.
3. In the Virtual machines page, select Add. The Create a virtual
machine page opens.
4. In the Basics tab, under Project details, make sure the correct subscription
is selected and then choose to Create new resource group.
Type myResourceGroup for the name.*.
5. Under Instance details, type myVM for the Virtual machine name,
choose East US for your Region, and choose Ubuntu 18.04 LTS for
your Image. Leave the other defaults.

6. Under Administrator account, select SSH public key.
7. In Username type azureuser.
8. For SSH public key source, leave the default of Generate new key pair,
and then type myKey for the Key pair name.
9. Under Inbound port rules > Public inbound ports, choose Allow selected
ports and then select SSH (22) and HTTP (80) from the drop-down.
10. Leave the remaining defaults and then select the Review + create button at
the bottom of the page.

11. On the Create a virtual machine page, you can see the details about the
VM you are about to create. When you are ready, select Create.
12. When the Generate new key pair window opens, select Download private
key and create resource. Your key file will be download as myKey.pem.
Make sure you know where the .pem file was downloaded, you will need the
path to it in the next step.
13. When the deployment is finished, select Go to resource.
14. On the page for your new VM, select the public IP address and copy it to your
clipboard.
1.8.3 Connect to virtual machine
Create an SSH connection with the VM.
1. If you are on a Mac or Linux machine, open a Bash prompt. If you are on a
Windows machine, open a PowerShell prompt.
2. At your prompt, open an SSH connection to your virtual machine. Replace
the IP address with the one from your VM, and replace the path to
the .pem with the path to where the key file was downloaded.
Console
ssh -i .\Downloads\myKey1.pem azureuser@10.111.12.123
Tip
The SSH key you created can be used the next time your create a VM in Azure. Just
select the Use a key stored in Azure for SSH public key source the next time you
create a VM. You already have the private key on your computer, so you won't need to
download anything.
Install web server
To see your VM in action, install the NGINX web server. From your SSH session, update
your package sources and then install the latest NGINX package.

Bash
sudo apt-get -y update

sudo apt-get -y install nginx
When done, type exit to leave the SSH session.
View the web server in action
Use a web browser of your choice to view the default NGINX welcome page. Type the
public IP address of the VM as the web address. The public IP address can be found on
the VM overview page or as part of the SSH connection string you used earlier.
When no longer needed, you can delete the resource group, virtual machine, and all
related resources. To do so, select the resource group for the virtual machine,
select Delete, then confirm the name of the resource group to delete.

1.9 Cloud Deployment & Service Delivery Models
Cloud is the future of computing. It is about outsourcing of IT services and infrastructure
to make them accessible remotely via the Internet. Utilizing cloud-computing models
boosts not only productivity but also provide a competitive edge to organizations. The
growing popularity of cloud computing has given rise to different types of cloud service
deployment models and strategies. Therefore, today there exists a variety of enterprise
cloud solutions depending on the degree of desired outsourcing needs.
It is along with their customization flexibility, control, and data management within the
organization. Further, it involves the pooling of specialized human and technical
resources to effectively manage existing systems and applications as it helps in meeting
the requirements of organizations and users.
1.9.1 Different Types of Cloud Computing Deployment Models

Most cloud hubs have tens of thousands of servers and storage devices to enable fast
loading. It is often possible to choose a geographic area to put the data “closer” to users.
Thus, deployment models of cloud computing are categorized based on their location. To
know which deployment model would best fit the requirements of your organization, let
us first learn about the types of cloud deployment models.
Image: Cloud Service Models

Reference: https://www.oreilly.com/library/view/the-enterprise-cloud/

Private Cloud
It is a cloud-based infrastructure used by stand-alone organizations. It offers greater
control over security. The data is backed up by a firewall and internally, and can be hosted
internally or externally. Private clouds are perfect for organizations that have high-security
requirements, high management demands, and availability requirements
Public Cloud
This type of cloud services is provided on a network for public use. Customers have no
control over the location of the infrastructure. It is based on a shared cost model for all
the users, or in the form of a licensing policy such as pay per user. Public deployment
models in the cloud are perfect for organizations with growing and fluctuating demands.
It is also popular among businesses of all sizes for their web applications, webmail, and
storage of non-sensitive data.
Community Cloud
It is a mutually shared model between organizations that belong to a particular community
such as banks, government organizations, or commercial enterprises. Community
members generally share similar issues of privacy, performance, and security. This type
of deployment model of cloud computing is managed and hosted internally or by a third-
party vendor.
Hybrid Cloud
This model incorporates the best of both private and public clouds, but each can remain
as separate entities. Further, as part of this deployment of cloud computing model, the
internal, or external providers can provide resources. A hybrid cloud is ideal for scalability,
flexibility, and security. A perfect example of this scenario would be that of an organization
who uses the private cloud to secure their data and interacts with its customers using the
public cloud.
1.9.2 Cloud Service Delivery Models
There are the following three types of cloud service models -
1. Infrastructure as a Service (IaaS)

2. Platform as a Service (PaaS)
3. Software as a Service (SaaS)

Image: Cloud Service Delivery Models
1.9.3 Infrastructure as a Service (IaaS)
IaaS is also known as Hardware as a Service (HaaS). It is a computing infrastructure

managed over the internet. The main advantage of using IaaS is that it helps users to
avoid the cost and complexity of purchasing and managing the physical servers.
Characteristics of IaaS
There are the following characteristics of IaaS -
o Resources are available as a service

o Services are highly scalable
o Dynamic and flexible
o GUI and API-based access
o Automated administrative tasks
Example: DigitalOcean, Linode, Amazon Web Services (AWS), Microsoft Azure, Google
Compute Engine (GCE), Rackspace, and Cisco Metacloud.
IaaS is offered in three models: public, private, and hybrid cloud. The private cloud implies
that the infrastructure resides at the customer-premise. In the case of public cloud, it is
located at the cloud computing platform vendor's data center, and the hybrid cloud is a
combination of the two in which the customer selects the best of both public cloud or
private cloud.
IaaS provider provides the following services -
1. Compute: Computing as a Service includes virtual central processing units and

virtual main memory for the Vms that is provisioned to the end- users.
2. Storage: IaaS provider provides back-end storage for storing files.

3. Network: Network as a Service (NaaS) provides networking components such as
routers, switches, and bridges for the Vms.
4. Load balancers: It provides load balancing capability at the infrastructure layer.
Image: Cloud IaaS model components

Reference: https://encrypted-tbn0.gstatic.com/images
Advantages of IaaS cloud computing layer
There are the following advantages of IaaS computing layer -
1. Shared infrastructure
IaaS allows multiple users to share the same physical infrastructure.
2. Web access to the resources
Iaas allows IT users to access resources over the internet.
3. Pay-as-per-use model
IaaS providers provide services based on the pay-as-per-use basis. The users are
required to pay for what they have used.
4. Focus on the core business
IaaS providers focus on the organization's core business rather than on IT

infrastructure.
5. On-demand scalability
On-demand scalability is one of the biggest advantages of IaaS. Using IaaS, users
do not worry about to upgrade software and troubleshoot the issues related to
hardware components.

Disadvantages of IaaS cloud computing layer
1. Security
Security is one of the biggest issues in IaaS. Most of the IaaS providers are not
able to provide 100% security.
2. Maintenance & Upgrade
Although IaaS service providers maintain the software, but they do not upgrade
the software for some organizations.
3. Interoperability issues
It is difficult to migrate VM from one IaaS provider to the other, so the customers
might face problem related to vendor lock-in.
Some important point about IaaS cloud computing layer.
IaaS cloud computing platform cannot replace the traditional hosting method, but it
provides more than that, and each resource which are used are predictable as per the
usage.
IaaS cloud computing platform may not eliminate the need for an in-house IT department.
It will be needed to monitor or control the IaaS setup. IT salary expenditure might not
reduce significantly, but other IT expenses can be reduced.
Breakdowns at the IaaS cloud computing platform vendor's can bring your business to
the halt stage. Assess the IaaS cloud computing platform vendor's stability and finances.
Make sure that SLAs (i.e., Service Level Agreement) provide backups for data, hardware,
network, and application failures. Image portability and third-party support is a plus point.
The IaaS cloud computing platform vendor can get access to your sensitive data. So,
engage with credible companies or organizations. Study their security policies and
precautions.
1.9.4 Platform as a Service (PaaS)
PaaS cloud computing platform is created for the programmer to develop, test, run, and
manage the applications.
Characteristics of PaaS
There are the following characteristics of PaaS -

o Accessible to various users via the same development application.
o Integrates with web services and databases.
o Builds on virtualization technology, so resources can easily be scaled up or down
as per the organization's need.
o Support multiple languages and frameworks.
o Provides an ability to "Auto-scale".
Example: AWS Elastic Beanstalk, Windows Azure, Heroku, Force.com, Google App
Engine, Apache Stratos, Magento Commerce Cloud, and OpenShift.
Platform as a Service | PaaS
Platform as a Service (PaaS) provides a runtime environment. It allows programmers to

easily create, test, run, and deploy web applications. You can purchase these applications
from a cloud service provider on a pay-as-per use basis and access them using the
Internet connection. In PaaS, back end scalability is managed by the cloud service
provider, so end- users do not need to worry about managing the infrastructure.
PaaS includes infrastructure (servers, storage, and networking) and platform

(middleware, development tools, database management systems, business intelligence,
and more) to support the web application life cycle.
Example: Google App Engine, Force.com, Joyent, Azure.
PaaS providers provide the Programming languages, Application frameworks,

Databases, and Other tools:
Image: Cloud PaaS Components


1. Programming languages
PaaS providers provide various programming languages for the developers to develop
the applications. Some popular programming languages provided by PaaS providers are
Java, PHP, Ruby, Perl, and Go.
2. Application frameworks
PaaS providers provide application frameworks to easily understand the application

development. Some popular application frameworks provided by PaaS providers are
Node.js, Drupal, Joomla, WordPress, Spring, Play, Rack, and Zend.
3. Databases
PaaS providers provide various databases such as ClearDB, PostgreSQL, MongoDB,

and Redis to communicate with the applications.
4. Other tools
PaaS providers provide various other tools that are required to develop, test, and deploy
the applications.
Advantages of PaaS
There are the following advantages of PaaS -
1) Simplified Development
PaaS allows developers to focus on development and innovation without worrying

about infrastructure management.
2) Lower risk
No need for up-front investment in hardware and software. Developers only need
a PC and an internet connection to start building applications.
3) Prebuilt business functionality
Some PaaS vendors also provide already defined business functionality so that
users can avoid building everything from very scratch and hence can directly start
the projects only.
4) Instant community

PaaS vendors frequently provide online communities where the developer can get
the ideas to share experiences and seek advice from others.
5) Scalability
Applications deployed can scale from one to thousands of users without any
changes to the applications.
Disadvantages of PaaS cloud computing layer
1) Vendor lock-in
One has to write the applications according to the platform provided by the PaaS
vendor, so the migration of an application to another PaaS vendor would be a
problem.
2) Data Privacy
Corporate data, whether it can be critical or not, will be private, so if it is not located
within the walls of the company, there can be a risk in terms of privacy of data.
3) Integration with the rest of the systems applications
It may happen that some applications are local, and some are in the cloud. So
there will be chances of increased complexity when we want to use data which in
the cloud with the local data.
1.9.5 Software as a Service (SaaS)
SaaS is also known as "on-demand software". It is a software in which the applications

are hosted by a cloud service provider. Users can access these applications with the help
of internet connection and web browser.
Characteristics of SaaS
There are the following characteristics of SaaS -
o Managed from a central location

o Hosted on a remote server
o Accessible over the internet
o Users are not responsible for hardware and software updates. Updates are applied
automatically.
o The services are purchased on the pay-as-per-use basis

Example: BigCommerce, Google Apps, Salesforce, Dropbox, ZenDesk, Cisco WebEx,
ZenDesk, Slack, and GoToMeeting.
Popular PaaS Providers
Image: PaaS Providers
Software as a Service | SaaS
SaaS is also known as "On-Demand Software". It is a software distribution model in

which services are hosted by a cloud service provider. These services are available to
end-users over the internet so, the end-users do not need to install any software on their
devices to access these services.
There are the following services provided by SaaS providers -
Business Services - SaaS Provider provides various business services to start-up the
business. The SaaS business services include ERP (Enterprise Resource
Planning), CRM (Customer Relationship Management), billing, and sales.
Document Management - SaaS document management is a software application

offered by a third party (SaaS providers) to create, manage, and track electronic
documents.
Example: Slack, Samepage, Box, and Zoho Forms.
Social Networks - As we all know, social networking sites are used by the general public,
so social networking service providers use SaaS for their convenience and handle the
general public's information.
Mail Services - To handle the unpredictable number of users and load on e-mail services,
many e-mail providers offering their services using SaaS.

Image: Cloud SaaS Model
Advantages of SaaS cloud computing layer
1) SaaS is easy to buy
SaaS pricing is based on a monthly fee or annual fee subscription, so it allows

organizations to access business functionality at a low cost, which is less than
licensed applications.
Unlike traditional software, which is sold as a licensed based with an up-front cost
(and often an optional ongoing support fee), SaaS providers are generally pricing
the applications using a subscription fee, most commonly a monthly or annually
fee.
2. One to Many
SaaS services are offered as a one-to-many model means a single instance of the
application is shared by multiple users.
3. Less hardware required for SaaS
The software is hosted remotely, so organizations do not need to invest in

additional hardware.
4. Low maintenance required for SaaS
Software as a service removes the need for installation, set-up, and daily
maintenance for the organizations. The initial set-up cost for SaaS is typically less
than the enterprise software. SaaS vendors are pricing their applications based on
some usage parameters, such as a number of users using the application. So
SaaS does easy to monitor and automatic updates.
5. No special software or hardware versions required

All users will have the same version of the software and typically access it through
the web browser. SaaS reduces IT support costs by outsourcing hardware and
software maintenance and support to the IaaS provider.
6. Multidevice support
SaaS services can be accessed from any device such as desktops, laptops,
tablets, phones, and thin clients.
7. API Integration
SaaS services easily integrate with other software or services through standard
APIs.
8. No client-side installation
SaaS services are accessed directly from the service provider using the internet
connection, so do not need to require any software installation.
Disadvantages of SaaS cloud computing layer
1) Security
Actually, data is stored in the cloud, so security may be an issue for some users.
However, cloud computing is not more secure than in-house deployment.
2) Latency issue
Since data and applications are stored in the cloud at a variable distance from the
end-user, there is a possibility that there may be greater latency when interacting
with the application compared to local deployment. Therefore, the SaaS model is
not suitable for applications whose demand response time is in milliseconds.
3) Total Dependency on Internet
Without an internet connection, most SaaS applications are not usable.
4) Switching between SaaS vendors is difficult
Switching SaaS vendors involves the difficult and slow task of transferring the very
large data files over the internet and then converting and importing them into
another SaaS also.

1.9.6 Difference between IaaS, PaaS, and SaaS
The below table shows the difference between IaaS, PaaS, and SaaS
IaaS Paas SaaS
It provides a virtual data It provides virtual It provides web software

center to store information platforms and tools to and apps to complete
and create platforms for app create, test, and deploy business tasks.
development, testing, and apps.
deployment.
It provides access to It provides runtime It provides software as a

resources such as virtual environments and service to the end-users.
machines, virtual storage, deployment tools for
etc. applications.
It is used by network It is used by It is used by end users.

architects. developers.
IaaS provides only PaaS provides SaaS provides

Infrastructure. Infrastructure+Platform. Infrastructure+Platform
+Software.

1.10 Identifying Types of Service Model Offerings
Activity: This activity requires learners to login to Azure dashboard and browse
through various service offerings by category. Learner needs to identify and divide by
themselves the services into classifies categories of IaaS, PaaS and SaaS.
The Azure cloud platform is more than 200 products and cloud services designed to
help you bring new solutions to life—to solve today's challenges and create the future.
Build, run and manage applications across multiple clouds, on-premises and at the
edge, with the tools and frameworks of your choice.
1.10.1 Azure Compute Services.
1.10.2 Azure Networking Services

1.10.3 Azure Storage

1.10.4 Azure Web
1.10.5 Azure Mobile

1.10.6 Azure Containers
1.10.7 Azure Database

1.10.8 Azure Analytics
1.10.9 Azure Blockchain Service

1.10.10 Azure AI + Machine Learning
1.10.11 Internet of Things

1.10.12 DevOps
1.10.13 Monitor

1.11 Azure Cloud Global Infrastructure
1.11.1 What is Azure Global Infrastructure?
Azure global infrastructure is made up of two key components—physical infrastructure

and connective network components. The physical component is comprised of 160+
physical datacenters, arranged into regions, and linked by one of the largest
interconnected networks on the planet.
With the connectivity of the global Azure network, each of the Azure datacenters provides
high availability, low latency, scalability, and the latest advancements in cloud
infrastructure—all running on the Azure platform.
Together, these components keep data entirely within the trusted Microsoft network and
IP traffic never enters the public internet.
What is Azure datacenters?
Azure datacenters are unique physical buildings—located all over the globe—that house
a group of networked computer servers
What is Azure region?
An Azure region is a set of datacenters, deployed within a latency-defined perimeter and
connected through a dedicated regional low-latency network.
With more global regions than any other cloud provider, Azure gives customers the
flexibility to deploy applications where they need. An Azure region has discrete pricing
and service availability.
What is Azure geography?
An Azure geography is a discrete market, typically containing at least one or more

regions, that preserves data residency and compliance boundaries. Geographies allow
customers with specific data-residency and compliance needs to keep their data and
applications close. Geographies are fault-tolerant to withstand complete region failure
through their connection to the dedicated high-capacity networking infrastructure of
Azure.

Image: Azure Geographical view of global infrastructure
Reference: https://azurecomcdn.azureedge.net/cvt-
e3a122c14d54133f4987ad39a20b68bf418820b5ebac6c6a421232bba29588e9/images/shared/regions-map-
mobile.svg
What are Azure Availability Zones?
Azure Availability Zones are unique physical locations within an Azure region and offer
high availability to protect your applications and data from datacenter failures. Each zone
is made up of one or more datacenters equipped with independent power, cooling, and
networking.
The physical separation of availability zones within a region protects apps and data from
facility-level issues. Zone-redundant services replicate your apps and data across Azure
Availability Zones to protect from single points of failure.
What is the Azure Global Network?
The Azure global network refers to all of the components in networking and is comprised
of the Microsoft global wide-area network (WAN), points of presence (PoPs), fiber, and
others.
What are Azure Edge Zones?
Azure Edge Zones are footprint extensions of Azure, placed in densely populated areas.
Azure Edge Zones support virtual machines (VMs), containers, and a select set of Azure
services that let you run latency-sensitive and throughput-intensive apps close to your
end users.
Azure Edge Zones are part of the Microsoft global network and offer secure, reliable, and
high-bandwidth connectivity between apps—running at the Azure Edge Zone (close to
the user), and the full set of Azure services running across the larger Azure regions.

1.11.2 What is Microsoft Global Wide-Area Network (WAN)
The Microsoft global wide-area network (WAN) connects hundreds of datacenters in
regions around the world and offers high availability and capacity. With the flexibility to
immediately respond to unpredictable demand spikes, the global WAN is critical in
delivering a great cloud service experience.
What’s an Azure point of presence?
An Azure point of presence, often abbreviated as PoP, is an access point or physical
location where traffic can enter or exit the Microsoft global network.
What are regional network gateway?
Regional network gateways are massively parallel, hyperscale datacenter interconnects
between datacenters within a region—without the need to network each individual
datacenter to the others in a region.
This ensures that connection issues in one datacenter don’t cause issues for the wider
region. This also allows the addition of new datacenters without the need to route direct
network connections to each existing datacenter.
Image: Azure Global Network
e3a122c14d54133f4987ad39a20b68bf418820b5ebac6c6a421232bba29588e9/images/shared/regions-map-
mobile.svg

1.12 Creating Multi AZ deployment of VMs
Acitivity: This activity talks about how to create a virtual network using the Azure portal.
You deploy two virtual machines (VMs). Next, you securely communicate between VMs
and connect to VMs from the internet. A virtual network is the fundamental building block
for your private network in Azure. It enables Azure resources, like VMs, to securely
communicate with each other and with the internet.
1.12.1 Create a Virtual Network Using the Azure Portal
Sign in to Azure
Sign in to the Azure portal.
Create a virtual network
1. Select Create a resource in the upper left-hand corner of the portal.
2. In the search box, enter Virtual Network. Select Virtual Network in the
search results.
3. In the Virtual Network page, select Create.
T AB L E 1
Setting Value
Project details
Subscription Select your subscription.
Resource group Select Create new.

Enter myResourceGroup.
Select OK.
Instance details
Name Enter myVNet.
Region Select (US) East US.
4. In Create virtual network, enter or select this information in the Basics tab:

5. Select the IP Addresses tab, or select the Next: IP Addresses button at the
bottom of the page.
6. In IPv4 address space, select the existing address space and change it
to 10.1.0.0/16.
7. Select + Add subnet, then enter MySubnet for Subnet
name and 10.1.0.0/24 for Subnet address range.
8. Select Add.
9. Select the Security tab, or select the Next: Security button at the bottom of
the page.
10. Under BastionHost, select Enable. Enter this information:
T AB L E 2
Setting Value
Bastion name Enter myBastionHost
AzureBastionSubnet address space Enter 10.1.1.0/24

T AB L E 2
Setting Value
Public IP Address Select Create new.

For Name, enter myBastionIP.
Select OK.
11. Select the Review + create tab or select the Review + create button.
12. Select Create.
Create virtual machines
Create two VMs in the virtual network:
Create the first VM
1. On the upper-left side of the portal, select Create a

resource > Compute > Virtual machine.
2. In Create a virtual machine, type or select the values in the Basics tab:
T AB L E 3
Setting Value
Project Details
Subscription Select your Azure subscription
Resource Group Select myResourceGroup
Instance details
Virtual machine name Enter myVM1
Region Select (US) East US
Availability Options Select No infrastructure redundancy required
Image Select Windows Server 2019 Datacenter
Azure Spot instance Select No
Size Choose VM size or take default setting

T AB L E 3
Setting Value
Administrator account
Username Enter a username
Password Enter a password
Confirm password Reenter password
Inbound port rules
Public inbound ports Select None.
3. Select the Networking tab, or select Next: Disks, then Next: Networking.
4. In the Networking tab, select or enter:
T AB L E 4
Setting Value
Network interface
Virtual network Select myVNet.
Subnet Select mySubnet
Public IP Select None
NIC network security group Select Basic
Public inbound ports network Select None.
5. Select the Review + create tab, or select the blue Review + create button
at the bottom of the page.
6. Review the settings, and then select Create.
Create the second VM


T AB L E 5
Setting Value
Project Details
Instance details
Inbound port rules
T AB L E 6
Setting Value
Network interface

T AB L E 6
Setting Value
5. Select the Review + create tab, or select the blue Review + create button
at the bottom of the page.
1.12.2 Connect to myVM1
1. Go to the Azure portal to manage your private VM. Search for and
select Virtual machines.
2. Pick the name of your private virtual machine myVM1.
3. In the VM menu bar, select Connect, then select Bastion.
4. In the Connect page, select the blue Use Bastion button.

5. In the Bastion page, enter the username and password you created for the
virtual machine previously.
6. Select Connect.

Communicate between VMs
1. In the bastion connection of myVM1, open PowerShell.

2. Enter ping myvm2.
You'll receive a message similar to this output:
PowerShell
Pinging myvm2.cs4wv3rxdjgedggsfghkjrxuqf.bx.internal.cloudapp.net
[10.1.0.5] with 32 bytes of data:
Reply from 10.1.0.5: bytes=32 time=3ms TTL=128
Ping statistics for 10.1.0.5:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 3ms, Average = 1ms
3. Close the bastion connection to myVM1.

4. Complete the steps in Connect to myVM1, but connect to myVM2.
5. Open PowerShell on myVM2, enter ping myvm1.
You'll receive something like this message:
PowerShell
Pinging myvm1.cs4wv3rxdjgedggsfghkjrxuqf.bx.internal.cloudapp.net
[10.1.0.4] with 32 bytes of data:


Clean up resources
You have created a default virtual network and two VMs.
You connected to one VM from the internet and securely communicated between the two
VMs.
When you're done using the virtual network and the VMs, delete the resource group and
all of the resources it contains:
1. Search for and select myResourceGroup.

2. Select Delete resource group.
3. Enter myResourceGroup for TYPE THE RESOURCE GROUP NAME and
select Delete.

Chapter 2: Learning Through Cloud
Core Services
Learning Outcomes:
 Understand core services like storage, compute, database, security and
Networking
 Use database concepts to build database services and applications
 Create secure network infrastructure for resources in cloud
 Manage identity and access control against cloud resources
 Create and integrate AI Cognitive services with applications
2.1 Microsoft Azure Core Services- Compute.

Azure compute is an on-demand computing service for running cloud-based applications.
It provides computing resources such as disks, processors, memory, networking, and
operating systems. The resources are available on-demand and can typically be made
available in minutes or even seconds. You pay only for the resources you use, and only
for as long as you're using them.
Azure supports a wide range of computing solutions for development and testing, running
applications, and extending your datacentre. The service supports Linux, Windows
Server, SQL Server, Oracle, IBM, and SAP. Azure also has many services that can run
virtual machines (VMs). Each service provides different options depending on your
requirements. Some of the most prominent services are:
 Azure Virtual Machines

 Azure Container Instances
 Azure App Service
 Azure Functions (or serverless computing)

Image: Compute Services
Reference: https://portal.azure.com/#home
2.1.1 Virtual Machines
Virtual machines are software emulations of physical computers. They include a virtual
processor, memory, storage, and networking resources. VMs host an operating system,
and you can install and run software just like a physical computer. When using a remote
desktop client, you can use and control the VM as if you were sitting in front of it.
With Azure Virtual Machines, you can create and use VMs in the cloud. Virtual Machines
provides infrastructure as a service (IaaS) and can be used in different ways. When you
need total control over an operating system and environment, VMs are an ideal choice.
Just like a physical computer, you can customize all the software running on the VM. This
ability is helpful when you're running custom software or custom hosting configurations.
Virtual machine scale sets
Virtual machine scale sets are an Azure compute resource that you can use to deploy
and manage a set of identical VMs. With all VMs configured the same, virtual machine
scale sets are designed to support true autoscale. No pre-provisioning of VMs is required.
For this reason, it's easier to build large-scale services targeting big compute, big data,
and containerized workloads. As demand goes up, more VM instances can be added. As
demand goes down, VM instances can be removed. The process can be manual,
automated, or a combination of both.

Containers and Kubernetes
Container Instances and Azure Kubernetes Service are Azure compute resources that
you can use to deploy and manage containers. Containers are lightweight, virtualized
application environments. They're designed to be quickly created, scaled out, and
stopped dynamically. You can run multiple instances of a containerized application on a
single host machine
App Service
With Azure App Service, you can quickly build, deploy, and scale enterprise-grade web,
mobile, and API apps running on any platform. You can meet rigorous performance,
scalability, security, and compliance requirements while using a fully managed platform
to perform infrastructure maintenance. App Service is a platform as a service (PaaS)
offering.
Functions
Functions are ideal when you're concerned only about the code running your service and
not the underlying platform or infrastructure. They're commonly used when you need to
perform work in response to an event (often via a REST request), timer, or message from
another Azure service, and when that work can be completed quickly, within seconds or
less.

2.2 Create Compute Service Linux Instance with Development
Environment
Activity: This activity will allow learners to create a Linux VM in Azure cloud and then
install LAMP stack web server on the VM. This activity focuses on creating environment
for web application development and following it, learners would be able to get knowledge
of first steps to creating and preparing web application servers.
2.2.1 Install a LAMP web server on a Linux virtual machine in Azure.
In this content you will walks you through how to deploy an Apache web server, MySQL,
and PHP (the LAMP stack) on an Ubuntu VM in Azure. To see the LAMP server in action,
you can optionally install and configure a WordPress site. In this tutorial you learn how to:
 Create an Ubuntu VM (the 'L' in the LAMP stack)

 Open port 80 for web traffic
 Install Apache, MySQL, and PHP
 Verify installation and configuration
 Install WordPress on the LAMP server
This setup is for quick tests or proof of concept. For more on the LAMP stack, including
recommendations for a production environment, see the Ubuntu documentation.
This tutorial uses the CLI within the Azure Cloud Shell, which is constantly updated to the
latest version. To open the Cloud Shell, select Try it from the top of any code block.
If you choose to install and use the CLI locally, this tutorial requires that you are running
the Azure CLI version 2.0.30 or later. Run az --version to find the version. If you need to
install or upgrade, see Install Azure CLI.
2.2.2 Create a resource group
Create a resource group with the az group create command. An Azure resource group is
a logical container into which Azure resources are deployed and managed.
The following example creates a resource group named myResourceGroup in

the eastus location.
Azure CLI
Try It
az group create --name myResourceGroup --location eastus

2.2.3 Create a virtual machine
Create a VM with the az vm create command.
The following example creates a VM named myVM and creates SSH keys if they do not
already exist in a default key location. To use a specific set of keys, use the --ssh-key-
value option. The command also sets azureuser as an administrator user name. You use
this name later to connect to the VM.
Azure CLI
Try It
az vm create \
--resource-group myResourceGroup \
--name myVM \
--image UbuntuLTS \
--admin-username azureuser \
--generate-ssh-keys
When the VM has been created, the Azure CLI shows information similar to the following
example. Take note of the publicIpAddress. This address is used to access the VM in
later steps.
Output
{
"fqdns": "",

"id": "/subscriptions/<subscription
ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/
myVM",
"location": "eastus",
"macAddress": "00-0D-3A-23-9A-49",
"powerState": "VM running",
"privateIpAddress": "10.0.0.4",
"publicIpAddress": "40.121.4.215",
"resourceGroup": "myResourceGroup"
}
Open port 80 for web traffic
By default, only SSH connections are allowed into Linux VMs deployed in Azure. Because
this VM is going to be a web server, you need to open port 80 from the internet. Use
the az vm open-port command to open the desired port.
Azure CLI
Try It
az vm open-port --port 80 --resource-group myResourceGroup --name myVM

SSH into your VM
If you don't already know the public IP address of your VM, run the az network public-ip
list command. You need this IP address for several later steps.
Azure CLI
Try It
az network public-ip list --resource-group myResourceGroup --query [].ipAddress
Use the following command to create an SSH session with the virtual machine. Substitute
the correct public IP address of your virtual machine. In this example, the IP address
is 40.121.4.215. azureuser is the administrator user name set when you created the VM.
Bash
ssh azureuser@40.121.4.215

2.2.4 Install Apache, MySQL, and PHP
Run the following command to update Ubuntu package sources and install Apache,
MySQL, and PHP. Note the caret (^) at the end of the command, which is part of the lamp-
server^ package name.
~$: bash
sudo apt update && sudo apt install lamp-server^
You are prompted to install the packages and other dependencies. This process installs
the minimum required PHP extensions needed to use PHP with MySQL.
Verify installation and configuration

Verify Apache
Check the version of Apache with the following command:
Bash
apache2 -v
With Apache installed, and port 80 open to your VM, the web server can now be accessed
from the internet. To view the Apache2 Ubuntu Default Page, open a web browser, and
enter the public IP address of the VM. Use the public IP address(40.121.4.215) you used
to SSH to the VM:
Verify and secure MySQL
Check the version of MySQL with the following command (note the capital V parameter):
Bash
mysql -V
To help secure the installation of MySQL, including setting a root password, run
the mysql_secure_installation script.
Bash
sudo mysql_secure_installation
You can optionally set up the Validate Password Plugin (recommended). Then, set a
password for the MySQL root user, and configure the remaining security settings for your
environment. We recommend that you answer "Y" (yes) to all questions.

If you want to try MySQL features (create a MySQL database, add users, or change
configuration settings), login to MySQL. This step is not required to complete this tutorial.
Bash
sudo mysql -u root -p
When done, exit the mysql prompt by typing \q.
Verify PHP
Check the version of PHP with the following command:
Bash
php -v
If you want to test further, create a quick PHP info page to view in a browser. The following
command creates the PHP info page:
Bash
sudo sh -c 'echo "<?php phpinfo(); ?>" > /var/www/html/info.php'
Now you can check the PHP info page you created. Open a browser and go
to http://yourPublicIPAddress/info.php. Substitute the public IP address of your VM. It
should look similar to this image.
Open your browser and type
http://40.121.4.215/info.php

2.3 Azure Storage Services
The Azure Storage platform is Microsoft's cloud storage solution for modern data storage
scenarios. Core storage services offer a massively scalable object store for data objects,
disk storage for Azure virtual machines (VMs), a file system service for the cloud, a
messaging store for reliable messaging, and a NoSQL store. The services are:
 Durable and highly available. Redundancy ensures that your data is safe
in the event of transient hardware failures. You can also opt to replicate data
across datacenters or geographical regions for additional protection from
local catastrophe or natural disaster. Data replicated in this way remains
highly available in the event of an unexpected outage.
 Secure. All data written to an Azure storage account is encrypted by the
service. Azure Storage provides you with fine-grained control over who has
access to your data.
 Scalable. Azure Storage is designed to be massively scalable to meet the
data storage and performance needs of today's applications.
 Managed. Azure handles hardware maintenance, updates, and critical
issues for you.
 Accessible. Data in Azure Storage is accessible from anywhere in the world
over HTTP or HTTPS. Microsoft provides client libraries for Azure Storage in
a variety of languages, including .NET, Java, Node.js, Python, PHP, Ruby,
Go, and others, as well as a mature REST API. Azure Storage supports
scripting in Azure PowerShell or Azure CLI. And the Azure portal and Azure
Storage Explorer offer easy visual solutions for working with your data.
2.3.1 Core storage services
The Azure Storage platform includes the following data services:
 Azure Blobs: A massively scalable object store for text and binary data. Also
includes support for big data analytics through Data Lake Storage Gen2.
 Azure Files: Managed file shares for cloud or on-premises deployments.
 Azure Queues: A messaging store for reliable messaging between
application components.
 Azure Tables: A NoSQL store for schemaless storage of structured data.
 Azure Disks: Block-level storage volumes for Azure VMs.
Each service is accessed through a storage account. To get started, see Create a storage
account.

Example scenarios
The following table compares Files, Blobs, Disks, Queues, and Tables, and shows
example scenarios for each.
E X AM P L E S C E N A R I O S
Feature Description When to use
Azure Offers fully managed cloud file You want to "lift and shift" an application to the
Files shares that you can access from cloud that already uses the native file system APIs
anywhere via the industry to share data between it and other applications
standard Server Message Block running in Azure.
(SMB) protocol.
You want to replace or supplement on-premises
You can mount Azure file shares file servers or NAS devices.
from cloud or on-premises
deployments of Windows, Linux, You want to store development and debugging
and macOS. tools that need to be accessed from many virtual
machines.
Azure Allows unstructured data to be You want your application to support streaming
Blobs stored and accessed at a and random access scenarios.
massive scale in block blobs.
You want to be able to access application data
Also supports Azure Data Lake from anywhere.
Storage Gen2 for enterprise big
data analytics solutions. You want to build an enterprise data lake on
Azure and perform big data analytics.
Azure Allows data to be persistently You want to "lift and shift" applications that use
Disks stored and accessed from an native file system APIs to read and write data to
attached virtual hard disk. persistent disks.
You want to store data that is not required to be

accessed from outside the virtual machine to
which the disk is attached.

E X AM P L E S C E N A R I O S
Feature Description When to use
Azure Allows for asynchronous You want to decouple application components

Queues message queueing between and use asynchronous messaging to
application components. communicate between them.
For guidance around when to use Queue storage

versus Service Bus queues, see Storage queues
and Service Bus queues - compared and
contrasted.
Azure Allow you to store structured You want to store flexible datasets like user data
Tables NoSQL data in the cloud, for web applications, address books, device
providing a key/attribute store information, or other types of metadata your
with a schemaless design. service requires.
For guidance around when to use Table storage

versus the Azure Cosmos DB Table API,
see Developing with Azure Cosmos DB Table API
and Azure Table storage.
2.3.2 Blob storage
Azure Blob storage is Microsoft's object storage solution for the cloud. Blob storage is
optimized for storing massive amounts of unstructured data, such as text or binary data.
Blob storage is ideal for:
 Serving images or documents directly to a browser.

 Storing files for distributed access.
 Streaming video and audio.
 Storing data for backup and restore, disaster recovery, and archiving.
 Storing data for analysis by an on-premises or Azure-hosted service.
Objects in Blob storage can be accessed from anywhere in the world via HTTP or HTTPS.
Users or client applications can access blobs via URLs, the Azure Storage REST
API, Azure PowerShell, Azure CLI, or an Azure Storage client library. The storage client
libraries are available for multiple languages,
including .NET, Java, Node.js, Python, PHP, and Ruby.
For more information about Blob storage, see Introduction to Blob storage.

2.3.3 Azure Files
Azure Files enables you to set up highly available network file shares that can be
accessed by using the standard Server Message Block (SMB) protocol. That means that
multiple VMs can share the same files with both read and write access. You can also read
the files using the REST interface or the storage client libraries.
One thing that distinguishes Azure Files from files on a corporate file share is that you
can access the files from anywhere in the world using a URL that points to the file and
includes a shared access signature (SAS) token. You can generate SAS tokens; they
allow specific access to a private asset for a specific amount of time.
File shares can be used for many common scenarios:
 Many on-premises applications use file shares. This feature makes it easier
to migrate those applications that share data to Azure. If you mount the file
share to the same drive letter that the on-premises application uses, the part
of your application that accesses the file share should work with minimal, if
any, changes.
 Configuration files can be stored on a file share and accessed from multiple
VMs. Tools and utilities used by multiple developers in a group can be stored
on a file share, ensuring that everybody can find them, and that they use the
same version.
 Resource logs, metrics, and crash dumps are just three examples of data
that can be written to a file share and processed or analyzed later.
For more information about Azure Files, see Introduction to Azure Files.
Some SMB features are not applicable to the cloud. For more information, see Features
not supported by the Azure File service.
2.3.4 Queue storage
The Azure Queue service is used to store and retrieve messages. Queue messages can
be up to 64 KB in size, and a queue can contain millions of messages. Queues are
generally used to store lists of messages to be processed asynchronously.
For example, say you want your customers to be able to upload pictures, and you want
to create thumbnails for each picture. You could have your customer wait for you to create
the thumbnails while uploading the pictures. An alternative would be to use a queue.
When the customer finishes their upload, write a message to the queue. Then have an
Azure Function retrieve the message from the queue and create the thumbnails. Each of

the parts of this processing can be scaled separately, giving you more control when tuning
it for your usage.
For more information about Azure Queues, see Introduction to Queues.
2.3.5 Table storage
Azure Table storage is now part of Azure Cosmos DB. To see Azure Table storage
documentation, see the Azure Table Storage Overview. In addition to the existing Azure
Table storage service, there is a new Azure Cosmos DB Table API offering that provides
throughput-optimized tables, global distribution, and automatic secondary indexes. To
learn more and try out the new premium experience, see Azure Cosmos DB Table API.
For more information about Table storage, see Overview of Azure Table storage.
2.3.6 Disk storage
An Azure managed disk is a virtual hard disk (VHD). You can think of it like a physical
disk in an on-premises server but, virtualized. Azure-managed disks are stored as page
blobs, which are a random IO storage object in Azure. We call a managed disk 'managed'
because it is an abstraction over page blobs, blob containers, and Azure storage
accounts. With managed disks, all you have to do is provision the disk, and Azure takes
care of the rest.
For more information about managed disks, see Introduction to Azure managed disks.
2.3.7 Types of storage accounts
Azure Storage offers several types of storage accounts. Each type supports different
features and has its own pricing model. For more information about storage account
types, see Azure storage account overview.
Secure access to storage accounts
Every request to Azure Storage must be authorized. Azure Storage supports the following
authorization methods:
 Azure Active Directory (Azure AD) integration for blob and queue
data. Azure Storage supports authentication and authorization with Azure
AD for the Blob and Queue services via Azure role-based access control
(Azure RBAC). Authorizing requests with Azure AD is recommended for
superior security and ease of use. For more information, see Authorize
access to Azure blobs and queues using Azure Active Directory.

 Azure AD authorization over SMB for Azure Files. Azure Files supports
identity-based authorization over SMB (Server Message Block) through
either Azure Active Directory Domain Services (Azure AD DS) or on-
premises Active Directory Domain Services (preview). Your domain-joined
Windows VMs can access Azure file shares using Azure AD credentials. For
more information, see Overview of Azure Files identity-based authentication
support for SMB access and Planning for an Azure Files deployment.
 Authorization with Shared Key. The Azure Storage Blob, Files, Queue, and
Table services support authorization with Shared Key. A client using Shared
Key authorization passes a header with every request that is signed using
the storage account access key. For more information, see Authorize with
Shared Key.
 Authorization using shared access signatures (SAS). A shared access
signature (SAS) is a string containing a security token that can be appended
to the URI for a storage resource. The security token encapsulates
constraints such as permissions and the interval of access. For more
information, see Using Shared Access Signatures (SAS).
 Anonymous access to containers and blobs. A container and its blobs
may be publicly available. When you specify that a container or blob is public,
anyone can read it anonymously; no authentication is required. For more
information, see Manage anonymous read access to containers and blobs.
Encryption
There are two basic kinds of encryption available for the core storage services. For more
information about security and encryption, see the Azure Storage security guide.
Encryption at rest
Azure Storage encryption protects and safeguards your data to meet your organizational
security and compliance commitments. Azure Storage automatically encrypts all data
prior to persisting to the storage account and decrypts it prior to retrieval. The encryption,
decryption, and key management processes are transparent to users. Customers can
also choose to manage their own keys using Azure Key Vault. For more information,
see Azure Storage encryption for data at rest.
Client-side encryption
The Azure Storage client libraries provide methods for encrypting data from the client
library before sending it across the wire and decrypting the response. Data encrypted via
client-side encryption is also encrypted at rest by Azure Storage. For more information
about client-side encryption, see Client-side encryption with .NET for Azure Storage.

Redundancy
To ensure that your data is durable, Azure Storage stores multiple copies of your data.
When you set up your storage account, you select a redundancy option. For more
information, see Azure Storage redundancy.
Transfer data to and from Azure Storage
You have several options for moving data into or out of Azure Storage. Which option you
choose depends on the size of your dataset and your network bandwidth. For more
information, see Choose an Azure solution for data transfer.
Pricing
When making decisions about how your data is stored and accessed, you should also
consider the costs involved. For more information, see Azure Storage pricing.
Storage APIs, libraries, and tools
You can access resources in a storage account by any language that can make
HTTP/HTTPS requests. Additionally, the core Azure Storage services offer programming
libraries for several popular languages. These libraries simplify many aspects of working
with Azure Storage by handling details such as synchronous and asynchronous
invocation, batching of operations, exception management, automatic retries, operational
behavior, and so forth. Libraries are currently available for the following languages and
platforms, with others in the pipeline.

2.4 Creating Storage Service Instances for Archival & Backup
2.4.1 Create a Storage Account
To create a general-purpose v2 storage account in the Azure portal, follow these steps:
1. On the Azure portal menu, select All services. In the list of resources,
type Storage Accounts. As you begin typing, the list filters based on your
input. Select Storage Accounts.
2. On the Storage Accounts window that appears, choose Add.
3. On the Basics tab, select the subscription in which to create the storage
account.
4. Under the Resource group field, select your desired resource group, or
create a new resource group. For more information on Azure resource
groups, see Azure Resource Manager overview.
5. Next, enter a name for your storage account. The name you choose must be
unique across Azure. The name also must be between 3 and 24 characters
in length, and may include only numbers and lowercase letters.
6. Select a location for your storage account, or use the default location.
7. Select a performance tier. The default tier is Standard.
8. Set the Account kind field to Storage V2 (general-purpose v2).
9. Specify how the storage account will be replicated. The default replication
option is Read-access geo-redundant storage (RA-GRS). For more
information about available replication options, see Azure Storage
redundancy.
10. Additional options are available on the Networking, Data
protection, Advanced, and Tags tabs. To use Azure Data Lake Storage,
choose the Advanced tab, and then set Hierarchical
namespace to Enabled. For more information, see Azure Data Lake
Storage Gen2 Introduction
11. Select Review + Create to review your storage account settings and create
the account.
12. Select Create.
The following image shows the settings on the Basics tab for a new storage account:

2.4.2 Recover a deleted account from the Azure portal
To recover a deleted storage account from within another storage account, follow these
steps:
1. Navigate to the overview page for an existing storage account in the Azure
portal.
2. In the Support + troubleshooting section, select Recover deleted account.
3. From the dropdown, select the account to recover, as shown in the following
image. If the storage account that you want to recover is not in the dropdown,
then it cannot be recovered.

4. Select the Recover button to restore the account. The portal displays a notification
that the recovery is in progress.
2.4.3 Create a BlockBlobStorage account

o create a BlockBlobStorage account in the Azure portal, follow these steps:
1. In the Azure portal, select All services > the Storage category > Storage
accounts.
2. Under Storage accounts, select Add.
3. In the Subscription field, select the subscription in which to create the
storage account.
4. In the Resource group field, select an existing resource group or
select Create new, and enter a name for the new resource group.
5. In the Storage account name field, enter a name for the account. Note the
following guidelines:
o The name must be unique across Azure.
o The name must be between three and 24 characters long.
o The name can include only numbers and lowercase letters.
6. In the Location field, select a location for the storage account, or use the
default location.
7. For the rest of the settings, configure the following:
T AB L E 1
Field Value
Performance Select Premium.
Account kind Select BlockBlobStorage.

T AB L E 1
Field Value
Replication Leave the default setting of Locally-redundant storage (LRS).
8. Choose the Advanced tab.

9. If you want to optimize your storage account for data analytics, then
set Hierarchical namespace to Enabled. Otherwise, leave this option set to
its default value. Enabling this setting with your BlockBlobStorage account
gives you the premium tier for Data Lake Storage. To learn more about Data
Lake Storage, see Introduction to Azure Data Lake Storage Gen2.
10. Select Review + create to review the storage account settings.
11. Select Create.

2.4.4 Recover a deleted account from the Azure portal
To recover a deleted storage account from within another storage account, follow these
steps:
1. Navigate to the overview page for an existing storage account in the Azure
portal.
2. In the Support + troubleshooting section, select Recover deleted account.
3. From the dropdown, select the account to recover, as shown in the
following image. If the storage account that you want to recover is not in the
dropdown, then it cannot be recovered.
4. Select the Recover button to restore the account. The portal displays a notification
that the recovery is in progress
2.4.5 Upload, download, and list blobs with the Azure portal
Create a container
To create a container in the Azure portal, follow these steps:
1. Navigate to your new storage account in the Azure portal.

2. In the left menu for the storage account, scroll to the Blob service section,
then select Containers.
3. Select the + Container button.
4. Type a name for your new container. The container name must be lowercase,
must start with a letter or number, and can include only letters, numbers, and

the dash (-) character. For more information about container and blob names,
see Naming and referencing containers, blobs, and metadata.
5. Set the level of public access to the container. The default level is Private (no
anonymous access).
6. Select OK to create the container.
Upload a block blob
Block blobs consist of blocks of data assembled to make a blob. Most scenarios using
Blob storage employ block blobs. Block blobs are ideal for storing text and binary data in
the cloud, like files, images, and videos. This quickstart shows how to work with block
blobs.
To upload a block blob to your new container in the Azure portal, follow these steps:
1. In the Azure portal, navigate to the container you created in the previous
section.
2. Select the container to show a list of blobs it contains. This container is new,
so it won't yet contain any blobs.
3. Select the Upload button to open the upload blade and browse your local file
system to find a file to upload as a block blob. You can optionally expand
the Advanced section to configure other settings for the upload operation.

4. Select the Upload button to upload the blob.
5. Upload as many blobs as you like in this way. You'll see that the new blobs are
now listed within the container.
Download a block blob
You can download a block blob to display in the browser or save to your local file system.
To download a block blob, follow these steps:
1. Navigate to the list of blobs that you uploaded in the previous section.
2. Right-click the blob you want to download, and select Download.
Archive Blob
Enabling Archiving with Azure Blob Storage
1. Sign in to the Azure portal.
2. In the Azure portal, search for and select All Resources.
3. Select your storage account.
4. Select your container and then select your blob.
5. In the Blob properties, select Change tier.
6. Select the Hot or Cool access tier.
7. Select a Rehydrate Priority of Standard or High.
8. Select Save at the bottom.

2.4.6 Change the Access Tier of the Uploaded Blobs
Change Access Tier from Hot to Cool
1. Leave HotTier.json alone. It will remain in the hot access tier.
2. Select CoolTier.json and click Change tier.

3. In Change tier to the right, change the access tier to Cool.
4. Click Save.
Change Access Tier from Hot to Archive

1. Select ArchiveTier.json and click Change tier.
2. In Change tier to the right, change the access tier to Archive.
3. Click Save.
Test Downloading the Blobs

Test downloading each blob by clicking the ellipsis to the right of the blob and clicking
Download. You should be able to download the hot and cool access tier blobs but not the
archive tier blob.
Delete a block blob
To delete one or more blobs in the Azure portal, follow these steps:
1. In the Azure portal, navigate to the container.

2. Display the list of blobs in the container.
3. Use the checkbox to select one or more blobs from the list.
4. Select the Delete button to delete the selected blobs.
5. In the dialog, confirm the deletion, and indicate whether you also want to
delete blob snapshots.

2.4.7 Quickstart: Create an Azure SQL Database single database
In this quickstart, you create a single database in Azure SQL Database using either the
Azure portal, a PowerShell script, or an Azure CLI script. You then query the database
using Query editor in the Azure portal.
Prerequisite
 An active Azure subscription. If you don't have one, create a free account.
Create a single database
This quickstart creates a single database in the serverless compute tier.
 Portal
To create a single database in the Azure portal this quickstart starts at the Azure SQL
page.
1. Browse to the Select SQL Deployment option page.

2. Under SQL databases, leave Resource type set to Single database, and
select Create.
3. On the Basics tab of the Create SQL Database form, under Project details,
select the desired Azure Subscription.
4. For Resource group, select Create new, enter myResourceGroup, and
select OK.
5. For Database name enter mySampleDatabase.
6. For Server, select Create new, and fill out the New server form with the
following values:
o Server name: Enter mysqlserver, and add some characters for
uniqueness. We can't provide an exact server name to use
because server names must be globally unique for all servers in
Azure, not just unique within a subscription. So enter something

like mysqlserver12345, and the portal lets you know if it is
available or not.
o Server admin login: Enter azureuser.
o Password: Enter a password that meets requirements, and
enter it again in the Confirm password field.
o Location: Select a location from the dropdown list.
Select OK.
7. Leave Want to use SQL elastic pool set to No.

8. Under Compute + storage, select Configure database.
9. This quickstart uses a serverless database, so select Serverless, and then
select Apply.
10. Select Next: Networking at the bottom of the page.

11. On the Networking tab, for Connectivity method, select Public endpoint.
12. For Firewall rules, set Add current client IP address to Yes. Leave Allow
Azure services and resources to access this server set to No.
13. Select Next: Additional settings at the bottom of the page.

14. On the Additional settings tab, in the Data source section, for Use existing
data, select Sample. This creates an AdventureWorksLT sample database so
there's some tables and data to query and experiment with, as opposed to
an empty blank database.
15. Optionally, enable Azure Defender for SQL.
16. Optionally, set the maintenance window so planned maintenance is
performed at the best time for your database.
17. Select Review + create at the bottom of the page:

18. On the Review + create page, after reviewing, select Create.

Query the database
Once your database is created, you can use the Query editor (preview) in the Azure portal
to connect to the database and query data.
1. In the portal, search for and select SQL databases, and then select your
database from the list.
2. On the page for your database, select Query editor (preview) in the left menu.
3. Enter your server admin login information, and select OK.
4. Enter the following query in the Query editor pane.
SQLCopy
SELECT TOP 20 pc.Name as CategoryName, p.name as ProductName
FROM SalesLT.ProductCategory pc
JOIN SalesLT.Product p
ON pc.productcategoryid = p.productcategoryid;
5. Select Run, and then review the query results in the Results pane.

6. Close the Query editor page, and select OK when prompted to discard your
unsaved edits.
2.4.8 Set up SQL Data Sync between databases in Azure SQL Database
and SQL Server
Create sync group
1. Go to the Azure portal to find your database in SQL Database. Search for
and select SQL databases.

2. Select the database you want to use as the hub database for Data Sync.
Note: The hub database is a sync topology's central endpoint, in which a

sync group has multiple database endpoints. All other member databases
with endpoints in the sync group, sync with the hub database.
3. On the SQL database menu for the selected database, select Sync to other
databases.

4. On the Sync to other databases page, select New Sync Group. The New sync
group page opens with Create sync group (step 1).

On the Create Data Sync Group page, change the following settings:
T AB L E 1
Setting       Description
Sync Group Enter a name for the new sync group. This name is distinct from the
Name name of the database itself.
Sync Metadata Choose to create a database (recommended) or to use an existing

Database database.
If you choose New database, select Create new database. Then on

the SQL Database page, name and configure the new database and
select OK.
If you choose Use existing database, select the database from the
list.
Automatic Sync Select On or Off.
If you choose On, enter a number and

select Seconds, Minutes, Hours, or Days in the Sync
Frequency section.

T AB L E 1
The first sync begins after the selected interval period elapses from the
time the configuration is saved.
Conflict Select Hub win or Member win.

Resolution
Hub win means when conflicts occur, data in the hub database
overwrites conflicting data in the member database.
Member win means when conflicts occur, data in the member

database overwrites conflicting data in the hub database.
Use private link Choose a service managed private endpoint to establish a secure
connection between the sync service and the hub database.
Note
Microsoft recommends to create a new, empty database for use as the Sync
Metadata Database. Data Sync creates tables in this database and runs a
frequent workload. This database is shared as the Sync Metadata
Database for all sync groups in a selected region and subscription. You can't
change the database or its name without removing all sync groups and sync
agents in the region. Additionally, an Elastic jobs database cannot be used
as the SQL Data Sync Metadata database and vice versa.
Select OK and wait for the sync group to be created and deployed.
5. On the New Sync Group page, if you selected Use private link, you will need
to approve the private endpoint connection. The link in the info message will
take you to the private endpoint connections experience where you can
approve the connection.

Add sync members
After the new sync group is created and deployed, Add sync members (step 2) is
highlighted on the New sync group page.
In the Hub Database section, enter existing credentials for the server on which the hub
database is located. Don't enter new credentials in this section.

To add a database in Azure SQL Database
In the Member Database section, optionally add a database in Azure SQL Database to
the sync group by selecting Add an Azure SQL Database. The Configure Azure SQL
Database page opens.

On the Configure Azure SQL Database page, change the following settings:
T O AD D A D A T A B AS E I N AZ U R E S Q L D A T A B AS E
Sync Member Name Provide a name for the new sync member. This name is
distinct from the database name itself.
Subscription Select the associated Azure subscription for billing purposes.
Azure SQL Server Select the existing server.
Azure SQL Database Select the existing database in SQL Database.
Sync Directions Select Bi-directional Sync, To the Hub, or From the Hub.
Username and Password Enter the existing credentials for the server on which the
member database is located. Don't enter new credentials in
this section.

T O AD D A D A T A B AS E I N AZ U R E S Q L D A T A B AS E
Use private link Choose a service managed private endpoint to establish a

secure connection between the sync service and the member
database.
Select OK and wait for the new sync member to be created and deployed.
To add a SQL Server database
In the Member Database section, optionally add a SQL Server database to the sync group
by selecting Add an On-Premises Database. The Configure On-Premises page opens
where you can do the following things:
1. Select Choose the Sync Agent Gateway. The Select Sync Agent page opens.
2. On the Choose the Sync Agent page, choose whether to use an existing agent
or create an agent.
If you choose Existing agents, select the existing agent from the list.

If you choose Create a new agent, do the following things:
1. Download the data sync agent from the link provided and install it
on the computer where the SQL Server is located. You can also
download the agent directly from Azure SQL Data Sync Agent.
Important
You have to open outbound TCP port 1433 in the firewall to let the
client agent communicate with the server.
2. Enter a name for the agent.

3. Select Create and Generate Key and copy the agent key to the
clipboard.
4. Select OK to close the Select Sync Agent page.
3. On the SQL Server computer, locate and run the Client Sync Agent app.
1. In the sync agent app, select Submit Agent Key. The Sync Metadata
Database Configuration dialog box opens.
2. In the Sync Metadata Database Configuration dialog box, paste in
the agent key copied from the Azure portal. Also provide the
existing credentials for the server on which the metadata database
is located. (If you created a metadata database, this database is on
the same server as the hub database.) Select OK and wait for the
configuration to finish.

Note
If you get a firewall error, create a firewall rule on Azure to allow

incoming traffic from the SQL Server computer. You can create the
rule manually in the portal or in SQL Server Management Studio
(SSMS). In SSMS, connect to the hub database on Azure by
entering its name as
<hub_database_name>.database.windows.net.
3. Select Register to register a SQL Server database with the agent.

The SQL Server Configuration dialog box opens.
4. In the SQL Server Configuration dialog box, choose to connect

using SQL Server authentication or Windows authentication. If you
choose SQL Server authentication, enter the existing credentials.

Provide the SQL Server name and the name of the database that
you want to sync and select Test connection to test your settings.
Then select Save and the registered database appears in the list.
5. Close the Client Sync Agent app.

6. In the portal, on the Configure On-Premises page, select Select the Database.
7. On the Select Database page, in the Sync Member Name field, provide a
name for the new sync member. This name is distinct from the name of the
database itself. Select the database from the list. In the Sync
Directions field, select Bi-directional Sync, To the Hub, or From the Hub.

8. Select OK to close the Select Database page. Then select OK to close
the Configure On-Premises page and wait for the new sync member to be
created and deployed. Finally, select OK to close the Select sync
members page.
Note: To connect to SQL Data Sync and the local agent, add your user name to the
role DataSync_Executor. Data Sync creates this role on the SQL Server instance.
Configure sync group
After the new sync group members are created and deployed, Configure sync group (step
3) is highlighted in the New sync group page.

1. On the Tables page, select a database from the list of sync group members
and select Refresh schema.
2. From the list, select the tables you want to sync. By default, all columns are
selected, so disable the checkbox for the columns you don't want to sync. Be
sure to leave the primary key column selected.
3. Select Save.
4. By default, databases are not synced until scheduled or manually run. To run
a manual sync, navigate to your database in SQL Database in the Azure
portal, select Sync to other databases, and select the sync group. The Data
Sync page opens. Select Sync.

2.5 Basics of Networking & Network Protocols
2.5.1 Basics of Networking
Network types and topologies to use when you design a network
All networks are built on the same principles. You can apply these principles to design
and build your organization's local or cloud-based networks. When you build a network,
you need to know about the different types of networks, their topologies, and their uses.
What is a network?
A network is a collection of network-enabled devices, typically made up of computers,
switches, routers, printers, and servers. Networks are a fundamental part of day-to-day
life and exist in homes, workplaces, and public areas. Networks allow all types of network-
enabled devices to communicate.
Network types
Networks vary in size, shape, and usage. To make it easier to identify different network
types, they're categorized into one of the following network categories:
Personal area networks
Local area networks
Metropolitan area networks
Wide area networks
What is a personal area network?
A personal area network (PAN) provides networking needs around an individual. An
example of a PAN is where a smartphone, smartwatch, tablet, and laptop all connect and
share data without the need to connect to an access point or other third-party network
services.
PAN networks typically use Bluetooth to communicate because it provides a low-power,
short-range data-sharing capability. The network standards associated with a PAN are
Bluetooth and IEEE 802.15.
What is a local area network?
A local area network (LAN) provides networking needs around a single location. This
location might be an organization's office, a school, a university, a hospital, an airport,
and many others.
A LAN is usually privately owned and needs authentication and authorization to access.
Of the different classifications of a network, a LAN is by far the most commonly used.
What is a metropolitan area network?

A metropolitan area network (MAN) provides networking capabilities between two
different locations within a city or metropolitan area to provide a single extensive network.
Typically, a MAN requires a dedicated and secure connection between each LAN joined
to the MAN.

Image: Metropolitan Area Network
Reference: https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRjf3voLjdAETF_Pyb5jjcFMsd4Oq10e0oT-
A&usqp=CAU
What is a wide area network?
A wide area network (WAN) provides networking capabilities between two different
geographical locations locally or worldwide. For example, a WAN is used to connect an
organization's head office with branch offices all over the country. A WAN links multiple
LANs together to create one super network.
As a MAN, you use a virtual private network (VPN) to manage the connection between
different LANs.
2.5.2 Network topologies

A network topology describes the physical composition of a network. Let's look at four
topologies you can choose from when you design a LAN. They are:
 Bus
 Ring
 Mesh
 Star
Bus topology
A diagram of a bus topology showing five nodes connected of a single network segment.
In a bus topology, each network device is connected to a single network cable. Even
though it's the simplest type of network to implement, there are limitations to it.
The first limitation is the length of the main cable or bus. The longer it gets, the higher the
chance of signal dropout.

Image: Bus Topology
This limitation constrains the physical layout of the network. All devices have to be
physically located near each other, for example, in the same room. Finally, if there's a
break in the bus cable, the whole network fails.
Ring topology
A diagram of a ring topology showing nodes connected in a ring.
Image: Ring Topology
In a ring topology, each network device is connected to its neighbor to form a ring. This
form of network is more resilient than the bus topology.
A break in the cable ring also affects the performance of the network.
Mesh topology
A diagram of a mesh topology where all nodes are connected to all other nodes. The
mesh topology is described as either a physical mesh or a logical mesh.
In a physical mesh, each network device connects to every other network device in the
network. It dramatically increases the resilience of a network but has the physical
overhead of connecting all devices.

Image: Mesh Topology
Few networks today are built as a full mesh. Most networks use a partial mesh, where
some machines interconnect, but others connect through one device.
There's a subtle difference between a physical mesh network and a logical one. The
perception is that most modern networks are mesh based, since each device can see
and communicate with any other device on the network.
This description is of a logical mesh network and is primarily made possible through the
use of network protocols.
Star topology
A diagram of a star topology with a single node connected to all other nodes.
Image: Star Topology
The star topology is the most commonly used network topology. Each network device
connects to a centralized hub or switch.
Switches and hubs can be linked together to extend and build more extensive networks.
This type of typology is, by far, the most robust and scalable.
2.5.3 Ethernet
Ethernet is a networking standard that's synonymous with wire-based LAN networks and
also used in MAN and WAN networks. Ethernet has replaced other wired LAN
technologies like ARCNET and Token Ring and is an industry standard.
While Ethernet is associated with wired networks, keep in mind that it's not limited to wire,
since it's used over fiber-optic links as well.

The Ethernet standard defines a framework for data transmission, error handling, and
performance thresholds. It describes the rules for configuring an Ethernet network and
how each element in the network interacts with each other.
Ethernet is used in the OSI model at the data link and physical layers. It formed the basis
for the IEEE 802.3 Standard. This standard helped to unify network and hardware
development.
Ethernet is a continually evolving standard, and the original version supported a data
transmission rate of only 2.94 Mbps. In recent years, several iterations were released to
keep up with the demands for increased speed. Today, rates extend up to 400 Gbps.
Fast Ethernet
Fast Ethernet (IEEE 802.3u) was developed to support data transmission speeds of up
to 100 Mbps. Faster Ethernet is also referred to as the 100BASE-TX standard.
Gigabit Ethernet
Gigabit Ethernet (IEEE 802.3ab) was developed to support faster communication
networks that can support services like streaming multimedia and Voice over IP (VoIP).
The 1000BASE-T standard runs 10 times faster than the 100BASE-TX standard.
Gigabit Ethernet is now included in the 802.3 standards and recommended for enterprise
networks. The new standard is backward compatible with the 100BASE-T and the older
10BASE-T standards.
10 Gigabit Ethernet
The 10 Gigabit Ethernet (IEEE 802.3ae) standard has a nominal data transfer speed of
10 Gbps, which is 10 times faster than its predecessor. This speed improvement is made
possible only by using fiber optics. The standard now requires that 10 Gigabit Ethernet
networks use area-based routing rather than broadcasting data to all nodes. In that way,
network noise and traffic are reduced.
Terabit Ethernet
Terabit Ethernet offers data transfer speeds of 200 Gbps and 400 Gbps. It's expected
that Terabit Ethernet will offer speeds of 800 Gbps and 1.6 Tbps in the future.
2.5.4 Internet Protocol (IP)

Internet Protocol Suite
The Internet Protocol suite is a collection of communication protocols, also called a
protocol stack. It's also sometimes referred to as the TCP/IP protocol suite since both
TCP and IP are primary protocols used in the suite.
The IPS is an abstract, layered networking reference model. The IPS describes the
different layered protocols used to send and receive data on the internet and similar
networks.
The IPS model is one of several similar networking models that varies between three and
seven layers. The best-known model is the Open Systems Interconnection (OSI)

networking reference model. We're not going to cover the OSI model here. A
documentation link is available in the "Learn more" section at the end of this module.
Table: Internet Protocol Suite
Application layer: The top layer of this stack is concerned with application or process
communication. The application layer is responsible for determining which
communication protocols to use based on what type of message is transmitted. For
example, the layer assigns the correct email protocols such as POP, SMTP, or IMAP if
the message is email content.
Transport layer: This layer is responsible for host-to-host communication on the network.
The protocols associated with this layer are TCP and UDP. TCP is responsible for flow
control. UDP is responsible for providing a datagram service.
Internet layer: This layer is responsible for exchanging datagrams. A datagram contains
the data from the transport layer and adds in the origin and recipient IP addresses. The
protocols associated with this layer are IP, ICMP, and the Internet Protocol Security
(IPsec) suite.
Network access layer: The bottom layer of this stack is responsible for defining how the
data is sent across the network. The protocols associated with this layer are ARP, MAC,
Ethernet, DSL, and ISDN.
Internet Protocol
What is the Internet Protocol (IP)?
The Internet Protocol (IP) is a protocol, or set of rules, for routing and addressing packets
of data so that they can travel across networks and arrive at the correct destination.
Data traversing the Internet is divided into smaller pieces, called packets. IP information
is attached to each packet, and this information helps routers to send packets to the right
place.
Every device or domain that connects to the Internet is assigned an IP address, and as
packets are directed to the IP address attached to them, data arrives where it is needed.
Once the packets arrive at their destination, they are handled differently depending on
which transport protocol is used in combination with IP. The most common transport
protocols are TCP and UDP.

What is a network protocol?
In networking, a protocol is a standardized way of doing certain actions and formatting
data so that two or more devices are able to communicate with and understand each
other.
To understand why protocols are necessary, consider the process of mailing a letter. On
the envelope, addresses are written in the following order: name, street address, city,
state, and zip code.
If an envelope is dropped into a mailbox with the zip code written first, followed by the
street address, followed by the state, and so on, the post office won't deliver it. There is
an agreed-upon protocol for writing addresses in order for the postal system to work. In
the same way, all IP data packets must present certain information in a certain order, and
all IP addresses follow a standardized format.
How does IP addressing work?
An IP address is a unique identifier assigned to a device or domain that connects to the
Internet. Each IP address is a series of characters, such as '192.168.1.1'. Via DNS
resolvers, which translate human-readable domain names into IP addresses, users are
able to access websites without memorizing this complex series of characters. Each IP
packet will contain both the IP address of the device or domain sending the packet and
the IP address of the intended recipient, much like how both the destination address and
the return address are included on a piece of mail.
Image: Internet Protocol

Reference: https://www.assignmentpoint.com/wp-content/uploads/2021/04/internet-protocol.jpg
What is Internet Protocol (IP) addressing?
When devices communicate with each other over a local area network or "LAN" or across
the internet, the message transmitted is ultimately directed to the target device's network
hardware address that is programmed into the device by the manufacturer.
This hardware address of "MAC" address is physically encoded very much like an
automobile's VIN number that includes information about the manufacturer and when the
device was created along with a sequential number.
Unfortunately, MAC addresses are not helpful for routing communication messages
outside of a small number of locally interconnected devices because they are randomly
scattered around the world, i.e., a device with a MAC address of 10:20:30:40:50:60 could
be in New York and another with a MAC address of 10:20:30:40:50:61 could be in Beijing.

To enable devices to find each other easily no matter where they are in the world, the
creators of the Internet came up with a logical addressing scheme that made it much
easier for devices to find each other, no matter where they were on the Internet. These
logical, Internet Protocol, addresses are commonly referred to as "IP addresses".
2.5.5 IP address classes

With an IPv4 IP address, there are five classes of available IP ranges: Class A, Class B,
Class C, Class D and Class E, while only A, B, and C are commonly used. Each class
allows for a range of valid IP addresses, shown in the following table.
Class Address range Supports

Class A 1.0.0.1 to Supports 16 million hosts on each of 127 networks.
126.255.255.254
Class B 128.1.0.1 to Supports 65,000 hosts on each of 16,000 networks.
191.255.255.254
Class C 192.0.1.1 to Supports 254 hosts on each of 2 million networks.
223.255.254.254
Class D 224.0.0.0 to Reserved for multicast groups.
239.255.255.255
Class E 240.0.0.0 to Reserved for future use, or research and development
254.255.255.254 purposes.
2.5.6 Transmission Control Protocol (TCP)

Transmission Control Protocol (TCP) – a connection-oriented communications protocol
that facilitates the exchange of messages between computing devices in a network.
It is the most common protocol in networks that use the Internet Protocol (IP); together
they are sometimes referred to as TCP/IP.
TCP takes messages from an application/server and divides them into packets, which
can then be forwarded by the devices in the network – switches, routers, security
gateways – to the destination. TCP numbers each packet and reassembles them prior to
handing them off to the application/server recipient.
Because it is connection-oriented, it ensures a connection is established and maintained
until the exchange between the application/servers sending and receiving the message
is complete.
 TCP is connection-oriented, and a connection between client and server is
established before data can be sent.
 The server must be listening (passive open) for connection requests from clients
before a connection is established.

 Three-way handshake (active open), retransmission, and error-detection adds to
reliability but lengthens latency.
 Applications that do not require reliable data stream service may use the User
Datagram Protocol (UDP), which provides a connectionless datagram service that
prioritizes time over reliability.
 TCP employs network congestion avoidance. However, there are vulnerabilities to
TCP including denial of service, connection hijacking, TCP veto, and reset attack.
2.5.7 What Is a VPN? - Virtual Private Network

A virtual private network, or VPN, is an encrypted connection over the Internet from a
device to a network.
The encrypted connection helps ensure that sensitive data is safely transmitted. It
prevents unauthorized people from eavesdropping on the traffic and allows the user to
conduct work remotely. VPN technology is widely used in corporate environments.
How does a virtual private network (VPN) work?
A VPN extends a corporate network through encrypted connections made over the
Internet. Because the traffic is encrypted between the device and the network, traffic
remains private as it travels.
An employee can work outside the office and still securely connect to the corporate
network. Even smartphones and tablets can connect through a VPN.
Image: Virtual Private Network

Reference: https://upload.wikimedia.org/wikipedia/commons/0/00/Virtual_Private_Network_overview.svg
What is secure remote access?
Secure remote access provides a safe, secure way to connect users and devices
remotely to a corporate network. It includes VPN technology that uses strong ways to
authenticate the user or device.
VPN technology is available to check whether a device meets certain requirements, also
called a device’s posture, before it is allowed to connect remotely.

Is VPN traffic encrypted?
Yes, traffic on the virtual network is sent securely by establishing an encrypted connection
across the Internet known as a tunnel.
VPN traffic from a device such as a computer, tablet, or smartphone is encrypted as it
travels through this tunnel. Offsite employees can then use the virtual network to access
the corporate network.
Types of VPNs
Remote access
A remote access VPN securely connects a device outside the corporate office. These
devices are known as endpoints and may be laptops, tablets, or smartphones. Advances
in VPN technology have allowed security checks to be conducted on endpoints to make
sure they meet a certain posture before connecting. Think of remote access as computer
to network.
Image: Virtual Private Network – remote access

Reference: https://www.greyson.com/wp-content/uploads/2020/03/remote-access-vpn-1.png
Site-to-site
A site-to-site VPN connects the corporate office to branch offices over the Internet. Site-
to-site VPNs are used when distance makes it impractical to have direct network
connections between these offices.
Dedicated equipment is used to establish and maintain a connection. Think of site-to-site
access as network to network.

Image: Virtual Private Network -Site -to-Site
Reference: https://www.researchgate.net/profile/Adrian-Graur/publication/
2.5.8 HTTP
Hypertext Transfer Protocol (HTTP) is an application-layer protocol for transmitting
hypermedia documents, such as HTML.
It was designed for communication between web browsers and web servers, but it can
also be used for other purposes. HTTP follows a classical client-server model, with a
client opening a connection to make a request, then waiting until it receives a response.
HTTP is a stateless protocol, meaning that the server does not keep any data (state)
between two requests. Though often based on a TCP/IP layer, it can be used on any
reliable transport layer, that is, a protocol that doesn't lose messages silently like UDP
does. RUDP — the reliable update of UDP — is a suitable alternative.
An overview of HTTP
HTTP is a protocol which allows the fetching of resources, such as HTML documents. It
is the foundation of any data exchange on the Web and it is a client-server protocol, which
means requests are initiated by the recipient, usually the Web browser.
A complete document is reconstructed from the different sub-documents fetched, for
instance text, layout description, images, videos, scripts, and more.

Image: HTTP Network
Reference: https://dz2cdn1.dzone.com/storage/temp/14018512-network-all-together.png
Clients and servers communicate by exchanging individual messages (as opposed to a
stream of data).
The messages sent by the client, usually a Web browser, are called requests and the
messages sent by the server as an answer are called responses.
HTTP Cache
Caching is a technique that stores a copy of a given resource and serves it back when
requested. When a web cache has a requested resource in its store, it intercepts the
request and returns its copy instead of re-downloading from the originating server.
HTTP cookie
An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends
to the user's web browser. The browser may store it and send it back with later requests
to the same server.

2.6 Creating Custom VPC in Azure
Activity: This activity allows learners to understand the concept of virtual private cloud
network and create VPC in Azure cloud. This is first step towards building a custom
network for collection of resources and maintaining basic level security in cloud.
2.6.1 Create a virtual network using the Azure portal
Learn how to create a virtual network using the Azure portal. You deploy two virtual
machines (VMs). Next, you securely communicate between VMs and connect to VMs
from the internet. A virtual network is the fundamental building block for your private
network in Azure. It enables Azure resources, like VMs, to securely communicate with
each other and with the internet.
2.6.3 Create a virtual network

search results.
T AB L E 1
Setting Value
Project details

Select OK.
Instance details
Name Enter myVNet.

bottom of the page.
to 10.1.0.0/16.
8. Select Add.
the page.

T AB L E 2
Setting Value

For Name,enter myBastionIP.
Select OK.
12. Select Create.
2.6.4 Create virtual machines
Create the first VM

T AB L E 3
Setting Value
Project Details
Instance details

T AB L E 3
Setting Value
Inbound port rules
T AB L E 4
Setting Value
Network interface
5. Select the Review + create tab, or select the blue Review + create button at


T AB L E 5
Setting Value
Project Details
Instance details
Inbound port rules

T AB L E 6
Setting Value
Network interface
2.6.4 Connect to myVM1
1. Go to the Azure portal to manage your private VM. Search for and
select Virtual machines.
2. Pick the name of your private virtual machine myVM1.
3. In the VM menu bar, select Connect, then select Bastion.
4. In the Connect page, select the blue Use Bastion button.

5. In the Bastion page, enter the username and password you created for the
virtual machine previously.
6. Select Connect.

2.6.5 Communicate between VMs
1. In the bastion connection of myVM1, open PowerShell.

2. Enter ping myvm2.
You'll receive a message similar to this output:
PowerShellCopy
Pinging myvm2.cs4wv3rxdjgedggsfghkjrxuqf.bx.internal.cloudapp.net [10.1.0.5] with 32
bytes of data:


4. Complete the steps in Connect to myVM1, but connect to myVM2.
5. Open PowerShell on myVM2, enter ping myvm1.
You'll receive something like this message:
PowerShellCopy
Pinging myvm1.cs4wv3rxdjgedggsfghkjrxuqf.bx.internal.cloudapp.net [10.1.0.4] with 32
bytes of data:

In this quickstart, you created a default virtual network and two VMs.

You connected to one VM from the internet and securely communicated between the two
VMs.
When you're done using the virtual network and the VMs, delete the resource group and
all of the resources it contains:
1. Search for and select myResourceGroup.

3. Enter myResourceGroup for TYPE THE RESOURCE GROUP NAME and
select Delete.

2.7 Networking Services & Security
The networking services in Azure provide a variety of networking capabilities that can be
used together or separately. Click any of the following key capabilities to learn more about
them:
Connectivity services: Connect Azure resources and on-premises resources using any
or a combination of these networking services in Azure - Virtual Network (VNet), Virtual
WAN, ExpressRoute, VPN Gateway, Virtual network NAT Gateway, Azure DNS, Peering
service, and Azure Bastion.
Application protection services: Protect your applications using any or a combination
of these networking services in Azure - Load Balancer, Private Link, DDoS protection,
Firewall, Network Security Groups, Web Application Firewall, and Virtual Network
Endpoints.
Application delivery services: Deliver applications in the Azure network using any or a
combination of these networking services in Azure - Content Delivery Network (CDN),
Azure Front Door Service, Traffic Manager, Application Gateway, Internet Analyzer, and
Load Balancer.
Network monitoring: Monitor your network resources using any or a combination of
these networking services in Azure - Network Watcher, ExpressRoute Monitor, Azure
Monitor, or VNet Terminal Access Point (TAP).
2.7.1 Connectivity services
This section describes services that provide connectivity between Azure resources,
connectivity from an on-premises network to Azure resources, and branch to branch
connectivity in Azure - Virtual Network (VNet), ExpressRoute, VPN Gateway, Virtual
WAN, Virtual network NAT Gateway, Azure DNS, Azure Peering service, and Azure
Bastion.
Virtual network
Azure Virtual Network (VNet) is the fundamental building block for your private network
in Azure. You can use a VNets to:
 Communicate between Azure resources: You can deploy VMs, and

several other types of Azure resources to a virtual network, such as Azure
App Service Environments, the Azure Kubernetes Service (AKS), and Azure
Virtual Machine Scale Sets. To view a complete list of Azure resources that
you can deploy into a virtual network, see Virtual network service integration.
 Communicate between each other: You can connect virtual networks to
each other, enabling resources in either virtual network to communicate with
each other, using virtual network peering. The virtual networks you connect

can be in the same, or different, Azure regions. For more information,
see Virtual network peering.
 Communicate to the internet: All resources in a VNet can communicate
outbound to the internet, by default. You can communicate inbound to a
resource by assigning a public IP address or a public Load Balancer. You
can also use Public IP addresses or public Load Balancer to manage your
outbound connections.
 Communicate with on-premises networks: You can connect your on-
premises computers and networks to a virtual network using VPN
Gateway or ExpressRoute.
For more information, see What is Azure Virtual Network?
ExpressRoute
ExpressRoute enables you to extend your on-premises networks into the Microsoft cloud
over a private connection facilitated by a connectivity provider. This connection is private.
Traffic does not go over the internet. With ExpressRoute, you can establish connections
to Microsoft cloud services, such as Microsoft Azure, Microsoft 365, and Dynamics 365.
For more information, see What is ExpressRoute?
Image: Express Route

Reference: https://docs.microsoft.com/en-us/azure/expressroute/media/expressroute-introduction/expressroute-
connection-overview.png
VPN Gateway
VPN Gateway helps you create encrypted cross-premises connections to your virtual
network from on-premises locations, or create encrypted connections between VNets.
There are different configurations available for VPN Gateway connections, such as, site-

to-site, point-to-site, or VNet-to-VNet. The following diagram illustrates multiple site-to-
site VPN connections to the same virtual network.
Image: Azure VPN Gateway

Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/media/vpn-gateway-about-compliance-crypto/ikev1-
ikev2-connections.png
For more information about different types of VPN connections, see VPN Gateway.
Virtual WAN
Azure Virtual WAN is a networking service that provides optimized and automated branch
connectivity to, and through, Azure. Azure regions serve as hubs that you can choose to
connect your branches to. You can leverage the Azure backbone to also connect
branches and enjoy branch-to-VNet connectivity. Azure Virtual WAN brings together
many Azure cloud connectivity services such as site-to-site VPN, ExpressRoute, point-
to-site user VPN into a single operational interface. Connectivity to Azure VNets is
established by using virtual network connections. For more information, see What is
Azure virtual WAN?

Image: Site-to-Site VPN
Reference: https://www.cisco.com/c/dam/en/us/support/docs/cloud-systems-management/configuration-
professional/113337-ccp-vpn-routerA-routerB-config-01.gif
Azure DNS
Azure DNS is a hosting service for DNS domains that provides name resolution by using
Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your
DNS records by using the same credentials, APIs, tools, and billing as your other Azure
services. For more information, see What is Azure DNS?.
Azure Bastion
The Azure Bastion service is a new fully platform-managed PaaS service that you
provision inside your virtual network. It provides secure and seamless RDP/SSH
connectivity to your virtual machines directly in the Azure portal over TLS. When you
connect via Azure Bastion, your virtual machines do not need a public IP address. For
more information, see What is Azure Bastion?.

Image: Azure Bastion
Reference: https://docs.microsoft.com/en-us/azure/bastion/media/bastion-overview/architecture.png
Virtual network NAT Gateway
Virtual Network NAT (network address translation) simplifies outbound-only Internet

connectivity for virtual networks. When configured on a subnet, all outbound connectivity
uses your specified static public IP addresses. Outbound connectivity is possible without
load balancer or public IP addresses directly attached to virtual machines. For more
information, see What is virtual network NAT gateway?.
Image: NAT Gateway

Reference: https://i2.wp.com/scom.aca-computers.nl/image/Step-by-Step_8FB9/image_thumb.png

Azure Peering Service
Azure Peering service enhances customer connectivity to Microsoft cloud services such
as Microsoft 365, Dynamics 365, software as a service (SaaS) services, Azure, or any
Microsoft services accessible via the public internet. For more information, see What is
Azure Peering Service?.
Azure Edge Zones
Azure Edge Zone is a family of offerings from Microsoft Azure that enables data
processing close to the user. You can deploy VMs, containers, and other selected Azure
services into Edge Zones to address the low latency and high throughput requirements
of applications.
Azure Orbital
Azure Orbital is a fully managed cloud-based ground station as a service that lets you
communicate with your spacecraft or satellite constellations, downlink and uplink data,
process your data in the cloud, chain services with Azure services in unique scenarios,
and generate products for your customers. This system is built on top of the Azure global
infrastructure and low-latency global fiber network.
2.7.2 Application Protection Services
This section describes networking services in Azure that help protect your network
resources - Protect your applications using any or a combination of these networking
services in Azure - DDoS protection, Private Link, Firewall, Web Application Firewall,
Network Security Groups, and Virtual Network Service Endpoints.
DDoS Protection
Azure DDoS Protection provides countermeasures against the most sophisticated DDoS
threats. The service provides enhanced DDoS mitigation capabilities for your application
and resources deployed in your virtual networks. Additionally, customers using Azure
DDoS Protection have access to DDoS Rapid Response support to engage DDoS
experts during an active attack.

Image: DDoS Protection
Reference: https://docs.microsoft.com/en-us/azure/ddos-protection/media/ddos-best-practices/image-10.png
Azure Private Link
Azure Private Link enables you to access Azure PaaS Services (for example, Azure
Storage and SQL Database) and Azure hosted customer-owned/partner services over a
private endpoint in your virtual network. Traffic between your virtual network and the
service travels the Microsoft backbone network. Exposing your service to the public
internet is no longer necessary. You can create your own private link service in your virtual
network and deliver it to your customers.

Image: Azure Private Link
Reference: https://docs.microsoft.com/en-us/azure/private-link/media/private-link-overview/private-endpoint.png
Azure Firewall
Azure Firewall is a managed, cloud-based network security service that protects your
Azure Virtual Network resources. Using Azure Firewall, you can centrally create, enforce,
and log application and network connectivity policies across subscriptions and virtual
networks. Azure Firewall uses a static public IP address for your virtual network resources
allowing outside firewalls to identify traffic originating from your virtual network.
For more information about Azure Firewall, see the Azure Firewall documentation.

Image: Azure Firewall
Reference: https://docs.microsoft.com/en-us/azure/firewall/media/overview/firewall-threat.png
Azure Web Application Firewall (WAF) provides protection to your web applications from
common web exploits and vulnerabilities such as SQL injection, and cross site scripting.
Azure WAF provides out of box protection from OWASP top 10 vulnerabilities via
managed rules. Additionally customers can also configure custom rules, which are
customer managed rules to provide additional protection based on source IP range, and
request attributes such as headers, cookies, form data fields or query string parameters.
Customers can choose to deploy Azure WAF with Application Gateway which provides
regional protection to entities in public and private address space. Customers can also
choose to deploy Azure WAF with Front Door which provides protection at the network
edge to public endpoints.

Image: Web Application Firewall
Reference: https://docs.microsoft.com/en-us/azure/web-application-firewall/media/overview/wafoverview.png
Network security groups
You can filter network traffic to and from Azure resources in an Azure virtual network with
a network security group. For more information, see Network security groups.
Service endpoints
Virtual Network (VNet) service endpoints extend your virtual network private address
space and the identity of your VNet to the Azure services, over a direct connection.
Endpoints allow you to secure your critical Azure service resources to only your virtual
networks. Traffic from your VNet to the Azure service always remains on the Microsoft
Azure backbone network. For more information, see Virtual network service endpoints.

Image: Network Security Group
Reference: https://miro.medium.com/max/3608/1*g0GqubCeN_ofA3bD-54zYQ.png
2.7.3 Application Delivery Services
This section describes networking services in Azure that help deliver applications -
Content Delivery Network, Azure Front Door Service, Traffic Manager, Load Balancer,
and Application Gateway.
Azure Content Delivery Network (CDN) offers developers a global solution for rapidly
delivering high-bandwidth content to users by caching their content at strategically placed
physical nodes across the world. For more information about Azure CDN, see Azure
Content Delivery Network.

Image: Application Content Delivery Service
Reference: https://docs.microsoft.com/en-us/azure/cdn/media/cdn-overview/cdn-overview.png
Azure Front Door Service
Azure Front Door Service enables you to define, manage, and monitor the global routing
for your web traffic by optimizing for best performance and instant global failover for high
availability. With Front Door, you can transform your global (multi-region) consumer and
enterprise applications into robust, high-performance personalized modern applications,
APIs, and content that reach a global audience with Azure. For more information,
see Azure Front Door.

Image: Azure Front Door Service
Reference: https://docs.microsoft.com/en-us/azure/frontdoor/media/front-door-overview/front-door-visual-diagram.png
Traffic Manager
Azure Traffic Manager is a DNS-based traffic load balancer that enables you to distribute
traffic optimally to services across global Azure regions, while providing high availability
and responsiveness. Traffic Manager provides a range of traffic-routing methods to
distribute traffic such as priority, weighted, performance, geographic, multi-value, or
subnet. For more information about traffic routing methods, see Traffic Manager routing
methods.

The following diagram shows endpoint priority-based routing with Traffic Manager:
Image: Traffic Manager

Reference: https://docs.microsoft.com/en-us/azure/traffic-manager/media/traffic-manager-routing-
methods/geographic.png
Load Balancer
The Azure Load Balancer provides high-performance, low-latency Layer 4 load-balancing

for all UDP and TCP protocols. It manages inbound and outbound connections. You can
configure public and internal load-balanced endpoints. You can define rules to map
inbound connections to back-end pool destinations by using TCP and HTTP health-
probing options to manage service availability. To learn more about Load Balancer, read
the Load Balancer overview article.
The following picture shows an Internet-facing multi-tier application that utilizes both
external and internal load balancers:

Image: Load Balancer
Reference: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
Application Gateway
Azure Application Gateway is a web traffic load balancer that enables you to manage
traffic to your web applications. It is an Application Delivery Controller (ADC) as a service,
offering various layer 7 load-balancing capabilities for your applications. For more
information, see What is Azure Application Gateway?
The following diagram shows url path-based routing with Application Gateway.
Image: Application Gateway

Reference: https://docs.microsoft.com/en-us/azure/application-gateway/media/overview/figure1-720.png
2.7.4 Network monitoring services
This section describes networking services in Azure that help monitor your network
resources - Network Watcher, Azure Monitor Network Insights, Azure Monitor,
ExpressRoute Monitor, and Virtual Network TAP.
Network Watcher
Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or
disable logs for resources in an Azure virtual network. For more information, see What is
Network Watcher?.
Azure Monitor Network Insights
Azure Monitor for Networks provides a comprehensive view of health and metrics for all
deployed network resources, without requiring any configuration. It also provides access
to network monitoring capabilities like Connection Monitor, flow logging for network
security groups, and Traffic Analytics. For more information, see Azure Monitor Network
Insights.
Azure Monitor
Azure Monitor maximizes the availability and performance of your applications by

delivering a comprehensive solution for collecting, analyzing, and acting on telemetry
from your cloud and on-premises environments. It helps you understand how your
applications are performing and proactively identifies issues affecting them and the
resources they depend on.
Virtual Network TAP
Azure virtual network TAP (Terminal Access Point) allows you to continuously stream
your virtual machine network traffic to a network packet collector or analytics tool. The
collector or analytics tool is provided by a network virtual appliance partner.

Image: Virtual Network TAP
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/media/virtual-network-tap/architecture.png

2.8 Enabling & Maintaining Custom Firewall
Activity: This practical activity focuses on creating a custom firewall that means,
created and managed by user and configured according to use requirements. Learner
would be able to understand firewall usage and configuration for customised
requirements and thus, manage rules and filters.
2.8.1 Deploy and configure Azure Firewall using the Azure portal
Controlling outbound network access is an important part of an overall network security

plan. For example, you may want to limit access to web sites. Or, you may want to limit
the outbound IP addresses and ports that can be accessed.
One way you can control outbound network access from an Azure subnet is with Azure
Firewall. With Azure Firewall, you can configure:
 Application rules that define fully qualified domain names (FQDNs) that can
be accessed from a subnet.
 Network rules that define source address, protocol, destination port, and
destination address.
Network traffic is subjected to the configured firewall rules when you route your network
traffic to the firewall as the subnet default gateway.
For this tutorial, you create a simplified single VNet with two subnets for easy deployment.
For production deployments, a hub and spoke model is recommended, where the firewall
is in its own VNet. The workload servers are in peered VNets in the same region with one
or more subnets.
 AzureFirewallSubnet - the firewall is in this subnet.

 Workload-SN - the workload server is in this subnet. This subnet's network
traffic goes through the firewall.

Image: Single VNet containing Testing Virtual Net
In this tutorial, you learn how to:
 Setup a test network environment

 Deploy a firewall
 Create a default route
 Configure an application rule to allow access to www.google.com
 Configure a network rule to allow access to external DNS servers
 Configure a NAT rule to allow a remote desktop to the test server
 Test the firewall
If you prefer, you can complete this tutorial using Azure PowerShell.
Prerequisites
If you don't have an Azure subscription, create a free account before you begin.
2.8.2 Set up the network
First, create a resource group to contain the resources needed to deploy the firewall.
Then create a VNet, subnets, and a test server.
Create a resource group
The resource group contains all the resources for the tutorial.

1. Sign in to the Azure portal at https://portal.azure.com.
2. On the Azure portal menu, select Resource groups or search for and
select Resource groups from any page. Then select Add.
3. For Subscription, select your subscription.
4. For Resource group name, enter Test-FW-RG.
5. For Resource group location, select a location. All other resources that you
create must be in the same location.
6. Select Review + create.
7. Select Create.
Create a VNet
This VNet will have three subnets.
Note
The size of the AzureFirewallSubnet subnet is /26. For more information about the subnet
size, see Azure Firewall FAQ.
1. On the Azure portal menu or from the Home page, select Create a resource.
2. Select Networking > Virtual network.
3. Select Create.
5. For Resource group, select Test-FW-RG.
6. For Name, type Test-FW-VN.
7. For Region, select the same location that you used previously.
8. Select Next: IP addresses.
9. For IPv4 Address space, type 10.0.0.0/16.
10. Under Subnet, select default.
11. For Subnet name type AzureFirewallSubnet. The firewall will be in this subnet,
and the subnet name must be AzureFirewallSubnet.
12. For Address range, type 10.0.1.0/26.
13. Select Save.
Next, create a subnet for the workload server.
14. Select Add subnet.

15. For Subnet name, type Workload-SN.
16. For Subnet address range, type 10.0.2.0/24.
17. Select Add.
19. Select Create.

2.8.3 Create a virtual machine
Now create the workload virtual machine, and place it in the Workload-SN subnet.
2. Select Windows Server 2016 Datacenter.
3. Enter these values for the virtual machine:
T AB L E 1
Setting Value
Resource group Test-FW-RG
Virtual machine name Srv-Work
Region Same as previous
Image Windows Server 2016 Datacenter
Administrator user name Type a user name
Password Type a password
4. Under Inbound port rules, Public inbound ports, select None.

5. Accept the other defaults and select Next: Disks.
6. Accept the disk defaults and select Next: Networking.
7. Make sure that Test-FW-VN is selected for the virtual network and the subnet
is Workload-SN.
8. For Public IP, select None.
9. Accept the other defaults and select Next: Management.
10. Select Disable to disable boot diagnostics. Accept the other defaults and
select Review + create.
11. Review the settings on the summary page, and then select Create.
2.8.4 Deploy the firewall
Deploy the firewall into the VNet.
2. Type firewall in the search box and press Enter.
3. Select Firewall and then select Create.

4. On the Create a Firewall page, use the following table to configure the
firewall:
T AB L E 2
Setting Value
Subscription <your subscription>
Resource group Test-FW-RG
Name Test-FW01
Region Select the same location that you used previously
Firewall management Use Firewall rules (classic) to manage this firewall
Choose a virtual network Use existing: Test-FW-VN
Public IP address Add new

Name: fw-pip
5. Accept the other default values, then select Review + create.

6. Review the summary, and then select Create to create the firewall.
This will take a few minutes to deploy.
7. After deployment completes, go to the Test-FW-RG resource group, and

select the Test-FW01 firewall.
8. Note the firewall private and public IP addresses. You'll use these addresses
later.
2.8.5 Create a default route
For the Workload-SN subnet, configure the outbound default route to go through the
firewall.
1. On the Azure portal menu, select All services or search for and select All
services from any page.
2. Under Networking, select Route tables.
3. Select Add.
5. For Resource group, select Test-FW-RG.
6. For Region, select the same location that you used previously.
7. For Name, type Firewall-route.

9. Select Create.
After deployment completes, select Go to resource.
1. On the Firewall-route page, select Subnets and then select Associate.

2. Select Virtual network > Test-FW-VN.
3. For Subnet, select Workload-SN. Make sure that you select only
the Workload-SN subnet for this route, otherwise your firewall won't work
correctly.
4. Select OK.
5. Select Routes and then select Add.
6. For Route name, type fw-dg.
7. For Address prefix, type 0.0.0.0/0.
8. For Next hop type, select Virtual appliance.
Azure Firewall is actually a managed service, but virtual appliance works in

this situation.
9. For Next hop address, type the private IP address for the firewall that you
noted previously.
10. Select OK.
2.8.6 Configure an application rule
This is the application rule that allows outbound access to www.google.com.
1. Open the Test-FW-RG, and select the Test-FW01 firewall.

2. On the Test-FW01 page, under Settings, select Rules (classic).
3. Select the Application rule collection tab.
4. Select Add application rule collection.
5. For Name, type App-Coll01.
6. For Priority, type 200.
7. For Action, select Allow.
8. Under Rules, Target FQDNs, for Name, type Allow-Google.
9. For Source type, select IP address.
10. For Source, type 10.0.2.0/24.
11. For Protocol:port, type http, https.
12. For Target FQDNS, type www.google.com
13. Select Add.

Azure Firewall includes a built-in rule collection for infrastructure FQDNs that are allowed
by default. These FQDNs are specific for the platform and can't be used for other
purposes. For more information, see Infrastructure FQDNs.
2.8.7 Configure a network rule
This is the network rule that allows outbound access to two IP addresses at port 53 (DNS).
1. Select the Network rule collection tab.

2. Select Add network rule collection.
3. For Name, type Net-Coll01.
5. For Action, select Allow.
6. Under Rules, IP addresses, for Name, type Allow-DNS.
7. For Protocol, select UDP.
9. For Source, type 10.0.2.0/24.
10. For Destination type select IP address.
11. For Destination address, type 209.244.0.3,209.244.0.4
These are public DNS servers operated by CenturyLink.
12. For Destination Ports, type 53.

13. Select Add.
2.8.8 Configure a DNAT rule
This rule allows you to connect a remote desktop to the Srv-Work virtual machine through
the firewall.
1. Select the NAT rule collection tab.

2. Select Add NAT rule collection.
3. For Name, type rdp.
5. Under Rules, for Name, type rdp-nat.
6. For Protocol, select TCP.
8. For Source, type *.
9. For Destination address, type the firewall public IP address.
10. For Destination Ports, type 3389.
11. For Translated address, type the Srv-work private IP address.
12. For Translated port, type 3389.
13. Select Add.

2.8.9 Change the primary and secondary DNS address for the Srv-
Work network interface
For testing purposes in this tutorial, configure the server's primary and secondary DNS
addresses. This isn't a general Azure Firewall requirement.
1. On the Azure portal menu, select Resource groups or search for and
select Resource groups from any page. Select the Test-FW-RG resource
group.
2. Select the network interface for the Srv-Work virtual machine.
3. Under Settings, select DNS servers.
4. Under DNS servers, select Custom.
5. Type 209.244.0.3 in the Add DNS server text box, and 209.244.0.4 in the
next text box.
6. Select Save.
7. Restart the Srv-Work virtual machine.
2.8.10 Test the firewall
Now, test the firewall to confirm that it works as expected.
1. Connect a remote desktop to firewall public IP address and sign in to the Srv-
Work virtual machine.
2. Open Internet Explorer and browse to https://www.google.com.
3. Select OK > Close on the Internet Explorer security alerts.
You should see the Google home page.
4. Browse to https://www.microsoft.com.
You should be blocked by the firewall.
So now you've verified that the firewall rules are working:
 You can browse to the one allowed FQDN, but not to any others.
 You can resolve DNS names using the configured external DNS server.

2.9 Create and Manage a VPN Gateway
Activity: This practical activity allow learner to understand concepts related to VPN
gateway and create a VPN gateway for custom virtual private network. The VPN gateway
added allows network traffic to flow between global internet and VPC created under Azure
cloud account.
Azure VPN gateways provide cross-premises connectivity between customer premises

and Azure. This tutorial covers basic Azure VPN gateway deployment items such as
creating and managing a VPN gateway. You can also create a gateway using Azure
CLI or Azure PowerShell.
 Create a virtual network

 Create a VPN gateway
 View the gateway public IP address
 Resize a VPN gateway (resize SKU)
 Reset a VPN gateway
The following diagram shows the virtual network and the VPN gateway created as part of
this tutorial.
Image: VPN Gateway Setup
Prerequisites
An Azure account with an active subscription. If you don't have one, create one for free.
Create a VNet using the following values:
 Resource group: TestRG1

 Name: VNet1
 Region: (US) East US
 IPv4 address space: 10.1.0.0/16
 Subnet name: FrontEnd
 Subnet address space: 10.1.0.0/24
1. Sign in to the Azure portal.

2. In Search resources, service, and docs (G+/), type virtual network.
3. Select Virtual Network from the Marketplace results.
4. On the Virtual Network page, select Create.

5. Once you select Create, the Create virtual network page opens.
6. On the Basics tab, configure Project details and Instance details VNet
settings.
When you fill in the fields, you see a green check mark when the characters you enter in
the field are validated. Some values are autofilled, which you can replace with your own
values:
o Subscription: Verify that the subscription listed is the correct

one. You can change subscriptions by using the drop-down.
o Resource group: Select an existing resource group, or
click Create new to create a new one. For more information
about resource groups, see Azure Resource Manager overview.
o Name: Enter the name for your virtual network.

o Region: Select the location for your VNet. The location
determines where the resources that you deploy to this VNet will
live.
7. On the IP Addresses tab, configure the values. The values shown in the
examples below are for demonstration purposes. Adjust these values
according to the settings that you require.
o IPv4 address space: By default, an address space is

automatically created. You can click the address space to adjust
it to reflect your own values. You can also add additional address
spaces.
o Subnet: If you use the default address space, a default subnet
is created automatically. If you change the address space, you
need to add a subnet. Select + Add subnet to open the Add
subnet window. Configure the following settings and then
select Add to add the values:
 Subnet name: In this example, we named the subnet
"FrontEnd".
 Subnet address range: The address range for this
subnet.
8. On the Security tab, at this time, leave the default values:
o DDos protection: Basic
o Firewall: Disabled

9. Select Review + create to validate the virtual network settings.
10. After the settings have been validated, select Create.
2.9.2 Create a VPN gateway
In this step, you create the virtual network gateway for your VNet. Creating a gateway
can often take 45 minutes or more, depending on the selected gateway SKU.
Create a virtual network gateway using the following values:
 Name: VNet1GW
 Region: East US
 Gateway type: VPN
 VPN type: Route-based
 SKU: VpnGw1
 Generation: Generation1
 Virtual network: VNet1
 Gateway subnet address range: 10.1.255.0/27
 Public IP address: Create new
 Public IP address name: VNet1GWpip
 Enable active-active mode: Disabled
 Configure BGP: Disabled
1. From the Azure portal, in Search resources, services, and docs

(G+/) type virtual network gateway. Locate Virtual network gateway in the
search results and select it.
2. On the Virtual network gateway page, select + Add. This opens the Create
virtual network gateway page.

3. On the Basics tab, fill in the values for your virtual network gateway.

o Subscription: Select the subscription you want to use from the
dropdown.
o Resource Group: This setting is autofilled when you select your
virtual network on this page.
Instance details
o Name: Name your gateway. Naming your gateway not the same
as naming a gateway subnet. It's the name of the gateway object
you are creating.
o Region: Select the region in which you want to create this
resource. The region for the gateway must be the same as the
virtual network.
o Gateway type: Select VPN. VPN gateways use the virtual
network gateway type VPN.
o VPN type: Select the VPN type that is specified for your
configuration. Most configurations require a Route-based VPN
type.

o SKU: Select the gateway SKU from the dropdown. The SKUs
listed in the dropdown depend on the VPN type you select. For
more information about gateway SKUs, see Gateway SKUs.
o Generation: For information about VPN Gateway Generation,
see Gateway SKUs.
o Virtual network: From the dropdown, select the virtual network
to which you want to add this gateway.
o Gateway subnet address range: This field only appears if your
VNet doesn't have a gateway subnet. If possible, make the range
/27 or larger (/26,/25 etc.). We don't recommend creating a range
any smaller than /28. If you already have a gateway subnet, you
can view GatewaySubnet details by navigating to your virtual
network. Click Subnets to view the range. If you want to change
the range, you can delete and recreate the GatewaySubnet.
Public IP address
This setting specifies the public IP address object that gets associated to the
VPN gateway. The public IP address is dynamically assigned to this object
when the VPN gateway is created. The only time the Public IP address
changes is when the gateway is deleted and re-created. It doesn't change
across resizing, resetting, or other internal maintenance/upgrades of your
VPN gateway.
o Public IP address: Leave Create new selected.

o Public IP address name: In the text box, type a name for your
public IP address instance.
o Assignment: VPN gateway supports only Dynamic.
o Enable active-active mode: Only select Enable active-active
mode if you are creating an active-active gateway configuration.
Otherwise, leave this setting Disabled.
o Leave Configure BGP as Disabled, unless your configuration
specifically requires this setting. If you do require this setting, the
default ASN is 65515, although this can be changed.
4. Select Review + create to run validation.
5. Once validation passes, select Create to deploy the VPN gateway.
A gateway can take up to 45 minutes to fully create and deploy. You can see the
deployment status on the Overview page for your gateway. After the gateway is created,
you can view the IP address that has been assigned to it by looking at the virtual network
in the portal. The gateway appears as a connected device.

Important
When working with gateway subnets, avoid associating a network security group (NSG)
to the gateway subnet. Associating a network security group to this subnet may cause
your Virtual Network gateway(VPN, Express Route gateway) to stop functioning as
expected.
2.9.3 View the public IP address
You can view the gateway public IP address on the Overview page for your gateway.
To see additional information about the public IP address object, click the name/IP
address link next to Public IP address.
2.9.4 Resize a gateway SKU
There are specific rules regarding resizing vs. changing a gateway SKU. In this section,
we will resize the SKU. For more information, see Gateway settings - resizing and
changing SKUs.
1. Go to the Configuration page for your virtual network gateway.

2. Select the arrows for the dropdown.
3. Select the SKU from the dropdown.

2.9.5 Reset a gateway
1. In the portal, navigate to the virtual network gateway that you want to reset.
2. On the page for the virtual network gateway, select Reset.

3. On the Reset page, click Reset. Once the command is issued, the current
active instance of the Azure VPN gateway is rebooted immediately. Resetting
the gateway will cause a gap in VPN connectivity, and may limit future root
cause analysis of the issue.
If you're not going to continue to use this application or go to the next tutorial, delete these
resources using the following steps:
1. Enter the name of your resource group in the Search box at the top of the
portal and select it from the search results.
3. Enter your resource group for TYPE THE RESOURCE GROUP NAME and
select Delete.
search results.
T AB L E 1
Setting Value
Project details

Select OK.
Instance details

T AB L E 1
Setting Value
Name Enter myVNet.
bottom of the page.
to 10.1.0.0/16.

20. Select Add.
the page.
T AB L E 2
Setting Value

For Name, enter myBastionIP.
Select OK.
24. Select Create.

2.10 Subnetting and Subnet Mask
2.10.1 What is Subnetting?
A subnet is a sub-network of a network that falls within the class A, B or C range.
For example, 172.16.0.0/16 is a class B network. This network is pretty big, it starts with
172.16.0.0 and ends with 172.16.255.255.
Instead of one big network, we can use a smaller “portion”. An example is 172.16.1.0/24.
This subnet falls within the 172.16.0.0/16 class B network so that’s why it is called a
“sub”net.
Subnetting in Four Steps
Everyone has a preferred method of subnetting. Each teacher will use a slightly different
strategy to help students master this crucial skill. The method I prefer can be broken down
into four steps:
Step 1. Determine how many bits to borrow based on the network requirements.
Step 2. Determine the new subnet mask.
Step 3. Determine the subnet multiplier.
Step 4. List the subnets, including subnetwork address, host range, and broadcast
address.
Subnetting Example
The best way to demonstrate the four steps of subnetting is to use an example. Let’s
assume that you are given the network address 192.168.1.0/24, you need 30 hosts per
network, and want to create as many subnets as possible.
Determine How Many Bits to Borrow
Because our requirement specifies 30 host addresses per subnet, we need to first
determine the minimum number of host bits to leave. The remaining bits can be borrowed:
Host Bits = Bits Borrowed + Bits Left
To provide enough address space for 30 hosts, we need to leave 5 bits. Use the following
formula:
2BL – 2 = number of host addresses
where the exponent BL is bits left in the host portion.
Remember, the “minus 2” is to account for the network and broadcast addresses that
cannot be assigned to hosts.
In this example, leaving 5 bits in the host portion will provide the right number of host
address:
25 – 2 = 30

Because we have 3 bits remaining in the original host portion, we borrow all these bits to
satisfy the requirement to “create as many subnets as possible.” To determine how many
subnets we can create, use the following formula:
2BB = Number of subnets
Where the exponent BB is bits borrowed from the host portion.
In this example, borrowing 3 bits from the host portion will create 8 subnets: 23 = 8.
As shown in Table 9-1, the 3 bits are borrowed from the far-left bits in the host portion.
The highlighted bits in the table show all possible combinations of manipulating the 8 bits
borrowed to create the subnets.
Subnet Number Last Octet Binary Value Last Octet Decimal Value
0 00000000 .0
1 00100000 .32
2 01000000 .64
3 01100000 .96
4 10000000 .128
5 10100000 .160
6 11000000 .192
7 11100000 .224
Table: Binary and Decimal Value of the Sub-netted Octet
Determine the New Subnet Mask

Notice in Table 9-1 that the network bits now include the 3 borrowed host bits in the last
octet. Add these 3 bits to the 24 bits in the original subnet mask and you have a new
subnet mask, /27. In decimal format, you turn on the 128, 64, and 32 bits in the last octet
for a value of 224. So, the new subnet mask is 255.255.255.224.
Determine the Subnet Multiplier
Notice in Table 9-1 that the last octet decimal value increments by 32 with each subnet
number. The number 32 is the subnet multiplier. You can quickly find the subnet multiplier
using one of two methods:
Method 1: Subtract the last nonzero octet of the subnet mask from 256. In this example,
the last nonzero octet is 224. So, the subnet multiplier is 256 – 224 = 32.
Method 2: The decimal value of the last bit borrowed is the subnet multiplier. In this
example, we borrowed the 128 bit, the 64 bit, and the 32 bit. The 32 bit is the last bit we
borrowed and is, therefore, the subnet multiplier.
By using the subnet multiplier, you no longer have to convert binary subnet bits to decimal.
List the Subnets, Host Ranges, and Broadcast Addresses

Listing the subnets, host ranges, and broadcast addresses helps you see the flow of
addresses within one address space. Table 9-2 documents our subnet addressing
scheme for the 192.168.1.0/24 address space. Fill in any missing information.
Subnet Number Subnet Address Host Range Broadcast Address

0 192.168.1.0 192.168.1.1–192.168.1.30 192.168.1.31
1 192.168.1.32 192.168.1.33–192.168.1.62 192.168.1.63
2 192.168.1.64 192.168.1.65–192.168.1.94 192.168.1.95
3 192.168.1.96 192.168.1.97-192.168.1.125 192.168.1.126
4 192.168.1.128 192.168.1.129–192.168.1.158 192.168.1.159
5 192.168.1.160 192.168.1.161–192.168.1.190 192.168.1.191
6 192.168.1.192 192.168.1.193-192.168.1.232 192.168.1.223
7 192.168.1.224 192.168.1.225-192.168.1.254 192.168.1.255
Table: Subnet Addressing Scheme for 192.168.1.0/24: 30 Hosts Per Subnet
2.10.2 Subnetting Scenario 1

Subnet the address space 10.10.0.0/16 to provide at least 100 host addresses per subnet
while creating as many subnets as possible.
1. How many bits should your borrow?
2. What is the new subnet mask in dotted-decimal and prefix notation?
3. What is the subnet multiplier?
4. How many bits should your borrow?
How many bits should your borrow?
0 0 0 0 0 0 0 0
7 6 5 4 3 2 1 0
^ ^ ^ ^ ^ ^ ^ ^
2 2 2 2 2 2 2 2
128 64 32 16 8 4 2 1
=64+32+16+8+4+2+1
=127
7 Bits Used
2^7 – 2 =
127-2=125
Because we have 1 bit remaining in the original host portion, we borrow bit to satisfy the
requirement to “create as many subnets as possible.” To determine how many subnets
we can create, use the following formula:
2BB = Number of subnets

where the exponent BB is bits borrowed from the host portion.
In this example, borrowing 1 bit from the host portion will create (2^1) subnets: = 2.
Subnet Number Last Octet Binary Value Last Octet Decimal Value
0 00000000 .0
1 10000000 .128
Determine the New Subnet Mask

2^1 = 2 (Add 16+2)
network bits now include the 1 borrowed host bits in the last octet. Add these 1 bit to the
16 bits in the original subnet mask and you have a new subnet mask, /18. In decimal
format, you turn on the 128. So, the new subnet mask is 255.255.255.128.
Determine the Subnet Multiplier
Method 1: Subtract the last nonzero octet of the subnet mask from 256. In this example,
the last nonzero octet is 128. So, the subnet multiplier is 256 – 128 = 128
Method 2: The decimal value of the last bit borrowed is the subnet multiplier. In this
example, we borrowed the 128 bits. The 128 bits is the last bit we borrowed and is,
therefore, the subnet multiplier.
Subnet Addressing Scheme for 10.10.0.0/16: 100 Hosts Per Subnet
Net Masking is 10.10.0.0/18
Subnet Number Subnet Address Host Range Broadcast Address
0 10.10.1.0 10.10.1.1-10.10.1.126 10.10.1.127
1 10.10.1.128 10.10.1.129-10.10.1.254 10.10.1.255

2.11 Adding Subnets to Custom VPC and Deploy VMs
Activity: This practical activity describes way to add a customised virtual private cloud
network to Azure account to add resources in virtually private network and safeguard the
cloud resources from exposure to outside world that is, public cloud domain. One created,
the custom VPC masks the account resources from public cloud and restricts access. It
allows the enforcement of network level security and selective access priviliges.

search results.
T AB L E 1
Setting Value
Project details

Select OK.
Instance details
Name Enter myVNet.

bottom of the page.
to 10.1.0.0/16.
8. Select Add.
the page.

T AB L E 2
Setting Value
AzureBastionSubnet address Enter 10.1.1.0/24

space

For Name,
enter myBastionIP.
Select OK.
12. Select Create.
2.11.2 Create virtual machines
Create the first VM

T AB L E 3
Setting Value
Project Details
Instance details
Availability Options Select No infrastructure redundancy

required

T AB L E 3
Setting Value
Administrator
account
Inbound port rules
T AB L E 4
Setting Value
Network interface


T AB L E 5
Setting Value
Project Details
Instance details
Availability Options Select No infrastructure redundancy

required
Administrator
account
Inbound port rules

T AB L E 6
Setting Value
Network interface
2.11.3 Add a subnet
1. Go to the Azure portal to view your virtual networks. Search for and
select Virtual networks.
2. Select the name of the virtual network you want to add a subnet to.
3. From Settings, select Subnets > Subnet.
4. In the Add subnet dialog box, enter values for the following settings:
T AB L E 1
Setting Description
Name The name must be unique within the virtual network.

T AB L E 1
Setting Description
Address The range must be unique within the address space for the virtual
range network. The range can't overlap with other subnet address ranges
within the virtual network. The address space must be specified by
using Classless Inter-Domain Routing (CIDR) notation.
For example, in a virtual network with address space 10.0.0.0/16, you

might define a subnet address space of 10.0.0.0/22. The smallest
range you can specify is /29, which provides eight IP addresses for the
subnet. Azure reserves the first and last address in each subnet for
protocol conformance. Three additional addresses are reserved for
Azure service usage. As a result, defining a subnet with a /29 address
range results in three usable IP addresses in the subnet.
If you plan to connect a virtual network to a VPN gateway, you must

create a gateway subnet. Learn more about specific address range
considerations for gateway subnets. You can change the address range
after the subnet is added, under specific conditions. To learn how to
change a subnet address range, see Change subnet settings.
Network To filter inbound and outbound network traffic for the subnet,
security you may associate an existing network security group to a
group subnet. The network security group must exist in the same
subscription and location as the virtual network. Learn more
about network security groups and how to create a network
security group.
Route table To control network traffic routing to other networks, you may
optionally associate an existing route table to a subnet. The
route table must exist in the same subscription and location as
the virtual network. Learn more about Azure routing and how to
create a route table.
Service A subnet may optionally have one or more service endpoints enabled
endpoints for it.
Subnet A subnet may optionally have one or more delegations enabled

delegation for it.
5. To add the subnet to the virtual network that you selected, select OK.

2.12 Fundamentals of Databases
2.12.1 What is Data?
In simple words, data can be facts related to any object in consideration. For example,
your name, age, height, weight, etc. are some data related to you. A picture, image, file,
pdf, etc. can also be considered data.
2.12.2 What is Database?

A database is a systematic collection of data. They support electronic storage and
manipulation of data. Databases make data management easy.
2.12.3 Types of Databases

Here are some popular types of databases.
Distributed databases:
A distributed database is a type of database that has contributions from the common
database and information captured by local computers. In this type of database system,
the data is not in one place and is distributed at various organizations
Let us discuss a database example: An online telephone directory uses a database to
store data of people, phone numbers, and other contact details. Your electricity service
provider uses a database to manage billing, client-related issues, handle fault data, etc.
Relational databases:
This type of database defines database relationships in the form of tables. It is also called
Relational DBMS, which is the most popular DBMS type in the market. Database example
of the RDBMS system include MySQL, Oracle, and Microsoft SQL Server database.
Object-oriented databases:
This type of computers database supports the storage of all data types. The data is stored
in the form of objects. The objects to be held in the database have attributes and methods
that define what to do with the data. PostgreSQL is an example of an object-oriented
relational DBMS.
Centralized database:
It is a centralized location, and users from different backgrounds can access this data.
This type of computers databases store application procedures that help users access
the data even from a remote location.
Open-source databases:
This kind of database stored information related to operations. It is mainly used in the
field of marketing, employee relations, customer service, of databases.
Cloud databases:
A cloud database is a database which is optimized or built for such a virtualized
environment. There are so many advantages of a cloud database, some of which can pay
for storage capacity and bandwidth. It also offers scalability on-demand, along with high
availability.

Data warehouses:
Data Warehouse is to facilitate a single version of truth for a company for decision making
and forecasting. A Data warehouse is an information system that contains historical and
commutative data from single or multiple sources. Data Warehouse concept simplifies
the reporting and analysis process of the organization.
NoSQL databases:
NoSQL database is used for large sets of distributed data. There are a few big data
performance problems that are effectively handled by relational databases. This type of
computers database is very efficient in analyzing large-size unstructured data.
Graph databases:
A graph-oriented database uses graph theory to store, map, and query relationships.
These kinds of computers databases are mostly used for analyzing interconnections. For
example, an organization can use a graph database to mine data about customers from
social media.
OLTP databases:
OLTP another database type which able to perform fast query processing and maintaining
data integrity in multi-access environments.
Personal database:
A personal database is used to store data stored on personal computers that are smaller
and easily manageable. The data is mostly used by the same department of the company
and is accessed by a small group of people.
Multimodal database:
The multimodal database is a type of data processing platform that supports multiple data
models that define how the certain knowledge and information in a database should be
organized and arranged.
Document/JSON database:
In a document-oriented database, the data is kept in document collections, usually using
the XML, JSON, BSON formats. One record can store as much data as you want, in any
data type (or types) you prefer.
Hierarchical:
This type of DBMS employs the "parent-child" relationship of storing data. Its structure is
like a tree with nodes representing records and branches representing fields. The
windows registry used in Windows XP is a hierarchical database example.
Network DBMS:
This type of DBMS supports many-to-many relations. It usually results in complex
database structures. RDM Server is an example of database management system that
implements the network model.
2.12.4 Database applications

List of database applications

 Amazon
 CNN
 eBay
 Facebook
 Fandango
 Filemaker (Mac OS)
 Microsoft Access
 Oracle relational database
 SAP (Systems, Applications & Products in Data Processing)
 Ticketmaster
 Wikipedia
 Yelp
 YouTube
 Google
 MySQL
2.12.5 Database Properties

A transaction is a collection of instructions. To maintain the integrity of a database, all
transactions must obey ACID properties. ACID is an acronym for atomicity, consistency,
isolation, and durability. Let’s go over each of these properties.
1. Atomicity
A transaction is an atomic unit; hence, all the instructions within a transaction will
successfully execute, or none of them will execute. The following transaction transfers 20
dollars from Alice’s bank account to Bob’s bank account. If any of the instructions fail, the
entire transaction should abort and rollback. A transaction to transfer 20 pounds from
Alice's account to Bob's account.
Image: Atomicity in tabular data column

2. Consistency
A database is initially in a consistent state, and it should remain consistent after every
transaction. Suppose that the transaction in the previous example fails after Write(A_b)
and the transaction is not rolled back; then, the database will be inconsistent as the sum
of Alice and Bob’s money, after the transaction, will not be equal to the amount of money
they had before the transaction.
3. Isolation
If the multiple transactions are running concurrently, they should not be affected by each
other; i.e., the result should be the same as the result obtained if the transactions were
running sequentially. Suppose B_bal is initially 100. If a context switch occurs after B_bal
*= 20, then the changes should only be visible to T2 once T1 commits. This ensures
consistency in the data and prevents incorrect results.
Image: Isolation of values
T1 adds 20% interest to Bob's savings account and T2 adds 20 pounds to Bob's account.
4. Durability
Changes that have been committed to the database should remain even in the case of
software and hardware failure. For instance, if Bob’s account contains $120, this
information should not disappear upon hardware or software failure.

2.13 Relational Database Operations Using SQL
Activity: This practical activity gives a quick start to learner about relational database
through SQL commands. User will create a single database and perform SQL operations
using SQL DDL, DML commands to create database tables and insert data. Also, data
can be updated and truncated later. This gives idea of how cloud relational databases
can be worked with.
2.13.1 Quickstart: Create an Azure SQL Database single database
In this quickstart, you create a single database in Azure SQL Database using either the
Azure portal, a PowerShell script, or an Azure CLI script. You then query the database
using query editor in the Azure portal.
2.13.2 Create a single database
This quickstart creates a single database in the serverless compute tier. To create a
single database in the Azure portal this quickstart starts at the Azure SQL page.
1. Browse to the Select SQL Deployment option page.

2. Under SQL databases, leave Resource type set to Single database, and
select Create.
3. On the Basics tab of the Create SQL Database form, under Project details,
select the desired Azure Subscription.
4. For Resource group, select Create new, enter myResourceGroup, and
select OK.
5. For Database name enter mySampleDatabase.
6. For Server, select Create new, and fill out the New server form with the
following values:
o Server name: Enter mysqlserver, and add some characters for
uniqueness. We can't provide an exact server name to use

because server names must be globally unique for all servers in
Azure, not just unique within a subscription. So enter something
like mysqlserver12345, and the portal lets you know if it is
available or not.
o Server admin login: Enter azureuser.
o Password: Enter a password that meets requirements, and
enter it again in the Confirm password field.
o Location: Select a location from the dropdown list.
Select OK.
7. Leave Want to use SQL elastic pool set to No.

8. Under Compute + storage, select Configure database.
9. This quickstart uses a serverless database, so select Serverless, and then
select Apply.
10. Select Next: Networking at the bottom of the page.

11. On the Networking tab, for Connectivity method, select Public endpoint.
12. For Firewall rules, set Add current client IP address to Yes. Leave Allow
Azure services and resources to access this server set to No.
13. Select Next: Additional settings at the bottom of the page.

14. On the Additional settings tab, in the Data source section, for Use existing
data, select Sample. This creates an AdventureWorksLT sample database so
there's some tables and data to query and experiment with, as opposed to
an empty blank database.
15. Optionally, enable Azure Defender for SQL.
16. Optionally, set the maintenance window so planned maintenance is
performed at the best time for your database.
17. Select Review + create at the bottom of the page:

18. On the Review + create page, after reviewing, select Create.

2.13.3 Query the database
Once your database is created, you can use the Query editor (preview) in the Azure portal
to connect to the database and query data.
1. In the portal, search for and select SQL databases, and then select your
database from the list.
2. On the page for your database, select Query editor (preview) in the left menu.
3. Enter your server admin login information, and select OK.
4. Enter the following query in the Query editor pane.
SQLCopy
SELECT TOP 20 pc.Name as CategoryName, p.name as ProductName
FROM SalesLT.ProductCategory pc
JOIN SalesLT.Product p
ON pc.productcategoryid = p.productcategoryid;
5. Select Run, and then review the query results in the Results pane.

6. Close the Query editor page, and select OK when prompted to discard your
unsaved edits.
2.13.4 Relational database operations, SQL

Querying data
query data from a table, you use the SELECT statement. The following illustrates the
most basic form of the SELECT statement:
SELECT select_list FROM schema_name.table_name;
SQL Server SELECT – retrieve some columns of a table example
SELECT first_name, last_name FROM sales.customers;
SELECT first_name, last_name, email FROM sales.customers;
SQL Server SELECT – retrieve all columns from a table example
SELECT * FROM sales.customers;
SQL Server SELECT – sort the result set
SELECT * FROM sales.customers WHERE state = 'CA';
To sort the result set based on one or more columns, you use the ORDER BY clause as
shown in the following example
SELECT * FROM sales.customers WHERE state = 'CA' ORDER BY first_name;
SQL Server SELECT – filter groups example
To filter groups based on one or more conditions, you use the HAVING clause. The
following example returns the city in California which has more than 10 customers:

SELECT city, COUNT (*) FROM sales.customers WHERE state = 'CA' GROUP
BY city HAVING COUNT (*) > 10 ORDER BY city;
Filtering data
DISTINCT one column example
The following statement returns all cities of all customers in the customers tables:
SELECT city FROM sales.customers ORDER BY city;
SELECT DISTINCT city FROM sales.customers ORDER BY city;
Finding rows by using a simple equality
The following statement retrieves all products with the category id 1
SELECT product_id, product_name, category_id, model_year, list_price FROM
production.products WHERE category_id = 1 ORDER BY list_price DESC;
Finding rows that meet two conditions
The following example returns products that meet two conditions: category id is 1 and the
model is 2018. It uses the logical operator AND to combine the two conditions.
production.products WHERE category_id = 1 AND model_year = 2018 ORDER BY
list_price DESC;
Finding rows by using a comparison operator
The following statement finds the products whose list price is greater than 300 and model
is 2018.
production.products WHERE list_price > 300 AND model_year = 2018 ORDER BY
list_price DESC;
Finding rows that meet any of two conditions
The following query finds products whose list price is greater than 3,000 or model is 2018.
Any product that meets one of these conditions is included in the result set.
production.products WHERE list_price > 3000 OR model_year = 2018 ORDER BY
list_price DESC;

2.14 Creating MySQL Database & Perform CRUD Operations
Activity: This practical activity gives a quick start to learner about relational database
through SQL commands. User will create a single database and perform SQL operations
using SQL DDL, DML commands to create database tables and insert data. Also, data
can be updated and truncated later. This gives idea of how cloud relational databases
can be worked with.
2.14.1 Design an Azure Database for MySQL database using the Azure
portal
Azure Database for MySQL is a managed service that enables you to run, manage, and
scale highly available MySQL databases in the cloud. Using the Azure portal, you can
easily manage your server and design a database.
In this tutorial, you use the Azure portal to learn how to:
 Createan Azure Database for MySQL

 Configure the server firewall
 Use mysql command-line tool to create a database
 Load sample data
 Query data
 Update data
 Restore data
Prerequisites
If you don't have an Azure subscription, create a free Azure account before you begin.
2.14.2 Sign in to the Azure portal
Open your favorite web browser, and visit the Microsoft Azure portal. Enter your
credentials to sign in to the portal. The default view is your service dashboard.
2.14.3 Create an Azure Database for MySQL server
An Azure Database for MySQL server is created with a defined set of compute and
storage resources. The server is created within an Azure resource group.
1. Select the Create a resource button (+) in the upper left corner of the portal.
2. Select Databases > Azure Database for MySQL. If you cannot find MySQL
Server under the Databases category, click See all to show all available
database services. You can also type Azure Database for MySQL in the
search box to quickly find the service.

3. Click Azure Database for MySQL tile. Fill out the Azure Database for MySQL
form.

T AB L E 1
Setting Suggested value Field description
Server Unique server name Choose a unique name that identifies your Azure
name Database for MySQL server. For example,

T AB L E 1
mydemoserver. The domain

name .mysql.database.azure.com is appended to the
server name you provide. The server name can contain
only lowercase letters, numbers, and the hyphen (-)
character. It must contain from 3 to 63 characters.
Subscriptio Your subscription Select the Azure subscription that you want to use for
n your server. If you have multiple subscriptions, choose
the subscription in which you get billed for the resource.
Resource myresourcegroup Provide a new or existing resource group name.

group
Select Blank Select Blank to create a new server from scratch. (You
source select Backup if you are creating a server from a geo-
backup of an existing Azure Database for MySQL
server).
Server myadmin A sign-in account to use when you're connecting to the

admin login server. The admin sign-in name cannot
be azure_superuser, admin, administrator, root, g
uest, or public.
Password Your choice Provide a new password for the server admin account.
It must contain from 8 to 128 characters. Your
password must contain characters from three of the
following categories: English uppercase letters, English
lowercase letters, numbers (0-9), and non-
alphanumeric characters (!, $, #, %, and so on).
Confirm Your choice Confirm the admin account password.

password
Location The region closest to Choose the location that is closest to your users or your
your users other Azure applications.
Version The latest version The latest version (unless you have specific
requirements that require another version).
Pricing tier General The compute, storage, and backup configurations for
Purpose, Gen 5, 2 your new server. Select Pricing tier. Next, select
vCores, 5 GB, 7 the General Purpose tab. Gen 5, 2 vCores, 5 GB,
and 7 days are the default values for Compute

T AB L E 1
days, Geographical Generation, vCore, Storage, and Backup Retention

ly Redundant Period. You can leave those sliders as is. To enable
your server backups in geo-redundant storage,
select Geographically Redundant from the Backup
Redundancy Options. To save this pricing tier
selection, select OK. The next screenshot captures
these selections.
Tip
With auto-growth enabled your server increases storage when you are
approaching the allocated limit, without impacting your workload.
4. Click Review + create. You can click on the Notifications button on the toolbar
to monitor the deployment process. Deployment can take up to 20 minutes.

2.14.4 Configure firewall
Azure Databases for MySQL are protected by a firewall. By default, all connections to the
server and the databases inside the server are rejected. Before connecting to Azure
Database for MySQL for the first time, configure the firewall to add the client machine's
public network IP address (or IP address range).
1. Click your newly created server, and then click Connection security.
2. You can Add My IP, or configure firewall rules here. Remember to

click Save after you have created the rules. You can now connect to the
server using mysql command-line tool or MySQL Workbench GUI tool.
Tip
Azure Database for MySQL server communicates over port 3306. If you are trying to
connect from within a corporate network, outbound traffic over port 3306 may not be
allowed by your network's firewall. If so, you cannot connect to Azure MySQL server
unless your IT department opens port 3306.

2.14.5 Get connection information
Get the fully qualified Server name and Server admin login name for your Azure Database
for MySQL server from the Azure portal. You use the fully qualified server name to
connect to your server using mysql command-line tool.
1. In Azure portal, click All resources from the left-hand menu, type the name,
and search for your Azure Database for MySQL server. Select the server
name to view the details.
2. From the Overview page, note down Server Name and Server admin login
name. You may click the copy button next to each field to copy to the
clipboard.
In this example, the server name is mydemoserver.mysql.database.azure.com, and the

server admin login is myadmin@mydemoserver.
2.14.6 Connect to the server using mysql
Use mysql command-line tool to establish a connection to your Azure Database for
MySQL server. You can run the mysql command-line tool from the Azure Cloud Shell in
the browser or from your own machine using mysql tools installed locally. To launch the
Azure Cloud Shell, click the Try It button on a code block in this article, or visit the Azure
portal and click the >_ icon in the top right toolbar.
Type the command to connect:
Azure CLICopy
Try It
mysql -h mydemoserver.mysql.database.azure.com -u myadmin@mydemoserver -p
2.14.7 Create a blank database
Once you're connected to the server, create a blank database to work with.
CREATE DATABASE mysampledb;

At the prompt, run the following command to switch connection to this newly created
database:
USE mysampledb;
2.14.8.Create tables in the database
Now that you know how to connect to the Azure Database for MySQL database, you can
complete some basic tasks:
First, create a table and load it with some data. Let's create a table that stores inventory
information.
CREATE TABLE inventory (

id serial PRIMARY KEY,
name VARCHAR(50),
quantity INTEGER
);
2.14.9 Load data into the tables
Now that you have a table, insert some data into it. At the open command prompt window,
run the following query to insert some rows of data.
INSERT INTO inventory (id, name, quantity) VALUES (1, 'banana', 150);
INSERT INTO inventory (id, name, quantity) VALUES (2, 'orange', 154);
Now you have two rows of sample data into the table you created earlier.
2.14.10 Query and update the data in the tables
Execute the following query to retrieve information from the database table.
SELECT * FROM inventory;
You can also update the data in the tables.
UPDATE inventory SET quantity = 200 WHERE name = 'banana';
The row gets updated accordingly when you retrieve data.
SELECT * FROM inventory;

2.14.11 Restore a database to a previous point in time
Imagine you have accidentally deleted an important database table, and cannot recover
the data easily. Azure Database for MySQL allows you to restore the server to a point in
time, creating a copy of the databases into new server. You can use this new server to

recover your deleted data. The following steps restore the sample server to a point before
the table was added.
1. In the Azure portal, locate your Azure Database for MySQL. On

the Overview page, click Restore on the toolbar. The Restore page opens.
2. Fill out the Restore form with the required information.
o Restore point: Select a point-in-time that you want to restore to,

within the timeframe listed. Make sure to convert your local
timezone to UTC.

o Restore to new server: Provide a new server name you want to
restore to.
o Location: The region is same as the source server, and cannot
be changed.
o Pricing tier: The pricing tier is the same as the source server,
and cannot be changed.
3. Click OK to restore the server to restore to a point in time before the table
was deleted. Restoring a server creates a new copy of the server, as of the
point in time you specify.
If you don't expect to need these resources in the future, you can delete them by deleting
the resource group or just delete the MySQL server. To delete the resource group, follow
these steps:
1. In the Azure portal, search for and select Resource groups.

2. In the resource group list, choose the name of your resource group.
3. In the Overview page of your resource group, select Delete resource group.
4. In the confirmation dialog box, type the name of your resource group, and
then select Delete.

2.15 Exploring Database Services in Azure
2.15.1 Types of Databases on Azure
Fully managed, intelligent and flexible cloud database services
Azure SQL Database
Part of the Azure SQL family, Azure SQL Database is an intelligent, scalable, relational
database service built for the cloud. Optimise performance and durability with automated,
AI-powered features that are always up to date. With serverless compute and Hyperscale
storage options that automatically scale resources on demand, you are free to focus on
building new applications without worrying about storage size or resource management.
 Fully-managed SQL database automates updates, provisioning and backups so
you can focus on application development
 Flexible and responsive serverless compute and Hyperscale storage rapidly adapt
to your changing requirements
 Layers of protection, built-in controls and intelligent threat detection keep your data
secure
 Built-in AI and built-in high availability maintain peak performance and durability
with an SLA of up to 99.995 percent
Feature Details
Elastic database jobs For information, see Create, configure, and manage elastic jobs.
(preview)
Elastic queries For information, see Elastic query overview.
Elastic transactions Distributed transactions across cloud databases.
Query editor in the Azure For information, see Use the Azure portal's SQL query editor to
portal connect and query data.
SQL Analytics For information, see Azure SQL Analytics.
New features
SQL Managed Instance H2 2019 updates
 Service-aided subnet configuration is a secure and convenient way to manage
subnet configuration where you control data traffic while SQL Managed Instance
ensures the uninterrupted flow of management traffic.
 Transparent Data Encryption (TDE) with Bring Your Own Key (BYOK) enables a
bring-your-own-key (BYOK) scenario for data protection at rest and allows
organizations to separate management duties for keys and data.

 Auto-failover groups enable you to replicate all databases from the primary
instance to a secondary instance in another region.
 Global trace flags allow you to configure SQL Managed Instance behavior.
Azure Database for PostgreSQL

Focus on application innovation, not database management, with fully managed and
intelligent Azure Database for PostgreSQL. Scale your workload quickly with ease and
confidence. Enjoy high availability with up to 99.99% SLA and a choice of single zone or
zone redundant high availability, AI–powered performance optimisation and advanced
security.
Azure Arc enabled PostgreSQL Hyperscale is now in preview. You can run this service
on premises on any infrastructure of your choice with Azure cloud benefits like elastic
scale, unified management and a cloud billing model while staying always current.
 Integration with valuable Postgres features including JSONB, geospatial support,
rich indexing and dozens of extensions
 High-performance horizontal scaling on Postgres using Hyperscale (Citus)
 Intelligent performance recommendations generated from a custom analysis of
your database
 Fully managed Postgres with Azure IP Advantage and Azure Advanced Threat
Protection
Azure Database for PostgreSQL is a relational database service in the Microsoft cloud
based on the PostgreSQL Community Edition (available under the GPLv2 license)
database engine. Azure Database for PostgreSQL delivers:
1. Built-in high availability.
2. Data protection using automatic backups and point-in-time-restore for up to 35
days.
3. Automated maintenance for underlying hardware, operating system and database
engine to keep the service secure and up to date.
4. Predictable performance, using inclusive pay-as-you-go pricing.
5. Elastic scaling within seconds.
6. Enterprise grade security and industry-leading compliance to protect sensitive data
at-rest and in-motion.
7. Monitoring and automation to simplify management and monitoring for large-scale
deployments.
8. Industry-leading support experience.

Image: Azure Database
Reference: https://docs.microsoft.com/en-us/azure/postgresql/media/overview/overview-what-is-azure-postgres.png
Azure Database for MySQL
 Fully managed database based on the latest community editions, providing
maximum control and flexibility for database operations
 Intelligent performance recommendations providing custom analysis and
suggestions for MySQL database optimisation
 Simplified development experience and tight integration with Azure services
including Azure App Service and Azure Kubernetes service
 Enterprise-grade security and compliance and enhanced security capabilities of
Azure Advanced Threat Protection
Azure Database for MySQL is a relational database service in the Microsoft cloud based
on the MySQL Community Edition (available under the GPLv2 license) database engine,
versions 5.6, 5.7, and 8.0. Azure Database for MySQL delivers:
 Built-in high availability.
 Data protection using automatic backups and point-in-time-restore for up to 35
days.
 Automated maintenance for underlying hardware, operating system and database
engine to keep the service secure and up to date.
 Predictable performance, using inclusive pay-as-you-go pricing.
 Elastic scaling within seconds.
 Cost optimization controls with ability to stop/start server.
 Enterprise grade security and industry-leading compliance to protect sensitive data
at-rest and in-motion.
 Monitoring and automation to simplify management and monitoring for large-scale
deployments.
 Industry-leading support experience.

Image: Azure MySQL
Reference: https://docs.microsoft.com/en-us/azure/mysql/media/overview/1-azure-db-for-mysql-conceptual-
diagram.png
2.15.2 Azure Cosmos DB
Fast NoSQL database with open APIs for any scale
Azure Cosmos DB is a fully managed NoSQL database service for modern app
development. Get guaranteed single-digit millisecond response times and 99.999-percent
availability, backed by SLAs, automatic and instant scalability and open-source APIs for
MongoDB and Cassandra. Enjoy fast writes and reads anywhere in the world with turnkey
data replication and multi-region writes. Gain insight over real-time data with no-ETL
analytics using Azure Synapse Link for Azure Cosmos DB.
 Guaranteed speed at any scale—even through bursts—with instant, limitless
elasticity, fast reads and multi-master writes, anywhere in the world
 Fast, flexible app development with SDKs for popular languages, a native Core
(SQL) API along with APIs for MongoDB, Cassandra and Gremlin and no-ETL
(extract, transform, load) analytics
 Ready for mission-critical applications with guaranteed business continuity,
99.999-percent availability and enterprise-level security
 Fully managed and cost-effective serverless database with instant, automatic
scaling that responds to application needs
Azure Cosmos DB is a fully managed NoSQL database for modern app development.
Single-digit millisecond response times, and automatic and instant scalability, guarantee
speed at any scale. Business continuity is assured with SLA-backed availability and
enterprise-grade security. App development is faster and more productive thanks to
turnkey multi region data distribution anywhere in the world, open source APIs and SDKs
for popular languages. As a fully managed service, Azure Cosmos DB takes database

administration off your hands with automatic management, updates and patching. It also
handles capacity management with cost-effective serverless and automatic scaling
options that respond to application needs to match capacity with demand.
Image: Azure CosmosDB

Reference: https://docs.microsoft.com/en-us/azure/cosmos-db/media/introduction/azure-cosmos-db.png
2.15.3 Azure Database Migration Service
A simple tool to accelerate your data migration to Azure
Azure Database Migration Service is a tool that helps you simplify, guide and automate
your database migration to Azure. Easily migrate your data, schema and objects from
multiple sources to the cloud at scale.
 Database-sensitive migration moves data, schema and objects to Azure
 Easy-to-understand process helps you get the job done right the first time
 Supports Microsoft SQL Server, MySQL, PostgreSQL, MongoDB and Oracle
migration to Azure from on-premises and other clouds
 Highly resilient and self-healing migration service provides reliable outcomes with
near-zero downtime

Migrate databases to Azure with familiar tools
Azure Database Migration Service integrates some of the functionality of our existing tools
and services. It provides customers with a comprehensive, highly available solution. The
service uses the Data Migration Assistant to generate assessment reports that provide
recommendations to guide you through the changes required prior to performing a
migration. It's up to you to perform any remediation required. When you're ready to begin
the migration process, Azure Database Migration Service performs all of the required
steps. You can fire and forget your migration projects with peace of mind, knowing that
the process takes advantage of best practices as determined by Microsoft.
Image: Azure Database Migration

d1f914457173f9a29fa48e38d98071dfa717ca0299fa00358be35cd254e17e57/images/page/services/database-
migration/discover.png

2.16 Creating Database Services in Azure
Activity: This practical activity creates a MySQL database server in Azure cloud and a
small PHP application that connects to database for saving data. On successful creation,
user will be able to utilise the learning for creating databased applications and host them
in Azure cloud environment.
2.16.1 Build a PHP and MySQL app in Azure App Service
Azure App Service provides a highly scalable, self-patching web hosting service using
the Windows operating system. This tutorial shows how to create a PHP app in Azure
and connect it to a MySQL database. When you're finished, you'll have a Laravel app
running on Azure App Service on Windows.

 Create a MySQL database in Azure

 Connect a PHP app to MySQL
 Deploy the app to Azure
 Update the data model and redeploy the app
 Stream diagnostic logs from Azure
 Manage the app in the Azure portal
If you don't have an Azure subscription, create a free account before you begin.
Prerequisites
To complete this tutorial:
 Install Git
 Install PHP 5.6.4 or above
 Install Composer
 Enable the following PHP extensions Laravel needs: OpenSSL, PDO-
MySQL, Mbstring, Tokenizer, XML
 Install and start MySQL
 Use the Bash environment in Azure Cloud Shell.
 If you prefer, install the Azure CLI to run CLI reference commands.
o If you're using a local installation, sign in to the Azure CLI by using
the az login command. To finish the authentication process, follow
the steps displayed in your terminal. For additional sign-in options,
see Sign in with the Azure CLI.
o When you're prompted, install Azure CLI extensions on first use.
For more information about extensions, see Use extensions with
the Azure CLI.
o Run az version to find the version and dependent libraries that are
installed. To upgrade to the latest version, run az upgrade.
2.16.1 Prepare local MySQL
In this step, you create a database in your local MySQL server for your use in this tutorial.

Connect to local MySQL server
In a terminal window, connect to your local MySQL server. You can use this terminal
window to run all the commands in this tutorial.
BashCopy
mysql -u root -p
If you're prompted for a password, enter the password for the root account. If you don't
remember your root account password, see MySQL: How to Reset the Root Password.
If your command runs successfully, then your MySQL server is running. If not, make sure
that your local MySQL server is started by following the MySQL post-installation steps.
Create a database locally
At the mysql prompt, create a database.
SQLCopy
CREATE DATABASE sampledb;
Exit your server connection by typing quit.
SQLCopy
quit
2.16.3 Create a PHP app locally
In this step, you get a Laravel sample application, configure its database connection, and
run it locally.
Clone the sample
In the terminal window, cd to a working directory.
Run the following command to clone the sample repository.
BashCopy
git clone https://github.com/Azure-Samples/laravel-tasks
cd to your cloned directory. Install the required packages.
BashCopy
cd laravel-tasks

composer install
2.16.4 Configure MySQL connection
In the repository root, create a file named .env. Copy the following variables into
the .env file. Replace the <root_password> placeholder with the MySQL root user's
password.
txtCopy
APP_ENV=local
APP_DEBUG=true
APP_KEY=
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_DATABASE=sampledb
DB_USERNAME=root
DB_PASSWORD=<root_password>
For information on how Laravel uses the .env file, see Laravel Environment
Configuration.
Run the sample locally
Run Laravel database migrations to create the tables the application needs. To see which
tables are created in the migrations, look in the database/migrations directory in the Git
repository.
BashCopy
php artisan migrate
Generate a new Laravel application key.
BashCopy
php artisan key:generate
Run the application.
BashCopy
php artisan serve
Navigate to http://localhost:8000 in a browser. Add a few tasks in the page.

To stop PHP, type Ctrl + C in the terminal.
2.16.5 Create MySQL in Azure
In this step, you create a MySQL database in Azure Database for MySQL. Later, you
configure the PHP application to connect to this database.
Create a resource group
A resource group is a logical container into which Azure resources, such as web apps,
databases, and storage accounts, are deployed and managed. For example, you can
choose to delete the entire resource group in one simple step later.

In the Cloud Shell, create a resource group with the az group create command. The
following example creates a resource group named myResourceGroup in the West
Europe location. To see all supported locations for App Service in Free tier, run the az
appservice list-locations --sku FREE command.
Try It
az group create --name myResourceGroup --location "West Europe"
You generally create your resource group and the resources in a region near you.
When the command finishes, a JSON output shows you the resource group properties.
Create a MySQL server
In the Cloud Shell, create a server in Azure Database for MySQL with the az mysql server
create command.
In the following command, substitute a unique server name for the <mysql-server-
name> placeholder, a user name for the <admin-user>, and a password for the <admin-
password> placeholder. The server name is used as part of your MySQL endpoint
(https://<mysql-server-name>.mysql.database.azure.com), so the name needs to be unique across
all servers in Azure. For details on selecting MySQL DB SKU, see Create an Azure
Database for MySQL server.
Azure CLICopy
Try It
az mysql server create --resource-group myResourceGroup --name <mysql-server-name> --location "West
Europe" --admin-user <admin-user> --admin-password <admin-password> --sku-name B_Gen5_1
When the MySQL server is created, the Azure CLI shows information similar to the
following example:
{
"administratorLogin": "<admin-user>",
"administratorLoginPassword": null,
"fullyQualifiedDomainName": "<mysql-server-name>.mysql.database.azure.com",
"id": "/subscriptions/00000000-0000-0000-0000-
000000000000/resourceGroups/myResourceGroup/providers/Microsoft.DBforMySQL/servers/<mysql-
server-name>",
"location": "westeurope",
"name": "<mysql-server-name>",
"resourceGroup": "myResourceGroup",
...
- < Output has been truncated for readability >
}

Configure server firewall
In the Cloud Shell, create a firewall rule for your MySQL server to allow client connections
by using the az mysql server firewall-rule create command. When both starting IP and end IP
are set to 0.0.0.0, the firewall is only opened for other Azure resources.
Try It
az mysql server firewall-rule create --name allAzureIPs --server <mysql-server-name> --resource-group
myResourceGroup --start-ip-address 0.0.0.0 --end-ip-address 0.0.0.0
Tip
You can be even more restrictive in your firewall rule by using only the outbound IP
addresses your app uses.
In the Cloud Shell, run the command again to allow access from your local computer by
replacing <your-ip-address> with your local IPv4 IP address.
Azure CLICopy
Try It
az mysql server firewall-rule create --name AllowLocalClient --server <mysql-server-name> --resource-
group myResourceGroup --start-ip-address=<your-ip-address> --end-ip-address=<your-ip-address>
2.16.6 Connect to production MySQL server locally
In the local terminal window, connect to the MySQL server in Azure. Use the value you
specified previously for <admin-user> and <mysql-server-name>. When prompted for a
password, use the password you specified when you created the database in Azure.
BashCopy
mysql -u <admin-user>@<mysql-server-name> -h <mysql-server-name>.mysql.database.azure.com -P
3306 -p
Create a production database
At the mysql prompt, create a database.
SQLCopy
CREATE DATABASE sampledb;
Create a user with permissions
Create a database user called phpappuser and give it all privileges in

the sampledb database. For simplicity of the tutorial, use MySQLAzure2017 as the
password.

SQLCopy
CREATE USER 'phpappuser' IDENTIFIED BY 'MySQLAzure2017';
GRANT ALL PRIVILEGES ON sampledb.* TO 'phpappuser';
Exit the server connection by typing quit.
SQLCopy
quit
2.16.7 Connect app to Azure MySQL
In this step, you connect the PHP application to the MySQL database you created in
Azure Database for MySQL.
Configure the database connection
In the repository root, create an .env.production file and copy the following variables into
it. Replace the placeholder_<mysql-server-name>_ in
both DB_HOST and DB_USERNAME.
Copy
APP_ENV=production
APP_DEBUG=true
APP_KEY=
DB_CONNECTION=mysql
DB_HOST=<mysql-server-name>.mysql.database.azure.com
DB_DATABASE=sampledb
DB_USERNAME=phpappuser@<mysql-server-name>
DB_PASSWORD=MySQLAzure2017
MYSQL_SSL=true
Save the changes.
Tip
To secure your MySQL connection information, this file is already excluded from the Git
repository (See .gitignore in the repository root). Later, you learn how to configure
environment variables in App Service to connect to your database in Azure Database for
MySQL. With environment variables, you don't need the .env file in App Service.

Configure TLS/SSL certificate
By default, Azure Database for MySQL enforces TLS connections from clients. To
connect to your MySQL database in Azure, you must use the .pem certificate supplied by
Azure Database for MySQL.
Open config/database.php and add the sslmode and options parameters

to connections.mysql, as shown in the following code.
PHPCopy
'mysql' => [
...
'sslmode' => env('DB_SSLMODE', 'prefer'),
'options' => (env('MYSQL_SSL')) ? [
PDO::MYSQL_ATTR_SSL_KEY => '/ssl/BaltimoreCyberTrustRoot.crt.pem',
] : []
],
The certificate BaltimoreCyberTrustRoot.crt.pem is provided in the repository for convenience

in this tutorial.
Test the application locally
Run Laravel database migrations with .env.production as the environment file to create
the tables in your MySQL database in Azure Database for MySQL. Remember
that .env.production has the connection information to your MySQL database in Azure.
BashCopy
php artisan migrate --env=production --force
.env.production doesn't have a valid application key yet. Generate a new one for it in the
terminal.
BashCopy
php artisan key:generate --env=production --force
Run the sample application with .env.production as the environment file.
BashCopy
php artisan serve --env=production
Navigate to http://localhost:8000. If the page loads without errors, the PHP application is
connecting to the MySQL database in Azure.

Add a few tasks in the page.
Commit your changes
Run the following Git commands to commit your changes:
BashCopy
git add .
git commit -m "database.php updates"
Your app is ready to be deployed.

2.16.8 Deploy to Azure
In this step, you deploy the MySQL-connected PHP application to Azure App Service.
Configure a deployment user
FTP and local Git can deploy to an Azure web app by using a deployment user. Once you
configure your deployment user, you can use it for all your Azure deployments. Your
account-level deployment username and password are different from your Azure
subscription credentials.
To configure the deployment user, run the az webapp deployment user set command in
Azure Cloud Shell. Replace <username> and <password> with a deployment user
username and password.
 The username must be unique within Azure, and for local Git pushes, must
not contain the ‘@’ symbol.
 The password must be at least eight characters long, with two of the following
three elements: letters, numbers, and symbols.
Try It
az webapp deployment user set --user-name <username> --password <password>
The JSON output shows the password as null. If you get a 'Conflict'. Details: 409 error,
change the username. If you get a 'Bad Request'. Details: 400 error, use a stronger password.
Record your username and password to use to deploy your web apps.
Create an App Service plan
In the Cloud Shell, create an App Service plan with the az appservice plan create command.
The following example creates an App Service plan named myAppServicePlan in

the Free pricing tier:
Try It
az appservice plan create --name myAppServicePlan --resource-group myResourceGroup --sku FREE
When the App Service plan has been created, the Azure CLI shows information similar
to the following example:
{
"adminSiteName": null,
"appServicePlanName": "myAppServicePlan",
"geoRegion": "West Europe",

"hostingEnvironmentProfile": null,
"id": "/subscriptions/0000-
0000/resourceGroups/myResourceGroup/providers/Microsoft.Web/serverfarms/myAppServicePlan",
"kind": "app",
"location": "West Europe",
"maximumNumberOfWorkers": 1,
"name": "myAppServicePlan",
< JSON data removed for brevity. >
"targetWorkerSizeId": 0,
"type": "Microsoft.Web/serverfarms",
"workerTierName": null
}
Create a web app
Create a web app in the myAppServicePlan App Service plan.
In the Cloud Shell, you can use the az webapp create command. In the following example,
replace <app-name> with a globally unique app name (valid characters are a-z, 0-9, and -).
The runtime is set to PHP|7.2. To see all supported runtimes, run az webapp list-runtimes --
linux.
Try It
# Bash
az webapp create --resource-group myResourceGroup --plan myAppServicePlan --name <app-name> --
runtime "PHP|7.2" --deployment-local-git
# PowerShell
az --% webapp create --resource-group myResourceGroup --plan myAppServicePlan --name <app-name>
--runtime "PHP|7.2" --deployment-local-git
When the web app has been created, the Azure CLI shows output similar to the following
example:
Local git is configured with url of 'https://<username>@<app-name>.scm.azurewebsites.net/<app-

name>.git'
{
"availabilityState": "Normal",
"clientAffinityEnabled": true,
"clientCertEnabled": false,
"cloningInfo": null,
"containerSize": 0,
"dailyMemoryTimeQuota": 0,
"defaultHostName": "<app-name>.azurewebsites.net",
"deploymentLocalGitUrl": "https://<username>@<app-name>.scm.azurewebsites.net/<app-name>.git",
"enabled": true,
< JSON data removed for brevity. >
}
You’ve created an empty new web app, with git deployment enabled.

Note
The URL of the Git remote is shown in the deploymentLocalGitUrl property, with the
format https://<username>@<app-name>.scm.azurewebsites.net/<app-name>.git. Save this URL as
you need it later.
Configure database settings
In App Service, you set environment variables as app settings by using the az webapp config
appsettings set command.
The following command configures the app

settings DB_HOST, DB_DATABASE, DB_USERNAME, and DB_PASSWORD. Replace the
placeholders <app-name> and <mysql-server-name>.
Try It
az webapp config appsettings set --name <app-name> --resource-group myResourceGroup --settings
DB_HOST="<mysql-server-name>.mysql.database.azure.com" DB_DATABASE="sampledb"
DB_USERNAME="phpappuser@<mysql-server-name>" DB_PASSWORD="MySQLAzure2017"
MYSQL_SSL="true"
You can use the PHP getenv method to access the settings. the Laravel code uses
an env wrapper over the PHP getenv. For example, the MySQL configuration
in config/database.php looks like the following code:
PHPCopy
'mysql' => [
'driver' => 'mysql',
'host' => env('DB_HOST', 'localhost'),
'database' => env('DB_DATABASE', 'forge'),
'username' => env('DB_USERNAME', 'forge'),
'password' => env('DB_PASSWORD', ''),
...
],
Configure Laravel environment variables
Laravel needs an application key in App Service. You can configure it with app settings.
In the local terminal window, use php artisan to generate a new application key without
saving it to .env.
BashCopy
php artisan key:generate --show

In the Cloud Shell, set the application key in the App Service app by using the az webapp
config appsettings set command. Replace the placeholders <app-
name> and <outputofphpartisankey:generate>.
Try It
az webapp config appsettings set --name <app-name> --resource-group myResourceGroup --settings
APP_KEY="<output_of_php_artisan_key:generate>" APP_DEBUG="true"
APP_DEBUG="true" tells Laravel to return debugging information when the deployed app
encounters errors. When running a production application, set it to false, which is more
secure.
Set the virtual application path
Set the virtual application path for the app. This step is required because the Laravel
application lifecycle begins in the public directory instead of the application's root
directory. Other PHP frameworks whose lifecycle start in the root directory can work
without manual configuration of the virtual application path.
In the Cloud Shell, set the virtual application path by using the az resource update command.
Replace the <app-name> placeholder.
Try It
az resource update --name web --resource-group myResourceGroup --namespace Microsoft.Web --
resource-type config --parent sites/<app_name> --set
properties.virtualApplications[0].physicalPath="site\wwwroot\public" --api-version 2015-06-01
By default, Azure App Service points the root virtual application path (/) to the root
directory of the deployed application files (sites\wwwroot).
Push to Azure from Git
Back in the local terminal window, add an Azure remote to your local Git repository.
Replace <deploymentLocalGitUrl-from-create-step> with the URL of the Git remote that
you saved from Create a web app.
BashCopy
git remote add azure <deploymentLocalGitUrl-from-create-step>
Push to the Azure remote to deploy your app with the following command. When Git
Credential Manager prompts you for credentials, make sure you enter the credentials you
created in Configure a deployment user, not the credentials you use to sign in to the Azure
portal.

BashCopy
git push azure master
This command may take a few minutes to run. While running, it displays information
similar to the following example:
Counting objects: 3, done.

Delta compression using up to 8 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 291 bytes | 0 bytes/s, done.
Total 3 (delta 2), reused 0 (delta 0)
remote: Updating branch 'main'.
remote: Updating submodules.
remote: Preparing deployment for commit id 'a5e076db9c'.
remote: Running custom deployment command...
remote: Running deployment command...
...
< Output has been truncated for readability >
Note
You may notice that the deployment process installs Composer packages at the end.
App Service does not run these automations during default deployment, so this sample
repository has three additional files in its root directory to enable it:
 .deployment - This file tells App Service to run bash deploy.sh as the custom
deployment script.
 deploy.sh - The custom deployment script. If you review the file, you will see
that it runs php composer.phar install after npm install.
 composer.phar - The Composer package manager.
You can use this approach to add any step to your Git-based deployment to App Service.
For more information, see Custom Deployment Script.
Browse to the Azure app
Browse to http://<app-name>.azurewebsites.net and add a few tasks to the list.

Congratulations, you're running a data-driven PHP app in Azure App Service.
2.16.9 Update model locally and redeploy
In this step, you make a simple change to the task data model and the webapp, and then
publish the update to Azure.
For the tasks scenario, you modify the application so that you can mark a task as
complete.
Add a column
In the local terminal window, navigate to the root of the Git repository.

Generate a new database migration for the tasks table:
BashCopy
php artisan make:migration add_complete_column --table=tasks
This command shows you the name of the migration file that's generated. Find this file
in database/migrations and open it.
Replace the up method with the following code:
PHPCopy
public function up()
{
Schema::table('tasks', function (Blueprint $table) {
$table->boolean('complete')->default(False);
});
}
The preceding code adds a boolean column in the tasks table called complete.
Replace the down method with the following code for the rollback action:
PHPCopy
public function down()
{
Schema::table('tasks', function (Blueprint $table) {
$table->dropColumn('complete');
});
}
In the local terminal window, run Laravel database migrations to make the change in the
local database.
BashCopy
php artisan migrate
Based on the Laravel naming convention, the model Task (see app/Task.php) maps to
the tasks table by default.
Update application logic
Open the routes/web.php file. The application defines its routes and business logic here.
At the end of the file, add a route with the following code:

PHPCopy
/**
* Toggle Task completeness
*/
Route::post('/task/{id}', function ($id) {
error_log('INFO: post /task/'.$id);
$task = Task::findOrFail($id);
$task->complete = !$task->complete;
$task->save();
return redirect('/');
});
The preceding code makes a simple update to the data model by toggling the value
of complete.
Update the view
Open the resources/views/tasks.blade.php file. Find the <tr> opening tag and replace it
with:
HTMLCopy
<tr class="{{ $task->complete ? 'success' : 'active' }}" >
The preceding code changes the row color depending on whether the task is complete.
In the next line, you have the following code:
HTMLCopy
<td class="table-text"><div>{{ $task->name }}</div></td>
Replace the entire line with the following code:
HTMLCopy
<td>
<form action="{{ url('task/'.$task->id) }}" method="POST">
{{ csrf_field() }}
<button type="submit" class="btn btn-xs">

<i class="fa {{$task->complete ? 'fa-check-square-o' : 'fa-square-o'}}"></i>
</button>
{{ $task->name }}
</form>
</td>

The preceding code adds the submit button that references the route that you defined
earlier.
Test the changes locally
In the local terminal window, run the development server from the root directory of the Git
repository.
BashCopy
php artisan serve
To see the task status change, navigate to http://localhost:8000 and select the checkbox.

Publish changes to Azure
In the local terminal window, run Laravel database migrations with the production
connection string to make the change in the Azure database.
BashCopy
php artisan migrate --env=production --force
Commit all the changes in Git, and then push the code changes to Azure.
BashCopy
git add .
git commit -m "added complete checkbox"
git push azure main
Once the git push is complete, navigate to the Azure app and test the new functionality.

If you added any tasks, they are retained in the database. Updates to the data schema
leave existing data intact.
2.16.10 Stream diagnostic logs
While the PHP application runs in Azure App Service, you can get the console logs piped
to your terminal. That way, you can get the same diagnostic messages to help you debug
application errors.
To start log streaming, use the az webapp log tail command in the Cloud Shell.
Try It
az webapp log tail --name <app_name> --resource-group myResourceGroup

Once log streaming has started, refresh the Azure app in the browser to get some web
traffic. You can now see console logs piped to the terminal. If you don't see console logs
immediately, check again in 30 seconds.
2.16.11 Manage the Azure app
Go to the Azure portal to manage the app you created.
From the left menu, click App Services, and then click the name of your Azure app.
You see your app's Overview page. Here, you can perform basic management tasks like
stop, start, restart, browse, and delete.
The left menu provides pages for configuring your app.

Clean up resources
In the preceding steps, you created Azure resources in a resource group. If you don't
expect to need these resources in the future, delete the resource group by running the
following command in the Cloud Shell:
Try It
az group delete --name myResourceGroup
This command may take a minute to run.

2.17 SQL DDL & DML Queries
Structured Query Language (SQL) as we all know is the database language by the use
of which we can perform certain operations on the existing database and also we can use
this language to create a database. SQL uses certain commands like Create, Drop, Insert,
etc. to carry out the required tasks.
These SQL commands are mainly categorized into four categories as:
DDL – Data Definition Language
DQl – Data Query Language
DML – Data Manipulation Language
DCL – Data Control Language
Though many resources claim there to be another category of SQL clauses TCL –
Transaction Control Language. So we will see in detail about TCL as well.
2.17.1 DDL (Data Definition Language)

DDL or Data Definition Language actually consists of the SQL commands that can be
used to define the database schema. It simply deals with descriptions of the database
schema and is used to create and modify the structure of database objects in the
database.
Examples of DDL commands:
CREATE – is used to create the database or its objects (like table, index, function, views,
store procedure and triggers).
DROP – is used to delete objects from the database.
ALTER-is used to alter the structure of the database.
TRUNCATE–is used to remove all records from a table, including all spaces allocated for
the records are removed.
COMMENT –is used to add comments to the data dictionary.
RENAME –is used to rename an object existing in the database.
CREATE DATABASE
A Database is defined as a structured set of data. So, in SQL the very first step to store
the data in a well-structured manner is to create a database. The CREATE DATABASE
statement is used to create a new database in SQL.

Syntax:
CREATE DATABASE database_name;
database_name: name of the database.
Example Query:
CREATE DATABASE my_database;
This query will create a new database in SQL and name the database as my_database.
CREATE TABLE
We have learned above about creating databases. Now to store the data we need a table
to do that. The CREATE TABLE statement is used to create a table in SQL. We know
that a table comprises of rows and columns. So while creating tables we have to provide
all the information to SQL about the names of the columns, type of data to be stored in
columns, size of the data etc. Let us now dive into details on how to use CREATE TABLE
statement to create tables in SQL.
Syntax:
CREATE TABLE table_name
column1 data_type(size),
....
);
Example Query:
This query will create a table named Students with three columns, ROLL_NO, NAME and
SUBJECT.
CREATE TABLE Students
ROLL_NO int(3),
NAME varchar(20),

SUBJECT varchar(20),
);
DROP
DROP is used to delete a whole database or just a table.The DROP statement destroys
the objects like an existing database, table, index, or view.
A DROP statement in SQL removes a component from a relational database

management system (RDBMS).
Syntax:
DROP object object_name
Examples:
DROP TABLE table_name;
table_name: Name of the table to be deleted.
DROP DATABASE database_name;
database_name: Name of the database to be deleted.
ALTER TABLE is used to add, delete/drop or modify columns in the existing table. It is
also used to add and drop various constraints on the existing table.
ALTER TABLE – ADD

ADD is used to add columns into the existing table. Sometimes we may require to add
additional information, in that case we do not require to create the whole database again,
ADD comes to our rescue.
Syntax:
ALTER TABLE table_name
ADD (Columnname_1 datatype,
Columnname_2 datatype,
Columnname_n datatype);

DROP COLUMN is used to drop column in a table. Deleting the unwanted columns from
the table.
Syntax:
DROP COLUMN column_name;
ALTER TABLE-MODIFY
It is used to modify the existing columns in a table. Multiple columns can also be modified
at once.
*Syntax may vary slightly in different databases.
Syntax(Oracle,MySQL,MariaDB):
MODIFY column_name column_type;
Syntax(SQL Server):
ALTER COLUMN column_name column_type;
QUERY:
To ADD 2 columns AGE and COURSE to table Student.
ALTER TABLE Student ADD (AGE number(3),COURSE varchar(40));
MODIFY column COURSE in table Student
ALTER TABLE Student MODIFY COURSE varchar(20);
DROP column COURSE in table Student.
ALTER TABLE Student DROP COLUMN COURSE;
TRUNCATE
TRUNCATE statement is a Data Definition Language (DDL) operation that is used to
mark the extents of a table for deallocation (empty for reuse). The result of this operation
quickly removes all data from a table, typically bypassing a number of integrity enforcing
mechanisms. It was officially introduced in the SQL:2008 standard.

The TRUNCATE TABLE mytable statement is logically (though not physically) equivalent
to the DELETE FROM mytable statement (without a WHERE clause).
Syntax:
TRUNCATE TABLE table_name;
table_name: Name of the table to be truncated.
DATABASE name - student_data
To truncate Student_details table from student_data database.
TRUNCATE TABLE Student_details;
SQL | Comments
As is any programming languages comments matter a lot in SQL also. In this set we will
learn about writing comments in any SQL snippet.
Comments can be written in the following three formats:
Single line comments.
Multi line comments
In line comments
Single line comments: Comments starting and ending in a single line are considered as
single line comments.
Line starting with ‘–‘ is a comment and will not be executed.
Syntax:
-- single line comment
-- another comment
SELECT * FROM Customers;
Multi line comments: Comments starting in one line and ending in different line are
considered as multi line comments. Line starting with ‘/*’ is considered as starting point
of comment and are terminated when ‘*/’ is encountered.
Syntax:
/* multi line comment
another comment */

SELECT * FROM Customers;
In line comments: In line comments are an extension of multi line comments, comments
can be stated in between the statements and are enclosed in between ‘/*’ and ‘*/’.
Syntax:
SELECT * FROM /* Customers; */
More examples:
Multi line comment ->
/* SELECT * FROM Students;
SELECT * FROM STUDENT_DETAILS;
SELECT * FROM Orders; */
SELECT * FROM Articles;
In line comment ->
SELECT * FROM Students;
SELECT * FROM /* STUDENT_DETAILS;
SELECT * FROM Orders;
SELECT * FROM */ Articles;
SQL | ALTER (RENAME)

Sometimes we may want to rename our table to give it a more relevant name. For this
purpose we can use ALTER TABLE to rename the name of table.
*Syntax may vary in different databases.
Syntax(Oracle, MySQL, MariaDB):
RENAME TO new_table_name;
Columns can be also be given new name with the use of ALTER TABLE.
Syntax(MySQL, Oracle):

RENAME COLUMN old_name TO new_name;
Syntax(MariaDB):
CHANGE COLUMN old_name TO new_name;
QUERY:
Change the name of column NAME to FIRST_NAME in table Student.
ALTER TABLE Student RENAME COLUMN NAME TO FIRST_NAME;
Change the name of the table Student to Student_Details
ALTER TABLE Student RENAME TO Student_Details;
2.17.2 DML(Data Manipulation Language)
The SQL commands that deals with the manipulation of data present in the database
belong to DML or Data Manipulation Language and this includes most of the SQL
statements.
Examples of DML:
INSERT – is used to insert data into a table.
UPDATE – is used to update existing data within a table.
DELETE – is used to delete records from a database table.
SQL | INSERT INTO Statement

The INSERT INTO statement of SQL is used to insert a new row in a table. There are two
ways of using INSERT INTO statement for inserting rows:
Only values: First method is to specify only the value of data to be inserted without the
column names.
INSERT INTO table_name VALUES (value1, value2, value3,…);
table_name: name of the table.
value1, value2,.. : value of first column, second column,… for the new record
Column names and values both: In the second method we will specify both the columns
which we want to fill and their corresponding values as shown below:

INSERT INTO table_name (column1, column2, column3,..) VALUES ( value1, value2,
value3,..);
table_name: name of the table.
column1: name of first column, second column …
value1, value2, value3 : value of first column, second column,… for the new record
Method 1 (Inserting only values) :
INSERT INTO Student VALUES (‘5′,’HARSH’,’WEST BENGAL’,’XXXXXXXXXX’,’19’);
Method 2 (Inserting values in only specified columns):
INSERT INTO Student (ROLL_NO, NAME, Age) VALUES (‘5′,’PRATIK’,’19’);
Method 1(Inserting all rows and columns):
INSERT INTO Student SELECT * FROM LateralStudent;
Method 2(Inserting specific columns):
INSERT INTO Student(ROLL_NO,NAME,Age) SELECT ROLL_NO, NAME, Age FROM

LateralStudent;
Select specific rows to insert:
INSERT INTO Student SELECT * FROM LateralStudent WHERE Age = 18;
Example:
The following SQL statement insert multiple rows in Student Table.
Input :
INSERT INTO STUDENT(ID, NAME,AGE,GRADE,CITY) VALUES(1,"AMIT

KUMAR",15,10,"DELHI"),
(2,"GAURI RAO",18,12,"BANGALORE"),
(3,"MANAV BHATT",17,11,"NEW DELHI"),
(4,"RIYA KAPOOR",10,5,"UDAIPUR");

2.17.3 SQL | UPDATE Statement
The UPDATE statement in SQL is used to update the data of an existing table in
database. We can update single columns as well as multiple columns using UPDATE
statement as per our requirement.
Basic Syntax
UPDATE table_name SET column1 = value1, column2 = value2,...
WHERE condition;
table_name: name of the table
column1: name of first , second, third column....
value1: new value for first, second, third column....
condition: condition to select the rows for which the
values of columns needs to be updated.
Updating single column: Update the column NAME and set the value to ‘PRATIK’ in all
the rows where Age is 20.
UPDATE Student SET NAME = 'PRATIK' WHERE Age = 20;
Updating multiple columns: Update the columns NAME to ‘PRATIK’ and ADDRESS to
‘SIKKIM’ where ROLL_NO is 1.
UPDATE Student SET NAME = 'PRATIK', ADDRESS = 'SIKKIM' WHERE ROLL_NO =

1;
Omitting WHERE clause: If we omit the WHERE clause from the update query then all of
the rows will get updated.
UPDATE Student SET NAME = ‘Satish’;
SQL | DELETE Statement

The DELETE Statement in SQL is used to delete existing records from a table. We can
delete a single record or multiple records depending on the condition we specify in the
WHERE clause.
Basic Syntax:
DELETE FROM table_name WHERE some_condition;

table_name: name of the table
some_condition: condition to choose particular record.
Deleting single record: Delete the rows where NAME = ‘Ram’. This will delete only the
first row.
DELETE FROM Student WHERE NAME = 'Ram';
Deleting multiple records: Delete the rows from the table Student where Age is 20. This
will delete 2 rows(third row and fifth row).
DELETE FROM Student WHERE Age = 20;
Delete all of the records: There are two queries to do this as shown below,
query1: "DELETE FROM Student";
query2: "DELETE * FROM Student";

2.18 Connect Cloud Relational Database via Local Terminal
Activity: This practical activity makes learner create a SQL database in Azure cloud
and perform interaction from local terminal for creation and management of SQL
database using local terminal window.
2.18.1 Design a relational database in Azure SQL Database using SSMS

Prerequisites
To complete this tutorial, make sure you've installed:
 SQL Server Management Studio (latest version)

 BCP and SQLCMD (latest version)
2.18.2 Sign in to the Azure portal
2.18.3 Create a blank database in Azure SQL Database
A database in Azure SQL Database is created with a defined set of compute and storage
resources. The database is created within an Azure resource group and is managed
using an logical SQL server.
Follow these steps to create a blank database.
2. On the New page, select Databases in the Azure Marketplace section, and
then click SQL Database in the Featured section.

3. Fill out the SQL Database form with the following information, as shown on
the preceding image:

T AB L E 1
Setting       Suggested value Description 
Database yourDatabase For valid database names, see Database identifiers.

name
Subscription yourSubscription For details about your subscriptions,

see Subscriptions.
Resource yourResourceGroup For valid resource group names, see Naming rules
group and restrictions.
Select Blank database Specifies that a blank database should be created.

source
4. Click Server to use an existing server or create and configure a new server.
Either select an existing server or click Create a new server and fill out
the New server form with the following information:
T AB L E 2
Setting       Suggested Description 

value
Server Any globally For valid server names, see Naming rules and restrictions.
name unique name
Server Any valid For valid login names, see Database identifiers.
admin name
login
Password Any valid Your password must have at least eight characters and must
password use characters from three of the following categories: upper
case characters, lower case characters, numbers, and non-
alphanumeric characters.
Location Any valid For information about regions, see Azure Regions.
location

5. Click Select.
6. Click Pricing tier to specify the service tier, the number of DTUs or vCores,
and the amount of storage. You may explore the options for the number of
DTUs/vCores and storage that is available to you for each service tier.
After selecting the service tier, the number of DTUs or vCores, and the
amount of storage, click Apply.
7. Enter a Collation for the blank database (for this tutorial, use the default
value). For more information about collations, see Collations
8. Now that you've completed the SQL Database form, click Create to provision
the database. This step may take a few minutes.
9. On the toolbar, click Notifications to monitor the deployment process.

2.18.4 Create a server-level IP firewall rule
Azure SQL Database creates an IP firewall at the server-level. This firewall prevents
external applications and tools from connecting to the server and any databases on the
server unless a firewall rule allows their IP through the firewall. To enable external
connectivity to your database, you must first add an IP firewall rule for your IP address
(or IP address range). Follow these steps to create a server-level IP firewall rule.
Important
Azure SQL Database communicates over port 1433. If you are trying to connect to this
service from within a corporate network, outbound traffic over port 1433 may not be
allowed by your network's firewall. If so, you cannot connect to your database unless your
administrator opens port 1433.
1. After the deployment completes, select SQL databases from the Azure portal
menu or search for and select SQL databases from any page.
2. Select yourDatabase on the SQL databases page. The overview page for
your database opens, showing you the fully qualified Server name (such
as contosodatabaseserver01.database.windows.net) and provides options for further
configuration.

3. Copy this fully qualified server name for use to connect to your server and
databases from SQL Server Management Studio.
4. Click Set server firewall on the toolbar. The Firewall settings page for the
server opens.
5. Click Add client IP on the toolbar to add your current IP address to a new IP
firewall rule. An IP firewall rule can open port 1433 for a single IP address or
a range of IP addresses.
6. Click Save. A server-level IP firewall rule is created for your current IP address
opening port 1433 on the server.
7. Click OK and then close the Firewall settings page.
Your IP address can now pass through the IP firewall. You can now connect to your
database using SQL Server Management Studio or another tool of your choice. Be sure
to use the server admin account you created previously.
Important
By default, access through the SQL Database IP firewall is enabled for all Azure services.
Click OFF on this page to disable for all Azure services.

2.18.5 Connect to the database
Use SQL Server Management Studio to establish a connection to your database.
1. Open SQL Server Management Studio.

2. In the Connect to Server dialog box, enter the following information:
T AB L E 3
Setting       Suggested value Description 
Server type Database engine This value is required.
Server name The fully qualified For example, yourserver.database.windows.net.

server name
Authentication SQL Server SQL Authentication is the only authentication type

Authentication that we've configured in this tutorial.
Login The server admin The account that you specified when you created
account the server.
Password The password for The password that you specified when you created
your server admin the server.
account
3. Click Options in the Connect to server dialog box. In the Connect to

database section, enter yourDatabase to connect to this database.

4. Click Connect. The Object Explorer window opens in SSMS.
5. In Object Explorer, expand Databases and then expand yourDatabase to
view the objects in the sample database.

2.18.6 Create tables in your database
Create a database schema with four tables that model a student management system for
universities using Transact-SQL:
 Person
 Course
 Student
 Credit
The following diagram shows how these tables are related to each other. Some of these
tables reference columns in other tables. For example, the Student table references
the PersonId column of the Person table. Study the diagram to understand how the tables
in this tutorial are related to one another. For an in-depth look at how to create effective
database tables, see Create effective database tables. For information about choosing
data types, see Data types.

Note
You can also use the table designer in SQL Server Management Studio to create and
design your tables.
1. In Object Explorer, right-click yourDatabase and select New Query. A blank

query window opens that is connected to your database.
2. In the query window, execute the following query to create four tables in your
database:
SQLCopy
-- Create Person table
CREATE TABLE Person
(
PersonId INT IDENTITY PRIMARY KEY,
FirstName NVARCHAR(128) NOT NULL,
MiddelInitial NVARCHAR(10),
LastName NVARCHAR(128) NOT NULL,
DateOfBirth DATE NOT NULL
)
-- Create Student table

CREATE TABLE Student
(
StudentId INT IDENTITY PRIMARY KEY,

PersonId INT REFERENCES Person (PersonId),
Email NVARCHAR(256)
)
-- Create Course table

CREATE TABLE Course
(
CourseId INT IDENTITY PRIMARY KEY,
Name NVARCHAR(50) NOT NULL,
Teacher NVARCHAR(256) NOT NULL
)
-- Create Credit table

CREATE TABLE Credit
(
StudentId INT REFERENCES Student (StudentId),
CourseId INT REFERENCES Course (CourseId),
Grade DECIMAL(5,2) CHECK (Grade <= 100.00),
Attempt TINYINT,
CONSTRAINT [UQ_studentgrades] UNIQUE CLUSTERED
(
StudentId, CourseId, Grade, Attempt
)
)
3. Expand the Tables node under yourDatabase in the Object Explorer to see
the tables you created.

2.18.7 Load data into the tables
1. Create a folder called sampleData in your Downloads folder to store sample

data for your database.
2. Right-click the following links and save them into the sampleData folder.
o SampleCourseData
o SamplePersonData
o SampleStudentData
o SampleCreditData
3. Open a command prompt window and navigate to the sampleData folder.
4. Execute the following commands to insert sample data into the tables
replacing the values for server, database, user, and password with the
values for your environment.
cmdCopy

bcp Course in SampleCourseData -S <server>.database.windows.net -d <database> -U
<user> -P <password> -q -c -t ","
bcp Person in SamplePersonData -S <server>.database.windows.net -d <database> -U
bcp Student in SampleStudentData -S <server>.database.windows.net -d <database> -U
bcp Credit in SampleCreditData -S <server>.database.windows.net -d <database> -U
You have now loaded sample data into the tables you created earlier.
2.18.7 Query data
Execute the following queries to retrieve information from the database tables. See Write
SQL queries to learn more about writing SQL queries. The first query joins all four tables
to find the students taught by 'Dominick Pope' who have a grade higher than 75%. The
second query joins all four tables and finds the courses in which 'Noe Coleman' has ever
enrolled.
1. In a SQL Server Management Studio query window, execute the following

query:
SQLCopy
-- Find the students taught by Dominick Pope who have a grade higher than 75%
SELECT person.FirstName, person.LastName, course.Name, credit.Grade
FROM Person AS person
INNER JOIN Student AS student ON person.PersonId = student.PersonId
INNER JOIN Credit AS credit ON student.StudentId = credit.StudentId
INNER JOIN Course AS course ON credit.CourseId = course.courseId
WHERE course.Teacher = 'Dominick Pope'
AND Grade > 75
2. In a query window, execute the following query:
SQLCopy
-- Find all the courses in which Noe Coleman has ever enrolled
SELECT course.Name, course.Teacher, credit.Grade
FROM Course AS course
INNER JOIN Credit AS credit ON credit.CourseId = course.CourseId
INNER JOIN Student AS student ON student.StudentId = credit.StudentId
INNER JOIN Person AS person ON person.PersonId = student.PersonId
WHERE person.FirstName = 'Noe'
AND person.LastName = 'Coleman'

2.19 Caching Databases in Cloud
Databases are essential workers in nearly all applications. They form the bedrock of a
data architecture—handling transactions, record-keeping, data manipulation, and other
crucial tasks on which modern apps rely. But for as long as databases have existed,
people have looked for ways to speed them up. With databases so central to data
architecture, even small reductions in throughput or latency performance can cause ripple
effects that make the rest of the application sluggish and create a disappointing user
experience. And there are financial repercussions too—one study found that the
probability of a web site visitor bouncing rose by 90% if the page load time increased from
one second to five seconds. This problem will likely become even more pronounced as
web and mobile traffic increase. The solution isn’t always simple—scaling up databases
can be expensive, and may not solve throughput or latency issues.
Caching Can Improve Application Performance

One way you can improve the performance of your data architecture is by implementing
caching. In common setups like a cache-aside architecture, the most used data is stored
in a fast and easy-to-access cache. When a user requests data, the cache is checked
first before querying a database.
Image: Cache aside Architecture

Reference: https://techcommunity.microsoft.com/t5/image/serverpage/image-id/240324iA1E4667B148C8AA1/image-
size/medium?v=v2&px=400
Combined with a relational database, a cache can store the most common database
queries and return these queries much faster than the database when the application
requests them. Not only can this result in significant reductions in latency, but it also
reduces the load on the database, lowering the need to overprovision. Additionally,
caches are typically better than databases at handling a high throughput of requests—
enabling the application to handle more simultaneous users.

Caches are typically most beneficial for read-heavy workloads where the same data is
being accessed again and again. Caching pricing, inventory, session state, or financial
data are some examples of common use-cases. It’s important to note that caching won’t
speed up operations internal to a database (like joins). Instead, caching lessens the need
for those operations to occur by returning the results of a query before it reaches the
database.
Redis Cache
Redis is one of the most popular caching solutions in the market. It is a key-value
datastore that runs in-memory, rather than on disk like most databases. Running in-
memory makes it lightning-fast, and a terrific complement to more deliberate and
consistent primary databases like Azure SQL Database or PostgreSQL. Redis is available
as a fully-managed service on Azure through Azure Cache for Redis, offering automatic
patching and updates, high-availability deployment options, and the latest Redis features.
Azure Cache for Redis can neatly plug into your Azure data infrastructure as a cache,
allowing you to boost data performance.

2.20 Adding Mem-Cache to DB Instance
Activity: This practical activity teaches about creating a mem-cache in azure cloud and
attach it to database server for faster interaction and response or latency reduction in
applications.
1) After login, within Dashboard click on Product -> Databases -> Azure Cache for
Redis
2) Click on “Start Free”.

3) Again, click on “Start Free”
4) Click on “Create Resource”.
5) Click on “databases” -> “Azure Cache for Redis”

6) Click on “Create new” under “Resource group” and write down a name, then click
on “Ok”

7) Within the same page write down a DNS Name, then click on “Review + Create”.
8) Click on “Create”.

9) Wait for few minutes for completing the Deployment Process

10) After, completing Deployment. Go to the upper left corner and click on the option
of three lines, then it appear a menu from it, click on “All resource”.
11) Click on the resource which we have recently created.

12) Here we got the final screen of the resource details.

2.21 Security Threats and Types
Network security is continually becoming an area of tremendous focus for companies of
all sizes. Whether you’re a corporation or a small-to-medium sized business (SMB),
you’re a target for a variety of network attacks that can stop your business in its tracks.
There are a plethora of network security threats that businesses should be aware of to
ensure the continuous protection of their systems, software, and data. Let’s review what
we believe to be the top 10 network security threats and solutions that you can use to
protect your network from being compromised by these malicious attacks.
1. Malware/Ransomware
Businesses currently fall victim to ransomware attacks every 14 seconds. These

ransomware attacks are growing more than 350% annually with IoT attacks increasing by
217.5% year over year (YoY) from 2017 to 2018.
This massive increase in ransomware was triggered by the creation of cryptocurrencies

such as Bitcoin, which allow hackers to demand ransoms anonymously. These
sophisticated attacks start by infecting secure database systems, encrypting data, and
threatening deletion or corruption of files unless a hefty ransom is paid. Being proactive
with a ransomware recovery strategy and keeping data backups off of your network will
ensure you don’t encounter loss of data, business interruption, and added costs
pertaining to having to pay the ransom.
2. Botnets
Although not technically malware, botnets are currently considered one of the biggest
threats on the internet today. These powerful networks of compromised machines can be
remotely controlled and used to launch massive attacks.
Each botnet triggers a plethora of “Zombie” computers that are used to carry out
meticulous Distributed Denial of Service (DDoS) attacks (we’ll get to these later). These
attacks are used to overwhelm the victim and make them give in to paying the ransom
and gain back control of their system.
3. Computer Viruses and Worms
Statistics show that approximately 33% of household computers are affected by some
type of malware, more than half of which are viruses. Viruses are attached to a system
or host file and can lay dormant until inadvertently activated by a timer or event. Worms,
on the other hand, infect documents, spreadsheets, and other files, sometimes by utilizing
macros.
As soon as a virus or worm enters your system, it will immediately go to work in replicating
itself with the sole goal of infecting as many networked systems and inadequately-
protected computers as possible. Transmission of viruses and worms is often done

by exploiting software vulnerabilities. Once they’ve found their niche in your system, they
spread like wildfire affecting as many system components and users as possible.
4. Phishing Attacks
Phishing attacks are a form of social engineering that is designed to steal sensitive data
such as passwords, usernames, credit card numbers. These attacks impersonate
reputable websites, banking institutions, and personal contacts that come in the form of
instant messages or phishing emails designed to appear legitimate. Once you hit reply or
click the embedded URL in these messages, you will be prompted to use your credentials
or enter your financial details which then sends your information to the malicious source.
5. DDoS (Distributed Denial of Service)
Overwhelming hosted servers and causing them to become completely inoperable is the
task of a cyber-attack known as a Distributed Denial of Service (DDoS) attack. According
to statistics, 33% of businesses fall victim to DDoS attacks. DDoS attacks can be
disastrous for companies that make their money operating online (social media, e-
commerce sites, etc.), potentially causing millions of dollars in lost revenue every day the
website is down.
It’s likely that not all of the potentially thousands of computers being used for a DDoS
attack actually belong to the attacker. Instead, we can assume that most of the
compromised computers are added to the attacker’s network by malware and distributed
across the globe via a botnet.
6. Cryptojacking
Even before Bitcoin skyrocketed in 2017, cryptojacking has been the tool of choice for
hackers looking to steal cryptocurrency from unsuspecting victims for their financial
gain. These attacks are similar to worms and viruses, except that instead of corrupting
sensitive data and information, the end goal of cryptojacking is to steal CPU resources.
With cryptojacking exploits, hackers trick their victims into loading mining codes onto their
computers and then use those fraudulent codes to access the target’s CPU processing
resources to mine for cryptocurrency.
7. APT (Advanced Persistent Threats) Threats
Advanced Persistent Threats (APTs for short) are cyber-attacks that call for an
unauthorized attacker to code their way into an unsuspecting system network, remaining
there undetected for quite some time. Instead of revealing its position, the APT siphons
financial information and other critical security information away from the victim’s network.
APTs architects are skilled at using a variety of techniques to gain network access; using
malware, exploit kits, and other sophisticated means to do so. Once the attacker has
made it past the network firewall, they sit idle until they discover the login credentials that

they came for. After obtaining these credentials, the APT dives deeper in the network to
infect other parts of the system, compromising as many forms of data as possible.
8. Trojan Horse
A Trojan horse, or “Trojan,” is a program that appears to be legitimate, but is actually

infected with a myriad of viruses. Once a Trojan horse has network access, it can be used
to log keystrokes for the purpose of stealing highly sensitive personal information.
Trojan horse attacks often spread via email in a similar manner as a phishing attack would
exploit a network. When users click on an email (which is supposedly sent from someone
that is trustworthy), they would find an attachment which automatically downloads
malware onto the victim’s computer. Once the trojan has access to your computer, it can
even hijack your webcam and tap into your most sensitive data and information as a
means to exploit you with every step you take.
9. Rootkits
Rootkits are a collection of tools that are placed on a network by an attacker that has
exploited a system security vulnerability. The attacker uses the rootkit to enable remote
access to the victim’s system and gain administration-level access over their network.
Following the remote access connection, rootkits set out to perform malicious attacks that
include (but are not limited to) key-logging, password stealing, antivirus disabling, and
much more.
10. SQL Injection Attack
SQL injection attacks use malicious code to exploit security vulnerabilities and obtain or
destroy private data. These data-driven attacks are quickly becoming one of the most
dangerous privacy issues for data confidentiality in the world as many e-commerce
platforms still operate on SQL queries for inventory and order processing. All in all, one
well-placed SQL injection could cost a company millions (or even billions if you’re a
company as large as the likes of Apple or Amazon).

2.22 Security Protocols
There are various categories of protocols like routing protocols, mail transferring
protocols, remote communication protocols, and many more. Network security protocols
are one such category that makes sure that the security and integrity of the data are
preserved over a network. Various methodologies, techniques, and processes are
involved in these protocols to secure the network data from any illegitimate attempt in
reviewing or extracting the actual content of data.
Some Network Security Protocols
Here are the lists of some popular network security protocols that you must know to
implement them as and when required:
1. IPSec protocol is classified by the IETF IPSec Work Group, which offers
authentication of data, integrity, as well as privacy between 2 entities. Manual or
dynamic association of management in cryptographic keys is done with the help
of an IETF-specific key managing protocol named Internet Key Exchange (IKE).
2. SSL, i.e., Secure Sockets Layer is a standard security mechanism used for
preserving a secure internet connection by safeguarding different sensitive data
which is being sent and receives between 2 systems; which also helps in averting
cybercriminals from reading as well as modifying personal data, packets or details
in the network.
3. Secure Shell (SSH) was invented in the year 1995, which is a cryptographic
network security protocol used for securing data communication over a network. It
permits the command-line to login remotely as well as the execution of specific
tasks remotely. Various functionalities of FTP are incorporated in SSH. SSH-1 and
SSH-2 are the latest of its kind.
4. HyperText Transfer Protocol Secure (HTTPS) is a secured protocol used to secure
data communication among two or more systems. It set up an encrypted link with
the help of Secure Socket Layer (SSL), now known as Transport Layer Security
(TLS). Since data transferred using HTTPS is in the encrypted format, so, it stops
cybercriminals from interpretation as well as alteration of data throughout the
transfer from browser to the webserver. Even when the cybercriminals capture the
data packets, they will not be able to read them because of the strong encryption
associated with the data packets.
5. Kerberos is another network validation protocol that was intended for providing a
strong authentication between client-server applications with the help of secret-
key cryptography. According to the Kerberos network validation protocol, all of its
services and workplaces correspond to an insecure network, which makes it more
secure and responsible.

2.23 Security Devices
Active Devices
These security devices block the surplus traffic. Firewalls, antivirus scanning devices,
and content filtering devices are the examples of such devices.
Passive Devices
These devices identify and report on unwanted traffic, for example, intrusion detection
appliances.
Preventative Devices
These devices scan the networks and identify potential security problems. For example,
penetration testing devices and vulnerability assessment appliances.
Unified Threat Management (UTM)
These devices serve as all-in-one security devices. Examples include firewalls, content
filtering, web caching, etc.
Firewalls
A firewall is a network security system that manages and regulates the network traffic
based on some protocols. A firewall establishes a barrier between a trusted internal
network and the internet.
Firewalls exist both as software that run on a hardware and as hardware appliances.
Firewalls that are hardware-based also provide other functions like acting as a DHCP
server for that network.
Most personal computers use software-based firewalls to secure data from threats from
the internet. Many routers that pass data between networks contain firewall components
and conversely, many firewalls can perform basic routing functions.
Firewalls are commonly used in private networks or intranets to prevent unauthorized
access from the internet. Every message entering or leaving the intranet goes through
the firewall to be examined for security measures.
An ideal firewall configuration consists of both hardware and software based devices. A
firewall also helps in providing remote access to a private network through secure
authentication certificates and logins.
Hardware and Software Firewalls
Hardware firewalls are standalone products. These are also found in broadband routers.
Most hardware firewalls provide a minimum of four network ports to connect other
computers. For larger networks − e.g., for business purpose − business networking
firewall solutions are available.
Software firewalls are installed on your computers. A software firewall protects your
computer from internet threats.

Antivirus
An antivirus is a tool that is used to detect and remove malicious software. It was
originally designed to detect and remove viruses from computers.
Modern antivirus software provide protection not only from virus, but also from worms,
Trojan-horses, adwares, spywares, keyloggers, etc. Some products also provide
protection from malicious URLs, spam, phishing attacks, botnets, DDoS attacks, etc.
Content Filtering
Content filtering devices screen unpleasant and offensive emails or webpages. These
are used as a part of firewalls in corporations as well as in personal computers. These
devices generate the message "Access Denied" when someone tries to access any
unauthorized web page or email.
Content is usually screened for pornographic content and also for violence- or hate-
oriented content. Organizations also exclude shopping and job related contents.
Content filtering can be divided into the following categories −
 Web filtering
 Screening of Web sites or pages
 E-mail filtering
 Screening of e-mail for spam
 Other objectionable content
Intrusion Detection Systems
Intrusion Detection Systems, also known as Intrusion Detection and Prevention
Systems, are the appliances that monitor malicious activities in a network, log
information about such activities, take steps to stop them, and finally report them.
Intrusion detection systems help in sending an alarm against any malicious activity in
the network, drop the packets, and reset the connection to save the IP address from any
blockage. Intrusion detection systems can also perform the following actions −
 Correct Cyclic Redundancy Check (CRC) errors

 Prevent TCP sequencing issues
 Clean up unwanted transport and network layer options

2.24 Understanding Cloud Security
Cloud security, also known as cloud computing security, consists of a set of policies,
controls, procedures and technologies that work together to protect cloud-based systems,
data, and infrastructure. These security measures are configured to protect cloud data,
support regulatory compliance and protect customers' privacy as well as setting
authentication rules for individual users and devices. From authenticating access to
filtering traffic, cloud security can be configured to the exact needs of the business. And
because these rules can be configured and managed in one place, administration
overheads are reduced and IT teams empowered to focus on other areas of the business.
The way cloud security is delivered will depend on the individual cloud provider or the
cloud security solutions in place. However, implementation of cloud security processes
should be a joint responsibility between the business owner and solution provider.
2.25 Cloud Security Considerations

Know your cloud provider’s security foothold
The first step in securing your cloud is knowing how your cloud provider secures its
solutions. Public cloud providers like Amazon Web Services (AWS), Microsoft Azure, and
Google Cloud offer proprietary security solutions to help keep cloud deployments in
check. Some providers also partner with third-party companies to independent audit cloud
security or boost the vendor’s own security solutions. If your cloud vendor delivers native
security solutions for the cloud, ensure that you’ve activated them so your provider can
secure your cloud to the best of its ability.
Understand your cloud security weaknesses
Many cloud security tips are a good fit for any organization, but the specific security
problems you need to address will depend on your cloud solutions and the security
problems you’re trying to solve. Perhaps your enterprise is worried about hackers gaining
access to your cloud infrastructure or that sensitive data could be leaked. Your company
may have already suffered a security breach in the past, and you’re looking for a way to
fix the problem. Examine your cloud infrastructure for potential security blind spots and
understand where your cloud security could be boosted.
Implement access control regulations
You don’t want just any user or device to access your cloud environment; only authorized
users should be able to enter your cloud infrastructure. Your company needs to
implement access control regulations to keep unauthorized users out. Many cloud
vendors will provide native access control tools that only allow access to sanctioned
users. This includes identity management, authorization, and authentication protocols.
Ensure your cloud data is encrypted

The bottom line of cloud security is keeping your data protected while inside the cloud —
an environment you don’t maintain full control over. Encrypting your data that’s currently
sitting in your cloud deployment helps protect it from being accessed by unauthorized
users. You should also encrypt data that’s being uploaded to or downloaded from the
cloud to ensure your data is protected at every instance.
Train your enterprise on cloud security
It’s important to keep your company up to speed on maintaining cloud security. Security
threats can come from anywhere, and if they aren’t properly trained on your cloud
environment, they can be a major internal risk. Your company needs to train its employees
on how to use and navigate its cloud deployment; it should also give special training to
your IT team on the security protocols your enterprise uses to control access and protect
data.

2.26 Explore and Create Security Services
Activity: This practical activity focuses on creating security services and managing and
monitor account security for resources and other activities.
1) In the Home page, write down “Security” in Search box, then from Suggestion click
on “Security”.
2) Within “Security Service” page, click on “Identify Security Score”, then go to the
“Improvement Actions”.

3) Click on any action, then a panel opens, from this panel we can change the
configuration.

2.27 Security Services- IAM
Identity and Access Management (IAM), also called identity management, refers to the IT
security discipline, framework, and solutions for managing digital identities. Identity
management encompasses the provisioning and de-provisioning of identities, securing
and authentication of identities, and the authorization to access resources and/or perform
certain actions. While a person (user) has only one singular digital identity, they may have
many different accounts representing them. Each account can have different access
controls, both per resource and per context.
The overarching goal for IAM is to ensure that any given identity has access to the right
resources (applications, databases, networks, etc.) and within the correct context
Identity and Access Management Explained
Identity management is a foundational security component to help ensure users have the
access they need, and that systems, data, and applications are inaccessible to
unauthorized users.
Identity and access management organizational policies define:
 How users are identified and the roles they are then assigned
 The systems, information, and other areas protected by IAM
 The correct levels of protection and access for sensitive data, systems,
information, and locations
 Adding, removing, and amending individuals in the IAM system
 Adding, removing, and amending a role’s access rights in the IAM system
Technology to Support Identity and Access Management
IAM is typically implemented through centralized technology that either replaces or deeply
integrates with existing access and sign on systems. It uses a central directory of users,
roles, and predefined permission levels to grant access rights to individuals based on
their user role and need to access certain systems, applications, and data.
Role-Based Access
Most IAM technology applies “role-based access control (RBAC) — using predefined job
roles to control access to individual systems and information. As users join or change
roles in the enterprise, their job role is updated, which should impact their access rights.
IAM Tools
An identity management system typically involves the following areas:
 Employee data—such as through an HR system, directories (i.e. Active Directory),

and more—used to define and identify individual users
 Tools to add, modify, and delete users

 Password management tools and workflows
 Integration with or replacement of the existing login system(s)
 Enforcement of user access rights to certain systems and information
 Auditing and reporting for visibility into how systems and information are being
used
IAM Administration
IAM systems should:
 Record, capture, and authenticate user login information (usernames, passwords,

certificates, etc.)
 Manage the employee database of users and job roles
 Allow for addition, deletion, and change of individual users and broader job roles
 Provide a history of login and systems access for audit purposes
 Allow for properly-segmented definitions and access controls for every part of the
business’s systems and data
 Track user activities across all systems and data
 Report on user activities
 Enforce systems access policies
Three Typical Systems Used for Identity and Access Management
There are many technologies to simplify password management and other aspects of
IAM. A few common types of solutions that are used as part of an IAM program include:
Single Sign On (SSO)

An access and login system that allows users to authenticate themselves once and then
grants them access to all the software, systems, and data they need without having to log
into each of those areas individually.
Multi-Factor Authentication
This system uses a combination of something the user knows (e.g. a password),
something the user has (e.g. a security token), and something the user is (e.g. a
fingerprint) to authenticate individuals and grant them access.
Privileged Access Management
This system typically integrates with the employee database and pre-defined job roles to
establish and provide the access employees need to perform their roles.
IAM technology can be provided on-premises, through a cloud-based model (i.e. identity-
as-a-service, or IDaaS), or via a hybrid cloud setup. Practical applications of IAM, and
how it is implemented, differ from organization to organization, and will also be shaped
by applicable regulatory and compliance initiatives.

How IAM Can Control Interactions with Data and Systems
Sophisticated IAM technology can move beyond simply allowing or blocking access to
data and systems. For example IAM can:
 Restrict access to subsets of data: Specific roles can access only certain parts
of systems, databases, and information.
 Only allow view access: Roles can only view data, they cannot add, update, or
amend it.
 Only permit access on certain platforms: Users may have access to operational
systems, but not development or testing platforms.
 Only allow access to create, amend, or delete data, not to transmit it: Some
roles may not be able to send or receive data outside the system, meaning it
cannot be exposed to other third parties and applications.
Ultimately, there are many ways to implement IAM policies to define and enforce exactly
how individual roles can access systems and data, based on a company’s specific needs.

2.28 Creating User Accounts & Managing Privileges
Activity: This activity focuses on creating IAM roles, user accounts and adding priviliges
to roles and users.
1) Go to home, and write down in search box “User” and from suggestion, click on
“Users”.
2) Click on “New User”.

3) Select the option “Create User”.
4) Fill up the form within the same page as follows and click on “Create”.
5) Now, our New user Account created.

6) Click on that user, it goes to the another page, from where click on “Assigned role”
-> “Add Assignments”.
7) A panel comes in, from where we need to checked the proper privileges, then click
on “Add”.

8) After adding the privilege, it looks like as follows:

2.29 Microsoft Azure Cognitive Services
Modern society is getting the most of cognitive computing — it increases process

efficiency, enables accurate data analytics and enhances customer interactions, along
with a host of other benefits. However, taking advantage of those benefits is impossible
without the use of full-fledged cognitive services. Microsoft Azure Cognitive Services,
hosted on the Microsoft Azure cloud, is a great choice.
Image: Cognitive Services

Reference: https://www.sam-solutions.com/blog/wp-content/uploads/2018/04/Azure-Cognitive-Services-products.png
2.29.1 Vision
Microsoft’s Vision APIs analyze visual content (images, video and digital ink) and identify
objects within it. The APIs therefore enable apps to authenticate and group faces
according to specific characteristics, or to detect specified objects and details.
Vision APIs include:
 Computer Vision. The service helps analyze and enhance the discoverability of
visual content: it extracts and recognizes text, tags and categorizes images,
generates descriptions, and recognizes human faces and other objects.

 Custom Vision. The service customizes computer vision models to specific
business requirements.
 This API helps detect human faces in an image with attribute features such as age,
gender, pose, smile and facial hair, and emotions.
 Form Recognizer. This API helps detect and extract required forms of content.
 Video Indexer. This API tracks and identifies visual content in videos, extracts
audio transcriptions, detects scenes, interprets text, analyzes sentiment, searches
images and events in a video, and then indexes this information.
2.29.2 Speech
Speech APIs help embed speech processing in apps: they convert speech to text and
vice versa, translate text to other languages, and identify speakers. The technology can
be applied in hands-free tools used to dictate text or to read instructions out loud, for
instance.
Speech APIs include the following:
 Speech to Text and Text to Speech, which helps apps transcribe audio to text
and vice versa, with support for 85+ languages
 Speech Translation, which enables the transcription and translation of
conversations in real time
 Speaker Recognition, which identifies the speaker based on audio content, with
the ability to be used as a means of access control and authentication
Language
Language APIs analyze text to extract meaning from it. They include the following:
 Immersive Reader, which helps readers pick out the meaning of the text,
regardless of their abilities
 Language Understanding, which teaches apps, smart devices and bots to
understand natural language
 QnA Maker, which helps enrich apps with question-and-answer capabilities
 Text Analytics, which analyzes text to detect sentiment and key phrases
 Translator, which conducts real-time machine translation with multiple-language
support (more than 60 languages)

2.29.3 Decision
Decision APIs analyze data, and discover relationships and patterns to perform quicker,
smarter and more efficient decision-making. These include the following:
 Anomaly Detector, which identifies issues in a proactive manner

 Content Moderator, which monitors content for offensive or unwanted materials
 Metrics Advisor, which controls metrics and identifies problems
 Personalizer, which helps create valuable, rich, user-specific content and
recommendations and is vital for the creation of advanced user experiences
2.29.4 Web Search
Search APIs enhance searching on the Internet. These include the following:
 Bing Autosuggest, which provides type-ahead options for searches

 Bing Custom Search, which creates tailored search experiences
 Bing Entity Search, which recognizes and classifies entities and places and then
searches for the required result
 Bing Image Search, which is responsible for image searching
 Bing News Search, which searches for news on the web according to the query
 Bing Spell Check, which finds and corrects spelling errors
 Bing Video Search, which is responsible for video searching
 Bing Visual Search, which is responsible for image-based searching
 Bing Web Search, which provides location-based, ad-free search results based on
processing of all types of web results

2.30 Creating Chabot Service
Activity: This activity focuses on creating a Chatbot service instance and create
Chatbot for any specific scenario and requirement. The Chatbot created can be deployed
to any supported environment later.
1) Go to Home page, then write down in Search box “Cognitive”, then a suggestion
menu appears, from where we need to click on “Cognitive Services”
2) Then click on “Create cognitive services”

3) Click on “Web App Bot”
4) Then click on “Create”

5) Write down “Bot Handle” name and create a new resource with a name and then
click on “OK”.
6) For create a new “App Service Plan”, click on “Configure required settings”

7) It redirected to another page, click on “Create New”
8) Write down a “App service plan name” and select location “India
(Central/South/West)”.

9) Then click on “OK”.

10) It redirected to the previous page from where click on “Create”.

11) Then wait for validating.

12) After validating completion, it shows a message “Validation Successful”

13) Then go to “All resources”.

14) Click on our “Web App Bot” resource.

15) It shows up its detailing setting, from where we can download the source code of
this Chatbot.

2.31 AI Face Service
The Azure Face service provides AI algorithms that detect, recognize, and analyze
human faces in images. Facial recognition software is important in many different
scenarios, such as security, natural user interface, image content analysis and
management, mobile apps, and robotics.
2.31.1 Face detection
The Detect API detects human faces in an image and returns the rectangle coordinates
of their locations. Optionally, face detection can extract a series of face-related attributes,
such as head pose, gender, age, emotion, facial hair, and glasses. These attributes are
general predictions, not actual classifications.
Image: Face Detection

Reference: https://docs.microsoft.com/en-us/azure/cognitive-services/face/images/face.detection.jpg
2.31.2 Face verification
The Verify API builds on Detection and addresses the question, "Are these two images
the same person?". Verification is also called "one-to-one" matching because the probe
image is compared to only one enrolled template. Verification can be used in identity
verification or access control scenarios to verify a picture matches a previously captured
image (such as from a photo from a government issued ID card). For more information,
see the Facial recognition concepts guide or the Verify API reference documentation.

2.31.3 Face identification
The Identify API also starts with Detection and answers the question, "Can this detected
face be matched to any enrolled face in a database?" Because it's like face recognition
search, is also called "one-to-many" matching. Candidate matches are returned based
on how closely the probe template with the detected face matches each of the enrolled
templates.
The following image shows an example of a database named "myfriends". Each group
can contain up to 1 million different person objects. Each person object can have up to
248 faces registered.
Image: Face Identification

Reference: https://docs.microsoft.com/en-us/azure/cognitive-services/face/images/person.group.clare.jpg

2.32 Creating AI Face Instance
1) In Home Page click on “Create a resource”.
2) Click on “AI + Machine Leaning” -> “Face”
3) Click on “Create new” and write a Name, then click on “OK” to create a Resource
Group.

4) Within the same page Select Region as “Central India” and write a Name, then
select “Price Tier” as “Free”, click on “Review + Create”.

5) Click on “Create”
6) Wait for few minutes for completing the Deployment.
7) After Deployment completion click on “Go to Resource”.

8) Click on “Overview” -> “Click here to Manage keys”.
9) Click on “Show Keys”.

10) Copy the “Key1”
11) Click on “Quick start” -> “API Console”

12) Click on “Detect”.
13) Scroll down the page and click on “Central India”.

14) Scroll down the page, paste the copied key within “Ocp-Apim-Subscription-key”
textbox.
15) Remove the image url and paste new image link.

16) New image link pasted.
17) Click on “Send” within the same page.

18) It display the output in JSON format.

2.33 AI Ink Service
Azure Ink is the new name that Microsoft is giving to its Ink-specific cognitive services.
When I asked about this, a spokesperson confirmed my suspicions and said "Azure Ink
is the name for all ink cognitive services all-up." Cognitive services are AI programming
interfaces that Microsoft and third-party developers can add to applications to provide
custom search, natural-language input, anomaly detection, speech and other functions.
Microsoft currently offers tester’s access to "Project Ink Analysis" via its Cognitive
Services Labs. Project Ink Analysis "provides cloud APIs to understand digital ink content"
enabling developers to build apps that recognize digital handwriting, common shapes and
the layout of a document.
Project Ink Analysis provides cloud APIs for understanding digital ink content. In addition
to simply recognizing the words written by a user, it also provides information about the
structure of the content, letting you know where the paragraphs, lines, and individual
words are and how they relate to each other.
How it works
The pen is an incredibly powerful and personal tool that allows people to express
themselves in ways no other device can. In recent years, hardware advancements have
brought this into the digital world with new devices that can quickly render beautiful ink,
letting users create content beyond the traditional confines of the typed word. However,
allowing users to create content is only one half of the equation. To truly go beyond the
experience offered by traditional pen and paper, we must be able to understand what the
user has created, which is where Project Ink Analysis comes in.
Project Ink Analysis provides cloud APIs for understanding digital ink content. In addition
to simply recognizing the words written by a user, it also provides information about the
structure of the content, letting you know where the paragraphs, lines, and individual
words are and how they relate to each other. It even understands handwriting written at
an angle! This can enable scenarios such as beautifying the content by normalizing its
alignment and spacing while retaining the content as ink or after converting to text. In
addition, it allows for shape recognition, along with providing information about how to
beautify these shapes (for example turning a user’s not-so-perfect rectangle into a
rectangle with 90-degree angles while maintaining the original size).
Whether you want to convert a user’s ink, recognize its content to enable searching within
it, or beautify the document structure or drawings, Project Ink Analysis provides you the
capabilities you need.

Image: Ink Service
Reference: https://www.microsoft.com/en-us/research/uploads/prod/2018/11/inkanalysis-1024x589.png
Shape Recognition
Use Project Ink Analysis to recognize common shapes.
Image: Ink Service

Handwriting Recognition
Project Ink Analysis recognizes handwriting in 67 languages.

Image: Ink Service
Layout Analysis
Project Ink Analysis provides grouping and content structure information so you can
beautify a user’s writing, in this case by left-aligning the list items.
Image: Ink Service


2.34 Using AI Recogniser to Identifying Face & Emotions
Activity: This activity focuses on creating AI based service instance that can identify
people through face recognition and can also identify emotional state (happy, sad,
nervous, fear) of person via facial expressions analysed in images.
1. Login to Azure cloud and select AI Face Recognizer service. Enter details for creating
service instance.
2. After entering details, including Free instance selection, click on review + create
3. On successful validation click on create.

4. Allow the azure API to create instance of Face Recognizer, then select view
resource.
5. On left tab select keys and Endpoint. Copy key1 for further operations using python
API calls.

2.34.1 Using Python:
Prerequisites:
 Azure subscription - Create one for free
 Python 3.x
 Your Python installation should include pip. You can check if you have pip install
ed by running pip --version on the command line. Get pip by installing the latest v
ersion of Python.
 Once you have your Azure subscription, create a Face resource in the Azure port
al to get your key and endpoint. After it deploys, click Go to resource.
 You will need the key and endpoint from the resource you create to connect your
application to the Face API. You'll paste your key and endpoint into the code belo
w later in the quickstart.
 You can use the free pricing tier (F0) to try the service, and upgrade later to a pai
d tier for production.
9. Install the client library
pip install --upgrade azure-cognitiveservices-vision-face
10. Create a new Python application
import asyncio
import io
import glob
import os
import sys
import time
import uuid
import requests
from urllib.parse import urlparse
from io import BytesIO
# To install this module, run:
# python -m pip install Pillow
from PIL import Image, ImageDraw
from azure.cognitiveservices.vision.face import FaceClient
from msrest.authentication import CognitiveServicesCredentials
from azure.cognitiveservices.vision.face.models import TrainingStatusType, Person
# This key will serve all examples in this document.

KEY = "PASTE_YOUR_FACE_SUBSCRIPTION_KEY_HERE"

# This endpoint will be used in all examples in this quickstart.
ENDPOINT = "PASTE_YOUR_FACE_ENDPOINT_HERE"
11. Authenticate the client
# Create an authenticated FaceClient.
face_client = FaceClient(ENDPOINT, CognitiveServicesCredentials(KEY))
12. Detect faces in an image
# Detect a face in an image that contains a single face
single_face_image_url = 'https://www.biography.com/.image/t_share/MTQ1MzAyNzYzO
TgxNTE0NTEz/john-f-kennedy---mini-biography.jpg'
single_image_name = os.path.basename(single_face_image_url)
# We use detection model 3 to get better performance.
detected_faces = face_client.face.detect_with_url(url=single_face_image_url, detection
_model='detection_03')
if not detected_faces:
raise Exception('No face detected from image {}'.format(single_image_name))
# Display the detected face ID in the first single-face image.

# Face IDs are used for comparison to faces (their IDs) detected in other images.
print('Detected face ID from', single_image_name, ':')
for face in detected_faces: print (face.face_id)
print()
# Save this ID for use in Find Similar

first_image_face_ID = detected_faces[0].face_id
13. Display and frame faces
# Detect a face in an image that contains a single face
single_face_image_url = 'https://raw.githubusercontent.com/Microsoft/Cognitive-Face-W
indows/master/Data/detection1.jpg'
single_image_name = os.path.basename(single_face_image_url)
# We use detection model 3 to get better performance.
detected_faces = face_client.face.detect_with_url(url=single_face_image_url, detection
_model='detection_03')

if not detected_faces:
raise Exception('No face detected from image {}'.format(single_image_name))
# Convert width height to a point in a rectangle

def getRectangle(faceDictionary):
rect = faceDictionary.face_rectangle
left = rect.left
top = rect.top
right = left + rect.width
bottom = top + rect.height
return ((left, top), (right, bottom))
# Download the image from the url

response = requests.get(single_face_image_url)
img = Image.open(BytesIO(response.content))
# For each face returned use the face rectangle and draw a red box.
print('Drawing rectangle around face... see popup for results.')
draw = ImageDraw.Draw(img)
for face in detected_faces:
draw.rectangle(getRectangle(face), outline='red')
# Display the image in the users default image browser.

img.show()
Reference:https://docs.microsoft.com/en-us/azure/cognitive-
services/Face/Quickstarts/client-libraries?pivots=programming-language-
python&tabs=visual-studio

2.35 AI NLP Services
Natural language processing (NLP) is used for tasks such as sentiment analysis, topic
detection, language detection, key phrase extraction, and document categorization.
Image: AI- NLP Services

Reference: https://docs.microsoft.com/en-us/azure/architecture/data-guide/images/nlp-pipeline.png
NLP can be used to classify documents, such as labelling documents as sensitive or

spam. The output of NLP can be used for subsequent processing or search. Another use
for NLP is to summarize text by identifying the entities present in the document. These
entities can also be used to tag documents with keywords, which enables search and
retrieval based on content. Entities might be combined into topics, with summaries that
describe the important topics present in each document. The detected topics may be used
to categorize the documents for navigation, or to enumerate related documents given a
selected topic. Another use for NLP is to score text for sentiment, to assess the positive
or negative tone of a document. These approaches use many techniques from natural
language processing, such as:
 Tokenizer. Splitting the text into words or phrases.
 Stemming and lemmatization. Normalizing words so that different forms map to
the canonical word with the same meaning. For example, "running" and "ran" map
to "run."
 Entity extraction. Identifying subjects in the text.
 Part of speech detection. Identifying text as a verb, noun, participle, verb phrase,
and so on.
 Sentence boundary detection. Detecting complete sentences within paragraphs of
text.
When using NLP to extract information and insight from free-form text, the starting point
is typically the raw documents stored in object storage such as Azure Storage or Azure
Data Lake Store.

2.35.1 What are Azure Cognitive Services?
Azure Cognitive Services are cloud-based services with REST APIs and client library
SDKs available to help you build cognitive intelligence into your applications. You can
add cognitive features to your applications without having artificial intelligence (AI) or data
science skills. Azure Cognitive Services comprise various AI services that enable you to
build cognitive solutions that can see, hear, speak, understand, and even make decisions.
2.35.2 Categories of Cognitive Services

The catalog of cognitive services that provide cognitive understanding are categorized
into five main pillars:
 Vision
 Speech
 Language
 Decision
 Search
2.35.3 What are your options when choosing an NLP service?

In Azure, the following services provide natural language processing (NLP) capabilities:
 Azure HDInsight with Spark and Spark MLlib
 Azure Databricks
 Microsoft Cognitive Services
2.35.4 What is Apache Spark in Azure HDInsight?

Apache Spark is a parallel processing framework that supports in-memory processing to
boost the performance of big-data analytic applications. Apache Spark in Azure HDInsight
is the Microsoft implementation of Apache Spark in the cloud. HDInsight makes it easier
to create and configure a Spark cluster in Azure. Spark clusters in HDInsight are
compatible with Azure Blob storage, Azure Data Lake Storage Gen1, or Azure Data Lake
Storage Gen2. So you can use HDInsight Spark clusters to process your data stored in
Azure. For the components and the versioning information, see Apache Hadoop
components and versions in Azure HDInsight.
Image: Apache Spark and HDInsight

Reference: https://docs.microsoft.com/en-us/azure/hdinsight/spark/media/apache-spark-overview/hdinsight-spark-
overview.png

2.35.5 What is Apache Spark?
Spark provides primitives for in-memory cluster computing. A Spark job can load and
cache data into memory and query it repeatedly. In-memory computing is much faster
than disk-based applications, such as Hadoop, which shares data through Hadoop
distributed file system (HDFS). Spark also integrates into the Scala programming
language to let you manipulate distributed data sets like local collections. There's no need
to structure everything as map and reduce operations.
Image: Apache Spark comparison with traditional MapReduce
Reference: https://docs.microsoft.com/en-us/azure/synapse-analytics/spark/media/apache-spark-overview/map-
reduce-vs-spark.png
Apache Spark clusters in HDInsight include the following components that are available
on the clusters by default.
 Spark Core. Includes Spark Core, Spark SQL, Spark streaming APIs, GraphX, and
MLlib.
 Anaconda
 Apache Livy
 Jupyter Notebook
 Apache Zeppelin notebook
Spark clusters in HDInsight enable the following key scenarios:
 Interactive data analysis and BI
 Spark Machine Learning
 Spark streaming and real-time data analysis
2.35.6 What is Azure Databricks?

Azure Databricks is a data analytics platform optimized for the Microsoft Azure cloud
services platform. Azure Databricks offers two environments for developing data intensive
applications: Azure Databricks SQL Analytics and Azure Databricks Workspace.
Azure Databricks SQL Analytics provides an easy-to-use platform for analysts who want
to run SQL queries on their data lake, create multiple visualization types to explore query
results from different perspectives, and build and share dashboards.

Azure Databricks Workspace provides an interactive workspace that enables
collaboration between data engineers, data scientists, and machine learning engineers.
For a big data pipeline, the data (raw or structured) is ingested into Azure through Azure
Data Factory in batches, or streamed near real-time using Apache Kafka, Event Hub, or
IoT Hub. This data lands in a data lake for long term persisted storage, in Azure Blob
Storage or Azure Data Lake Storage. As part of your analytics workflow, use Azure
Databricks to read data from multiple data sources and turn it into breakthrough insights
using Spark.

2.36 Creating NLP instance and performing basic NLP activity
Activity: This practical activity creates natural language processing instance from Azure
AI cognitive services to perform natural language analysis and processing for speech
recognition, speech generation and conversion.
1.Login into Azure account https://portal.azure.com/
2.Go to Home in Azure portal and Click on Create a Resource
3.Search Text analytics and Select it and Click on Create

4. Click on Create
5. Select Pay-as-You-Go and choose resource group. Give your instance name and
select pricing tier as Free F0.And click on Review+Create

6.Check the validation and click on Create
7. After successful deployment go to the Resource and Click on Overview

8.Click on Keys and End Point
9. Visit python.org/downloads and Download and Install Python Software in you system

10. Install PIP module in python
python -m pip install pip==18.0
add python and pip into the System Environment Variables
11.Check python and pip
Python –version
Pip –version
12. Install the Azure Client Library
pip install --upgrade azure-ai-textanalytics
13. Create a new python application. Add the following code into it.
Copy the Key and Endpoint from the Text Analytics Resource
14. Authenticate the client

15. reate a new function called sentiment_analysis_example() that takes the client as an
argument, then calls the analyze_sentiment() function. The returned response object will
contain the sentiment label and score of the entire input document, as well as a sentiment
analysis for each sentence.
Run the application: python example.py

17.Output

18. Language detection : Create a new function called language_detection_example()
that takes the client as an argument, then calls the detect_language() function. The
returned response object will contain the detected language in primary_language if
successful, and an error if not.
Run the code : python example.py

Output: Language detected

2.37 Azure Analytics Services
Azure Analysis Services is a fully managed platform as a service (PaaS) that provides
enterprise-grade data models in the cloud. Use advanced mashup and modeling features
to combine data from multiple data sources, define metrics, and secure your data in a
single, trusted tabular semantic data model. The data model provides an easier and faster
way for users to perform ad hoc data analysis using tools like Power BI and Excel.
Image: Azure Analytics Structure
2.37.1 Azure Synapse Analytics

Azure Synapse combines enterprise data warehousing with big data analytics. This
analytics service lets organizations query data on their terms, at scale. It offers flexible
options, including serverless on-demand and provisioned resources. Azure Synapse
helps combine warehouses with big data analysis, providing a centralized interface for
data ingestion, preparation and management.
2.37.2 Azure Databricks

This is an analytics platform, based on Apache Spark and built for seamless use in
Azure’s platform. Databricks provides an interactive workspace, streamlined workflows,
and a one-click setup. The latter is especially useful to promote collaboration between
data roles, including scientists and engineers, as well as business analysts.
2.37.3 Azure HDInsight

The Hadoop enables performance of complex, distributed analysis jobs on any volume of
data. HDInsight simplifies the process of creating big data clusters in Hadoop, letting you
quickly create and scale clusters based on individual needs.
HDInsight provides all Hadoop tools, including Apache Kafka, Apache Spark, Hive,
Storm, and HBase. Additionally, the service provides enterprise-scale infrastructure for
monitoring, compliance, security, and high availability.
2.37.4 Azure Data Factory

This service was designed for Extract Transform Load (ETL) operations handling
structured data that require processing on massive scales. The ETL process is applied
on data from structured databases. Data is first collected, then cleaned, and then
converted into a format suitable for analysis.

Data Factory provides a codeless process for building both ETL and Extract Load
Transform (ELT). There is no need for code or configuration. Data Factory comes with
built-in connectors for more than 90 data sources.
2.37.5 Azure Machine Learning

Azure Machine Learning, commonly referred to as Azure ML, is a library providing pre-
packaged and pre-trained machine learning algorithms. In addition to algorithms, Azure
ML provides a UI for building machine learning pipelines including training, evaluation,
and testing.
Azure ML also provides capabilities for interpretable AI, including visualization and data
for a wide range of purposes. These features can help you better understand model
behavior, implement fairness metrics, and compare algorithms to discover which variant
is best for your purposes.
2.37.6 Azure Stream Analytics

This service includes real-time analytics and a complex event-processing engine. You
can use Azure Stream Analytics to identify patterns and relationships in information
extracted from various sources including sensors, devices, clickstreams, applications,
and social media feeds. You can then use the patterns to trigger actions like building
alerts, storing data for future use, and sending data to reporting tools.
2.37.7 Azure Data Lake Analytics

You can use Azure Data Lake Analytics to build data transformation software using a
wide range of languages, such as Python, R, NET, and U-SQL. Data Lake Analytics is
great for processing data in the petabytes. However, the service does not pool data in a
data lake when processing, as occurs in Azure Synapse Analytics. Instead, Data Lake
Analytics connects to Azure-based data sources, like Azure Data Lake Storage, and then
performs real-time analytics based on specs provided by your code.
2.37.8 Azure Analysis Services

This is a fully-managed platform as a service (PaaS) offering for data modeling, used for
enterprise-grade cloud-based data models. Azure Analysis Services offers features for
advanced modeling and mashup, which enable you to combine data from various
sources, set up metrics, and secure all your data in one tabular semantic data model.
This lets you perform ad hoc data analysis more easily and quickly with various tools,
including Excel Power BI.
2.37.9 Azure Data Explorer

This service enables fast and scalable data exploration of log and telemetry. You can use
this service to handle the massive amounts of data streams generated by various
systems, including features for collecting, storing, and analyzing data. A major advantage
of Azure Data Explorer is that it lets you do complex ad-hoc data queries in seconds.
2.38.10 Azure Data Share

Azure Data Share enables simple and secure data sharing with multiple collaborators,
including external users like customers and third-party partners. The service can help you

provision new data sharing accounts in a few clicks, as well as add datasets and invite
users to use the account. A major advantage of Azure Data Share is that it helps to easily
combine data from third party sources.
2.37.11 Azure Time Series Insights

Azure Time Series Insights Gen2 provides end-to-end Internet of Things (IoT) analytics
capabilities that can be scaled according to changing needs and demands. The platform
provides a user-friendly interface and APIs for integration with existing tooling.
2.37.12 Benefits of Analytics Services:

Microsoft Azure has introduced and given access to its customers to Microsoft SQL
Server Analysis Services which allows every business user to check business data. For
the modern data driven organizations, it’s mandatory to provide access to business data
to every stakeholder instead of limiting it to the IT professionals only. SQL Server Analysis
Services make it possible to make information available on fingerprints and guide the
users in day-to-day decisions.
Businessmen who lack expertise in evaluating data by importing it and giving it the right
shape before exploring its insights can create semantic models over the raw data with the
help of Azure Analysis Services. The highly optimized in-memory engine works quickly
and elicits the required data in exceptionally higher speed.
The two major functions of Azure Analysis Services server are mentioned below.
Provide Semantic Models: Azure Analysis services server is like a lens which lets your
business users get their desired data without facing any inconvenience. They even don’t
need to change the structure of the database as it presents data in a simple and easy to
elicit way.
Excellent Speed: A fast memory data caching layer is present inside the Azure Analysis
server which provides information with the speed of the thought. The embedded cache is
so powerful that it provides information from the billions of rows as it’s capable of reducing
the load of the data store and focuses on the interactive queries only. In this way, the user
can save both his time and efforts.

2.38 Creating Azure Analytics Services
Activity: This practical activity creates Azure analytics and allow learner to perform real
time data analysis from any type of dataset and SaaS model of service.
1. Before getting started, you’ll need:
Azure Subscription - Sign up for a free trial.
SQL Server Data Tools - Download the latest version for free.
Power BI Desktop - Download the latest version for free.
2. Create
3. Go to https://portal.azure.com.
4. In the Menu blade, click New. an Analysis Services server in Azure.
5. Expand Intelligence + Analytics, and then click Analysis Services.
6. In the Analysis Services blade, enter the following and then click Create:
Server name: Type a unique name.
Subscription: Select your subscription.
Resource group: Select Create new, and then type a name for your new resource group.
Location: This is the Azure datacenter location that hosts the server. Choose a location
nearest you.

Pricing tier: For our simple model, select D1. This is the smallest tier and great for getting
started. The larger tiers are differentiated by how much cache and query processing units
they have. Cache indicates how much data can be loaded into the cache after it has been
compressed. Query processing units, or QPUs, are a sign of how many queries can be
supported concurrently. Higher QPUs may mean better performance and allow for a
higher concurrency of users.
7. Create a sample data source
Before you can create a data model with SSDT, you’ll need a data source to connect to.
Azure Analysis Services supports connecting to many different types of data sources both
on-premises and in the cloud. For this post, we’ll use the Adventure Works sample
database.
In Azure portal, in the Menu blade, click New.
8. Expand Databases, and then click SQL Database.

In the SQL Database blade, enter the following and then click Create:
Database name: Type a unique name.
Subscription: Select your subscription.
Resource group: Select the same resource group you created for your Analysis Services
server.
Select source: Select Sample (Adventure Works LT).
Server: Choose a location nearest you.
Pricing tier: For your sample database, select B.
Collation: Leave the default, SQL_Latin1_General_CP1_CI_AS.
9. Create a data model : To create Analysis Services data models, you’ll use Visual
Studio and an extension called SQL Server Data Tools (SSDT). In SSDT, create a new
Analysis Services Tabular Project. If asked to select a workspace type, select Integrated.

10. Click the Import From Data Source icon on the toolbar at the top of the screen.
11. Select Microsoft SQL Azure as your data source type and click Next.Fill in the
connection information for the sample SQL Azure database created earlier and click Next.

 Server Name: Name of SQL Azure server to connect to.
 User Name: Name of the user which will be used to login to the server.
 Password: Password for the account.
 Database Name: Name of the SQL database to connect to.
12. Select Service Account for the impersonation mode and click Next.Select the tables
you wish to import into cache and click Finish:
13. At this step, you can optionally provide a friendly name for each table. For large tables,
which may not fit into cache, you can also specify a filter expression to reduce the number
of rows. When complete, click next.
Data will now be read from the database and pulled into a local cache within Visual Studio.
Once loading is complete, you will have your first model created and will be able to see
each table and the data within them. You can also switch to a diagram view by clicking
the little diagram option at the bottom right of the screen:

14. Improving the model
Now that your basic model is built, you could start querying it now or you could enhance
it further by using more of the available modeling features. Some of these features
include:
Create or edit relationships. You can add, remove or change relationships between tables
by going to the diagram view and dragging a line between two columns in different tables.
Once tables are joined together, they can automatically be queried together when a user
selects columns from both tables.
Edit properties for a table or column. You can update multiple properties for tables and
columns by clicking on them and updating the values in the properties pane.
15. Add more business logic to the model by creating calculations and measures.
Deploy
Once your model is complete, you can now deploy it to the Azure AS server which you
created in the first step. This can be done with the following steps:
1. Copy your Azure Analysis Services server name for the Azure portal. This can be found
at the top of the overview section of your server.

2. In the solution explorer in Visual Studio, right click on the project and click properties.
3. Change the deployment server to the name of your Azure AS server and click OK.
4. Right click the project name again, but this time click Deploy.

Connect
Now that you model has been creating you can connect with it through tools like the Power
BI Desktop or Excel.
Power BI Desktop
If you don’t already have the Power BI Desktop, you can download it for free.
1. Open the Power BI Desktop
2. Click Get Data.
3. Select Databases/SQL Server Analysis Services and then click connect.
4. Enter your Azure AS server name and click OK.

5. On the Navigator screen, select your model and click OK.
You will now see your model displayed in the field list on the side. You can drag and drop
the different fields on to your page to build out interactive visuals.

Chapter 3: Diving Deep- Cloud Web
Application Development
Learning Outcomes:
 Understand basics of web technologies
 Create web applications using HTML, CSS & PHP
 Deploy web applications in cloud environment
 Understand concept and usage of Serverless compute services
 Create and deploy APIs using Azure Functions
3.1 Basics of Web Technologies

3.1.1 What is a Website?
A website is a group of globally accessible, interlinked web pages which have a single
domain name. It can be developed and maintained by an individual, business or
organization. The website aims to serve a variety of purposes. Example: Blogs.
A website is hosted on a single or multiple web server. It is accessible via a network like
the Internet or a private local area network via IP address.
3.1.2 What is a Web Application?

A web application is a software or program which is accessible using any web browser.
Its frontend is usually created using languages like HTML, CSS, JavaScript, which are
supported by major browsers. While the backend could use any programming stack like
LAMP, MEAN, etc. Unlike mobile apps, there is no specific SDK for developing web
applications. Web Applications came to prominence with the advent of Software as a
Service (SaaS) movement.
3.1.3 Why you need a Website?

Here, are prime reasons why you need a website:
 An effective method to showcase your products and services
 Developing a site helps you to create your social proof
 Helps you in branding your business
 Helps you to achieve your business goals
 Allows you to increase your customer support
3.1.4 Why you need a Web Application?

Web applications are more popular because of the following reasons:
 Compared to desktop applications, web applications are easier to maintain by as
they use the same code in the entire application. There are no compatibility issues.

 Web applications can be used on any platform: Windows, Linux, Mac… as they all
support modern browsers.
 Mobile App store approval not required in web applications.
 Released any time and in any form. No need to remind users to update their
applications.
 You can access these web applications 24 hours of the day and 365 days a year
from any PC.
 You can either make use of the computer or your mobile device to access the
required data.
 Web applications are a cost-effective option for any organization. Seat Licenses
for Desktop software are expensive where SasS, are generally, pay as you go.
 Web-Based Apps are Internet-enabled apps that are accessed through the
mobile's web browser. Therefore, you don't require to download or install them.
3.1.5 Characteristics of Website

 Quality and relevant Web Content is which richly displayed.
 User-friendly navigation and web design
 Can be easily searched using search engines like Google.
3.1.6 Characteristics of Web Application

 Cloud-hosted and highly scalable
 Mostly Cross-platform
 Modular and loosely coupled
 It is easily tested with automated tests.
3.1.7 Web Application vs. Website

Below given are the prime difference between web application and web site:
Parameter Web Application Website
A web application is
A website mostly consists of static content. It
Created for designed for interaction with
is publicly accessible to all the visitors.
the end user
In a web application, the

A website provides visual & text content which
User user not only read the page
user can view and read, but not affect it 's
interaction content but also manipulate
functioning.
the restricted data.
Authentication is not obligatory for

Web applications need
informational websites. The user may ask to
authentication, as they offer
Authentication register to get a regular update or to access
a much broader scope of
additional options. This features not available
options than websites.
for the unregistered website visitors.

Parameter Web Application Website
Web application functions

Task and The website displays the collected data and
are quite higher and complex
Complexity information on a specific page.
compared to a website.
The web application

Type of development is part of the The website is a complete product, which you
software website. It is itself not a access with the help of your browser.
complete website.
The site must be

Compilation precompiled before The site doesn't need to be pre-compiled
deployment
All changes require the Small changes never require a full re-
Deployment entire project to be re- compilation and deployment. You just need to
compiled and deployed. update the HTML code.
3.1.8 Disadvantages of Website

 A website can crash which is not good for anyone. It is the biggest disadvantage
for your business
 Contact form published on your website may invite lots of unwanted spam e-mails.
 The information on any website might be unreliable if it is not updated regularly.
3.1.9 Disadvantages of Web Application

 Security is not guaranteed, so it is vulnerable for unauthorized access.
 The web app may not support multiple browsers with equal precedence.
 The web application is built explicitly for a certain operating system, so it is difficult
to discover from the app store.
 Limited scope to access the device's features.
3.1.10 What is a Markup Language?

A markup language a system design for annotating a document in such a way that it can
be syntactically distinguishable. It uses tags to define elements. Markup languages
contain English language phrases and words. Therefore, they are easy to read. Markup
languages are designed specifically for the processing, definition, as well as presentation
of text.

3.2 Using HTML & CSS
3.2.1 What is HTML?
HTML is the language used for the World Wide Web. It is the standard text formatting
language used for creating and displaying pages on the Web.
HTML files are consist of two things 1) the content and 2) the tags that format it for proper
display on pages. It can be used by technologies such as Cascading Style Sheets (CSS)
and scripting languages such as JavaScript. The full form of HTML is Hypertext Markup
Language. It is also know as HTML v 1.0 and is the first iteration of HTML markup.
3.2.2 What is HTML5?

HTML5 is the 5th version of HTML version 1.0 with support for more tags and features.
Technically its termed HTML version 5.0, but colloquially it called HTML5.
The latest version of Browsers like Safari, Opera, Chrome, and Firefox supports all most
all features of HTML5. A web developer can use HTML5 for developing photo sites, web
forums, and advanced mapping applications. The Full form of HTML5 is Hypertext
Markup Language 5.
3.2.3 Structure of HTML

Here is a structure of HTML:
3.2.4 Structure of HTML5

Here is the structure of HTML5:

3.2.5 Features of HTML
 Platform independent language.
 It is not case sensitive language.
 You can control colors, fonts, as well as positioning using Cascading Style Sheets.
 We can build tables.
 Enhance the presentation of a page using the HTML element.
 Enables you to develop a web page using tags.
 Use graphics and also display text in various fonts, sizes, and colors.
 It helps you to create hyperlinks to navigate to various documents which are
present on the web.
 You can display data in a tabular format.
 Create more than one window in a web page to display information from multiple
sources in different windows.
3.2.6 Features of HTML5

 It supports local storage
 HTML5 has New content related elements, like, <header>, <footer>, <article>,
<section>, <nav>, etc.
 It offers new form controls, like date, calendar, time, URL, email, and search.
 The <canvas> element for drawing 2D diagram
 Support for CSS3, the newer and version of CSS.
 Provides media support.
 Figure element can be combined with elements to easily associate a caption with
the other image elements.
 You can store large amounts of data locally without affecting site performance.
 HTML is capable of handling incorrect syntax.
3.2.7 HTML Vs HTML5

Here are the differences between HTML and HTML5:
HTML HTML5
HTML Doctype declaration is lengthy. DOCTYPE declaration in HTML5 is simple.
HTML Character encoding is longer. HTML5 Character encoding declaration is

simple.
Audio and video are not HTML parts. Audio and video are HTML5 part.

It is possible to draw a vector with the help Vector graphics are a part of HTML5, e.g.,
of other technologies like Silverlight, Flash, canvas, SVG.
VML, etc.
It is impossible to get the actual JS Geolocation API in HTML5 enables you

Geolocation of a person browsing any to identify the location of the user browsing
website. any website.
HTML offers local storage instead of Html5 uses cookies to store data.
cookies.
In HTML, it is not possible to draw basic In Html5, it is possible to draw basic

shapes. shapes.
It allows you to run JavaScript in a browser. It enables you to run JavaScript code in the
background.
You can use HTML with all old browsers. You can use HTML5 with all new browsers.
You can use browser cache as temporary You can use application (database and web
storage. storage) Cache as temporary storage.
Web Socket is not available. You can establish full-duplex

communication channels with a server
using Web Sockets.
There is no process to handlestructurally HTML5 supports persistent error handling

incorrect HTML codes. via the improvised error handling process.
HTML is less mobile-friendly. HTML5 is mobile friendly.
Attributes like async, charset, and ping are Attributes of async, ping, charset, and are a
not present in HTML. part of HTML5.
HTML does not allow drag and drop effects HTML5 allows drag and drop effects.
Offer new attributes like tabinex, id, tabinex, These are certain attributes which are
etc. applied to HTML 5 elements.

3.2.8 Advantages of HTML
Here are pros/ benefits of HTML:
 Easy to use for web pages development
 Effortlessly create a web document
 It helps you to navigate within the web pages and between websites that are
located on different servers.
 In HTML, you can set queries to use the images that are responsive in nature.
 User cannot save the browser data that persist across sessions.
 Once data is stored in the browser, the developer can think further to make the
application work.
3.2.9 Advantages of HTML5

Here are pros/ benefits of HTML5:
 It has capabilities like a large set of new APIs regarding file system, client-side
storage, event handling, and more.
 Easy to create a new interactive website.
 Because HTML5 takes a pragmatic approach, you can effortlessly fix real-world
problems.
 It has simplified Doctype and character set.
 HTML5 offers elements like <details>, <dialog>, <mark>, and more.
 It has improved web forms with a new attribute for <input> tag.
 HTML5 gives persistent local storage in order to achieve without resorting to any
third-party plugins.
 It has a WebSocket, which is a next-generation communication technology for
developing web applications.
 HTML5 introduces events which are called as called Server-Sent Events (SSE).
 It has simplified markup
 Support of two-dimensional drawing surface which you can program with
JavaScript.
 HTML5 enables you to create your own vocabulary.
 You can create your own custom semantics.
 Drag and drop the items from one place to another place on the same webpage.
 Supports numerous videos.
 HTML5 has enhanced web application experience with APIs like visibility, media
capture, fullscreen, etc.
3.2.10 Disadvantages of HTML

Here are the cons/ drawback of HTML.
 HTML does not help to create dynamic pages. It can create only plain pages.
 You may need to write a lengthy code for making a simple webpage.
 Security features are not good in HTML.
 It takes time to develop anything that even resembles a webpage.

 HTML is not flexible like other webpage developing software like Dreamweaver.
 It is not following centralized approach. You need to edit the webpages separately.
3.2.11 Disadvantages of HTML5

Here are cons/ drawback of HTML5:
 It requires modern browsers to access it.
 There are issues related to media licensing.
 Multiple device responsiveness can be a headache.
 The HTML5 language is still a work in progress.
 Gaming struggles with JavaScript under HTML5.
 There are no good IDEs that are available in HTML5.
3.2.12 What is CSS?

CSS stands for Cascading Style Sheets. It is a style sheet language which is used to
describe the look and formatting of a document written in markup language. It provides
an additional feature to HTML. It is generally used with HTML to change the style of web
pages and user interfaces. It can also be used with any kind of XML documents including
plain XML, SVG and XUL.
CSS is used along with HTML and JavaScript in most websites to create user interfaces
for web applications and user interfaces for many mobile applications.
3.2.13 CSS Syntax

A CSS rule set contains a selector and a declaration block.
Image: CSS Code Structure
Selector: Selector indicates the HTML element you want to style. It could be any tag like
<h1>, <title> etc.
Declaration Block: The declaration block can contain one or more declarations
separated by a semicolon. For the above example, there are two declarations:
1. color: yellow;
2. font-size: 11 px;
Each declaration contains a property name and value, separated by a colon.

Property: A Property is a type of attribute of HTML element. It could be color, border etc.
Value: Values are assigned to CSS properties. In the above example, value "yellow" is
assigned to color property.
CSS Selector
CSS selectors are used to select the content you want to style. Selectors are the part of
CSS rule set. CSS selectors select HTML elements according to its id, class, type,
attribute etc.
There are several different types of selectors in CSS.
 CSS Element Selector
 CSS Id Selector
 CSS Class Selector
 CSS Universal Selector
 CSS Group Selector
CSS Element Selector
The element selector selects the HTML element by name.
CSS Id Selector
The id selector selects the id attribute of an HTML element to select a specific element.
An id is always unique within the page so it is chosen to select a single, unique element.
It is written with the hash character (#), followed by the id of the element.
Let?s take an example with the id "para1".

CSS Class Selector
The class selector selects HTML elements with a specific class attribute. It is used with a
period character . (full stop symbol) followed by the class name.
CSS Class Selector for specific element

If you want to specify that only one specific HTML element should be affected then you
should use the element name with class selector.
Let's see an example.

CSS Universal Selector
The universal selector is used as a wildcard character. It selects all the elements on the
pages.
CSS Group Selector

The grouping selector is used to select all the elements with the same style definitions.
Grouping selector is used to minimize the code. Commas are used to separate each
selector in grouping.
Let's see the CSS code without group selector.

How to add CSS
CSS is added to HTML pages to format the document according to information in the style
sheet. There are three ways to insert CSS in HTML documents.
 Inline CSS
 Internal CSS
 External CSS
Inline CSS
We can apply CSS in a single element by inline CSS technique.
The inline CSS is also a method to insert style sheets in HTML document. This method
mitigates some advantages of style sheets so it is advised to use this method sparingly.
If you want to use inline CSS, you should use the style attribute to the relevant tag.
Internal CSS
The internal style sheet is used to add a unique style for a single document. It is defined
in <head> section of the HTML page inside the <style> tag.

External CSS
The external style sheet is generally used when you want to make changes on multiple
pages. It is ideal for this condition because it facilitates you to change the look of the
entire web site by changing just one file.
It uses the <link> tag on every pages and the <link> tag should be put inside the head
section.
The external style sheet may be written in any text editor but must be saved with a .css
extension. This file should not contain HTML elements.
Let's take an example of a style sheet file named "mystyle.css".

Advantages of CSS:
 Easier to maintain and update
 Greater consistency in design
 More formatting options
 Lightweight code
 Faster download times
 Search engine optimization benefits
 Ease of presenting different styles to different viewers
 Greater accessibility
Disadvantages of CSS:
 There could be cross-browser issues while using CSS.
 There are multiple levels of CSS such as CSS, CSS 2, CSS 3. This can create
confusion for non-developers and beginners.
3.2.14 HTML Layout:

HTML layouts provide a way to arrange web pages in well-mannered, well-structured,
and in responsive form or we can say that HTML layout specifies a way in which the web
pages can be arranged. Web-page layout works with arrangement of visual elements of
an HTML document.
Web page layout is the most important part to keep in mind while creating a website so
that our website can appear professional with the great look. You can also use CSS and
JAVASCRIPT based frameworks for creating layouts for responsive and dynamic website
designing.
Image: HTML Structure Layout

Following are different HTML5 elements which are used to define the different parts of a
webpage.
o <header>: It is used to define a header for a document or a section.
o <nav>: It is used to define a container for navigation links
o <section>: It is used to define a section in a document
o <article>: It is used to define an independent self-contained article
o <aside>: It is used to define content aside from the content (like a sidebar)
o <footer>: It is used to define a footer for a document or a section
o <details>: It is used to define additional details
o <summary>: It is used to define a heading for the <details> element
3.2.15 Description of various Layout elements

HTML <header>
The <header> element is used to create header section of web pages. The header
contains the introductory content, heading element, logo or icon for the webpage, and
authorship information.
HTML <nav>
The <nav> elements is a container for the main block of navigation links. It can contain
links for the same page or for other pages.

HTML <section>
HTML <section> elements represent a separate section of a web page which contains
related element grouped together. It can contain: text, images, tables, videos, etc.
HTML <article>
The HTML tag is used to contain a self-contained article such as big story, huge article,
etc.

HTML <aside>
HTML <aside> define aside content related to primary content. The <aside> content must
be related to the primary content. It can function as side bar for the main content of web
page.
HTML <footer>
HTML <footer> element defines the footer for that document or web page. It mostly
contains information about author, copyright, other links, etc.

HTML <details>
HTML <details> element is used to add extra details about the web page and use can
hide or show the details as per requirement.
HTML <summary>
HTML <summary> element is used with the <details> element in a web page. It is used
as summary, captions about the content of <details> element.
HTML Layout Example:

<!DOCTYPE html>
<html>
<head>
<title>Webpage using div</title>
<style>
body{
margin:0px;
}
.header{
padding: 10px;
background-color:#455e64;

text-align: center;
}
.header h2{
color: black; }
/*===============[Nav CSS]==========*/
.nav{
background-color:#243238;
padding: 5px;
}
.nav li{
list-style: none;
display: inline-block;
padding: 8px;
}
.nav a{
color: #fff;
}
.nav ul li a:hover{
text-decoration: none;
color: #7fffd4;
}
.lside{
float: left;
width: 80%;
min-height: 440px;
background-color: #f0f8ff;
text-align: center;
}
.rside

{
text-align: center;
float: right;
width: 20%;
min-height: 440px;
background-color: #c1cdcd;
}
.footer{
height: 44px;
background-color:#455e64;
text-align: center;
padding-top: 10px;}
.footer p{
color: #8fbc8f;
}
</style>
</head>
<body>
<div>
<div class="header">
<h2>javaTpoint Div Layout</h2>
</div>

<div class="nav">
<ul>
<li><a href="#">HOME</a></li>
<li><a href="#">MENU</a></li>
<li><a href="#">ABOUT</a></li>
<li><a href="#">CONTACT</a></li>

<li style="float: right;"><a href="#">LOGIN</a></li>
<li style="float: right;"><a href="#">SIGN-UP</a></li>
</ul>
</div>


<div style="height:440px">
<div class="lside">
<p>Write your content here</p>
</div>

<div class="rside">
<p>This is side</p>
</div>
</div>

<div class="footer">
<p>©<strong>Copyright fice.com</strong></p>
</div>
</div>
</body>
</html>
Output:

3.3 JavaScript for Dynamic Web Pages
3.3.1 What is JavaScript?
JavaScript is a very powerful client-side scripting language. JavaScript is used mainly for
enhancing the interaction of a user with the webpage. In other words, you can make your
webpage more lively and interactive, with the help of JavaScript. JavaScript is also being
used widely in game development and Mobile application development.
3.3.2 Javascript History

JavaScript was developed by Brendan Eich in 1995, which appeared in Netscape, a
popular browser of that time.
The language was initially called LiveScript and was later renamed JavaScript. There are
many programmers who think that JavaScript and Java are the same. In fact, JavaScript
and Java are very much unrelated. Java is a very complex programming language
whereas JavaScript is only a scripting language. The syntax of JavaScript is mostly
influenced by the programming language C.
Tools You Need
To start with, you need a text editor to write your code and a browser to display the web
pages you develop. You can use a text editor of your choice including Notepad++, Visual
Studio Code, Sublime Text, Atom or any other text editor you are comfortable with. You
can use any web browser including Google Chrome, Firefox, Microsoft Edge, Internet
Explorer etc.
A Simple JavaScript Program
You should place all your JavaScript code within <script> tags (<script> and </script>) if
you are keeping your JavaScript code within the HTML document itself. This helps your
browser distinguish your JavaScript code from the rest of the code. As there are other
client-side scripting languages (Example: VBScript), it is highly recommended that you
specify the scripting language you use. You have to use the type attribute within the
<script> tag and set its value to text/javascript like this:

Example:
3.3.3 JavaScript Variable

Variables are used to store values (name = "John") or expressions (sum = x + y).
Declare Variables in JavaScript
Before using a variable, you first need to declare it. You have to use the keyword var to
declare a variable like this:
var name;
Assign a Value to the Variable
You can assign a value to the variable either while declaring the variable or after declaring
the variable.
var name = "John";
Naming Variables:
Though you can name the variables as you like, it is a good programming practice to give
descriptive and meaningful names to the variables. Moreover, variable names should
start with a letter and they are case sensitive. Hence the variables student name and
studentName are different because the letter n in a name is different (n and N).

3.3.4 What is Loops?
Loops are useful when you have to execute the same lines of code repeatedly, for a
specific number of times or as long as a specific condition is true. Suppose you want to
type a ‘Hello’ message 100 times in your webpage. Of course, you will have to copy and
paste the same line 100 times. Instead, if you use loops, you can complete this task in
just 3 or 4 lines.
Different Types of Loops
There are mainly four types of loops in JavaScript.
 for loop
 for/in a loop (explained later)
 while loop
 do…while loop
for loop
 The statement1 is executed first even before executing the looping code. So, this
statement is normally used to assign values to variables that will be used inside
the loop.
 The statement2 is the condition to execute the loop.
 The statement3 is executed every time after the looping code is executed.

while loop
The “while loop” is executed as long as the specified condition is true. Inside the while
loop, you should include the statement that will end the loop at some point of time.
Otherwise, your loop will never end and your browser may crash.
3.3.5 Conditional Statements

Conditional statements are used to decide the flow of execution based on different
conditions. If a condition is true, you can perform one action and if the condition is false,
you can perform another action.
Different Types of Conditional Statements
There are mainly three types of conditional statements in JavaScript.
 If statement
 If…Else statement
 If…Else If…Else statement
If statement

If…Else statement
You can use If….Else statement if you have to check two conditions and execute a
different set of codes.

If…Else If…Else statement
You can use If….Else If….Else statement if you want to check more than two conditions.
3.3.6 The HTML DOM (Document Object Model)

The HTML DOM is a standard object model and programming interface for HTML. It
defines:
 The HTML elements as objects
 The properties of all HTML elements
 The methods to access all HTML elements
 The events for all HTML elements
When a web page is loaded, the browser creates a Document Object Model of the page.
The HTML DOM model is constructed as a tree of Objects:

The HTML DOM Tree of Objects
Example:
3.3.7 Internal and External JavaScript

You can use JavaScript code in two ways.
 You can either include the JavaScript code internally within your HTML document
itself.
 You can keep the JavaScript code in a separate external file and then point to that
file from your HTML document.
Internal JavaScript
JavaScript code is placed in the head and body section of an HTML page.

External JavaScript
JavaScript code are stored in separate external file using the .js extension (Ex:
external.js).
In the HTML file, the <script> tag can also be used to indicate the location of a JavaScript
file. The src attribute is assigned the path and filename of the file.
3.3.8 Advantages of JavaScript:

 Speed. Client-side JavaScript is very fast because it can be run immediately within
the client-side browser. Unless outside resources are required, JavaScript is
unhindered by network calls to a backend server.
 Simplicity. JavaScript is relatively simple to learn and implement.
 Popularity. JavaScript is used everywhere on the web.
 Interoperability. JavaScript plays nicely with other languages and can be used in
a huge variety of applications.
 Server Load. Being client-side reduces the demand on the website server.
 Gives the ability to create rich interfaces.
3.3.9 Disadvantages of JavaScript:

 Client-Side Security. Because the code executes on the users’ computer, in some
cases it can be exploited for malicious purposes. This is one reason some people
choose to disable Javascript.
 Browser Support. JavaScript is sometimes interpreted differently by different
browsers. This makes it somewhat difficult to write cross-browser code.

3.4 Creating a Dynamic Web Page with HTML, CSS & JS
Activity: This activity is to create a web page using HTML, CSS and JavaScript that
has capability of dynamic changes in web page content. This will laid foundation to
creating website and web applications that can be deployed on server over Azure cloud.
3.4.1 Create style.css and add the following code into it.
body{
background-color:black;
}
ul {
list-style-type: none;
margin: 0;
padding: 0;
overflow: hidden;
background-color: #333;
}
li {
float: left;
}
li a {
display: block;
color: white;
text-align: center;
padding: 14px 16px;
text-decoration: none;
}
li a:hover {
}
* {box-sizing: border-box}
body {font-family: Verdana, sans-serif; margin:0}
.mySlides {display: none}
img {vertical-align: middle;}
/* Slideshow container */
.slideshow-container {
max-width: 1000px;
position: relative;
margin: auto;
}
/* Next & previous buttons */

.prev, .next {
cursor: pointer;

position: absolute;
top: 50%;
width: auto;
padding: 16px;
margin-top: -22px;
color: white;
font-weight: bold;
font-size: 18px;
transition: 0.6s ease;
border-radius: 0 3px 3px 0;
user-select: none;
}
/* Position the "next button" to the right */

.next {
right: 0;
border-radius: 3px 0 0 3px;
}
/* On hover, add a black background color with a little bit see-through */

.prev:hover, .next:hover {
background-color: rgba(0,0,0,0.8);
}
/* Caption text */
.text {
color: #f2f2f2;
font-size: 15px;
padding: 8px 12px;
position: absolute;
bottom: 8px;
width: 100%;
text-align: center;
}
/* Number text (1/3 etc) */

.numbertext {
color: #f2f2f2;
font-size: 12px;
padding: 8px 12px;
position: absolute;
top: 0;
}
/* The dots/bullets/indicators */
.dot {
cursor: pointer;
height: 15px;

width: 15px;
margin: 0 2px;
background-color: #bbb;
border-radius: 50%;
display: inline-block;
transition: background-color 0.6s ease;
}
.active, .dot:hover {
}
/* Fading animation */
.fade {
-webkit-animation-name: fade;
-webkit-animation-duration: 1.5s;
animation-name: fade;
animation-duration: 1.5s;
}
@-webkit-keyframes fade {
from {opacity: .4}
to {opacity: 1}
}
@keyframes fade {
from {opacity: .4}
to {opacity: 1}
}
/* On smaller screens, decrease text size */

@media only screen and (max-width: 300px) {
.prev, .next,.text {font-size: 11px}
}
.footer {
position: fixed;
left: 0;
bottom: 0;
width: 100%;
background-color: black;
color: white;
text-align: center;
}
.avatar {
vertical-align: middle;
width: 100px;
height: 100px;
border-radius: 100%;

margin-left:250px;
}
form{
margin-left:200px;
}
3.4.2 Create sample.js file and add the following code into it.
var slideIndex = 1;
showSlides(slideIndex);
function plusSlides(n) {
showSlides(slideIndex += n);
}
function currentSlide(n) {
showSlides(slideIndex = n);
}
function showSlides(n) {
var i;
var slides = document.getElementsByClassName("mySlides");
var dots = document.getElementsByClassName("dot");
if (n > slides.length) {slideIndex = 1}
if (n < 1) {slideIndex = slides.length}
for (i = 0; i < slides.length; i++) {
slides[i].style.display = "none";
}
for (i = 0; i < dots.length; i++) {
dots[i].className = dots[i].className.replace(" active", "");
}
slides[slideIndex-1].style.display = "block";
dots[slideIndex-1].className += " active";
}
3.4.3 Create and index.html file and add the following code into it.
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="style.css">
<script type="text/javascript" src="sample.js"></script>
</head>
<body>
<div>
<ul>
<li><a class="active" href="#home">Home</a></li>
<li><a href="#news">News</a></li>
<li><a href="#contact">Contact</a></li>

<li><a href="#about">About</a></li>
</ul>
</div>
<div class="slideshow-container">
<div class="mySlides fade">

<div class="numbertext">1 / 3</div>
<img src="https://www.w3schools.com/howto/img_nature_wide.jpg"
style="width:100%">
<div class="text">Caption Text</div>
</div>

<img src="https://www.w3schools.com/howto/img_snow_wide.jpg"
style="width:100%">
<div class="text">Caption Two</div>
</div>

<img src="https://www.w3schools.com/howto/img_mountains_wide.jpg"
style="width:100%">
<div class="text">Caption Three</div>
</div>
<a class="prev" onclick="plusSlides(-1)">❮</a>

<a class="next" onclick="plusSlides(1)">❯</a>
</div>
<br>
<div style="text-align:center">
<span class="dot" onclick="currentSlide(1)"></span>
</div>
<div>
<img src="https://www.w3schools.com/howto/img_avatar.png" alt="Avatar"
class="avatar">
<img src="https://www.w3schools.com/howto/img_avatar2.png" alt="Avatar"
class="avatar">
<img src="https://www.w3schools.com/howto/img_avatar.png" alt="Avatar"
class="avatar">
</div>
<div class="footer">
<p>Copyright@FICE2021 </p>
</div>

</body>
</html>
3.4.4 Output:

3.5 JavaScript Dialogue Boxes
JavaScript uses 3 kind of dialog boxes : ALERT, PROMPT and CONFIRM. These dialog
boxes can be of very much help for making our website look more attractive.
3.5.1 Alert Box :
An alert box is used in the website to show a warning message to the user that they have
entered the wrong value other than what is required to filled in that position. Nonetheless,
an alert box can still be used for friendlier messages. Alert box gives only one button “OK”
to select and proceed.
3.5.2 Confirm Box :

A confirm box is often used if you want the user to verify or accept something. When a
confirm box pops up, the user will have to click either “OK” or “Cancel” to proceed. If the
user clicks on the OK button, the window method confirm() will return true. If the user
clicks on the Cancel button, then confirm() returns false and will show null.

3.5.3 Prompt Box :
A prompt box is often used if you want the user to input a value before entering a page.
When a prompt box pops up, the user will have to click either “OK” or “Cancel” to proceed
after entering an input value. If the user clicks the OK button, the window method prompt()
will return the entered value from the text box. If the user clicks the Cancel button, the
window method prompt() returns null.

3.6 Functions in JavaScript
A function is a set of statements that take inputs, do some specific computation, and
produces output. Basically, a function is a set of statements that performs some tasks or
does some computation and then return the result to the user.
The idea is to put some commonly or repeatedly done tasks together and make a function
so that instead of writing the same code again and again for different inputs, we can call
that function.
Like other programming languages, JavaScript also supports the use of functions. You
must already have seen some commonly used functions in JavaScript like alert(), this is
a built-in function in JavaScript. But JavaScript allows us to create user-defined functions
also.
We can create functions in JavaScript using the keyword function. The basic syntax to
create a function in JavaScript is shown below.
3.6.1 Syntax:
To create a function in JavaScript, we have to first use the keyword function, separated
by name of function and parameters within parenthesis. The part of function inside the
curly braces {} is the body of the function.
3.6.2 Function Definition
Before, using a user-defined function in JavaScript we have to create one. We can use
the above syntax to create a function in JavaScript. A function definition is sometimes
also termed as function declaration or function statement.
Below are the rules for creating a function in JavaScript:

 Every function should begin with the keyword function followed by,
 A user defined function name which should be unique,
 A list of parameters enclosed within parenthesis and separated by commas,
 A list of statement composing the body of the function enclosed within curly braces
{}.
Create an input element that can convert a value from one temperature
measurement to another.

3.7 JavaScript Validations
The data entered into a form needs to be in the right format and certain fields need to be
filled in order to effectively use the submitted form. Username, password, contact
information are some details that are mandatory in forms and thus need to be provided
by the user.
Below is a code in HTML, CSS, and JavaScript to validate a form. HTML is used to create
the form.JavaScript to validate the form.
3.7.1 Syntax for form in HTML
<body>
<h1 style="text-align: center;">REGISTRATION FORM</h1>
<form name="RegForm" action="/submit.php" onsubmit="return validate()"
method="post">
<p>Name: <input type="text" size="65" name="Name" /></p>
<br />
<p>Address: <input type="text" size="65" name="Address" /></p>
<br />
<p>E-mail Address: <input type="text" size="65" name="EMail" /></p>
<br />
<p>Password: <input type="text" size="65" name="Password" /></p>
<br />
<p>Telephone: <input type="text" size="65" name="Telephone" /></p>
<br />
<p>
SELECT YOUR COURSE
<select type="text" value="" name="Subject">
<option>BTECH</option>
<option>BBA</option>
<option>BCA</option>
<option>B.COM</option>
<option>Diploma</option>
</select>
</p>
<br />
<br />
<p>Comments: <textarea cols="55" name="Comment"> </textarea></p>
<p>
<input type="submit" value="send" name="Submit" />
<input type="reset" value="Reset" name="Reset" />
</p>
</form>
</body>
3.7.2 Form validation:

<script>
function validate() {
var name = document.forms["RegForm"]["Name"];

var email = document.forms["RegForm"]["EMail"];
var phone = document.forms["RegForm"]["Telephone"];
var what = document.forms["RegForm"]["Subject"];
var password = document.forms["RegForm"]["Password"];
var address = document.forms["RegForm"]["Address"];
if (name.value == "") {
window.alert("Please enter your name.");
name.focus();
return false;
}
if (address.value == "") {
window.alert("Please enter your address.");
address.focus();
return false;
}
if (email.value == "") {
window.alert(
"Please enter a valid e-mail address.");
email.focus();
return false;
}
if (phone.value == "") {
window.alert(
"Please enter your telephone number.");
phone.focus();
return false;
}
if (password.value == "") {
window.alert("Please enter your password");
password.focus();
return false;
}
if (what.selectedIndex < 1) {
alert("Please enter your course.");
what.focus();
return false;
}
return true;
}
</script>

3.7.3 Styling the form:
<style>
div {
box-sizing: border-box;
width: 100%;
border: 100px solid black;
float: left;
align-content: center;
align-items: center;
}
form {
margin: 0 auto;
width: 600px;
}</style>
3.7.4 Output:

3.8 Server Side Scripting
3.8.1 Client side scripting :
web browsers execute client side scripting. It is use when browsers has all code. Source
code used to transfer from web server to user’s computer over internet and run directly
on browsers. It is also used for validations and functionality for user events.
It allows for more interactivity. It usually performs several actions without going to user. It
cannot be basically used to connect to databases on web server. These scripts cannot
access file system that resides at web browser. Pages are altered on basis of users
choice. It can also used to create “cookies” that store data on user’s computer.
3.8.2 Server side scripting :
Web servers are used to execute server side scripting. They are basically used to create
dynamic pages. It can also access the file system residing at web server. Server-side
environment that runs on a scripting language is a web-server.
Scripts can be written in any of a number of server-side scripting language available. It is
used to retrieve and generate content for dynamic pages. It is used to require to download
plugins. In this load times are generally faster than client-side scripting. When you need
to store and retrieve information a database will be used to contain data. It can use huge
resources of server. It reduces client-side computation overhead. Server sends pages to
request of user/client.
3.8.3 Difference between client side scripting and server side scripting
Client side scripting Server side scripting
Source code is not visible to user because it’s

output
Source code is visible to user. of server side is a HTML page.
It usually depends on browser and it’s In this any server side technology can be use
version. and it does not depend on client.
It runs on user’s computer. It runs on web server.
There are many advantages link with this The primary advantage is it’s ability to highly
like faster,response times, a more customize, response
interactive application. requirements, access rights based on user.
It does not provide security for data. It provides more security for data.

Client side scripting Server side scripting
It is a technique that uses scripts on web

It is a technique use in web development server to produce a response that is
in which scripts runs on clients browser. customized for each clients request.
HTML, CSS and JavaScript are used. PHP, Python, Java, Ruby are used.
3.8.4 Advantages of server side scripting over client side scripting

include:
 It doesn't require the user to download plugins like Java or Flash, unlike client side
scripting.
 You can create a single website template for the entire website. Each new dynamic
page that is created will automatically use that template. With client side scripting,
each page has to be designed manually.
 You can configure a site to use a content management system, which simplifies
the editing, publishing, inserting images and the creation of web applications.
Client side scripting cannot be used for any of these.
 Load times are generally faster than client side scripting, because it is taking load
off of the client's machine.
 Scripts are hidden from view from the user. Users only see the HTML that is output,
even when the source code is viewed. With client side scripting, users can access
the scripts using the Inspect element feature on most web browsers.
3.8.5 PHP Scripting
The term PHP is an acronym for PHP: Hypertext Preprocessor. PHP is a server-side
scripting language designed specifically for web development. It is open-source which
means it is free to download and use. It is very simple to learn and use. The files have
the extension “.php”.
Rasmus Lerdorf inspired the first version of PHP and participating in the later versions. It
is an interpreted language and it does not require a compiler.
 PHP code is executed in the server.
 It can be integrated with many databases such as Oracle, Microsoft SQL Server,
MySQL, PostgreSQL, Sybase, Informix.
 It is powerful to hold a content management system like WordPress and can be
used to control user access.
 It supports main protocols like HTTP Basic, HTTP Digest, IMAP, FTP, and others.
 Websites like www.facebook.com, www.yahoo.com are also built on PHP.
 One of the main reasons behind this is that PHP can be easily embedded in HTML
files and HTML codes can also be written in a PHP file.
 The thing that differentiates PHP from the client-side language like HTML is, PHP
codes are executed on the server whereas HTML codes are directly rendered on

the browser. PHP codes are first executed on the server and then the result is
returned to the browser.
 The only information that the client or browser knows is the result returned after
executing the PHP script on the server and not the actual PHP codes present in
the PHP file. Also, PHP files can support other client-side scripting languages like
CSS and JavaScript.
 Other characteristics of PHP are as follows.
Simple and fast
 Efficient
 Secured
 Flexible
 Cross-platform, it works with major operating systems like Windows, Linux,
MacOS.
Example:
<html>
<head>
<title>PHP Example</title>
</head>
<body>
<?php echo "Hello, World! This is PHP code";?>
</body>
</html>
3.8.6 JSP Scripting
 It stands for Java Server Pages.
 It is a server side technology.
 It is used for creating web application.
 It is used to create dynamic web content.
 In this JSP tags are used to insert JAVA code into HTML pages.
 It is an advanced version of Servlet Technology.
 It is a Web based technology helps us to create dynamic and platform independent
web pages.
 In this, Java code can be inserted in HTML/ XML pages or both.
 JSP is first converted into servlet by JSP container before processing the client’s
request.
3.8.7 Features of JSP
 Coding in JSP is easy :- As it is just adding JAVA code to HTML/XML.
 Reduction in the length of Code :- In JSP we use action tags, custom tags etc.
 Connection to Database is easier :-It is easier to connect website to database and
allows to read or write data easily to the database.

 Make Interactive websites :- In this we can create dynamic web pages which helps
user to interact in real time environment.
 Portable, Powerful, flexible and easy to maintain :- as these are browser and server
independent.
 No Redeployment and No Re-Compilation :- It is dynamic, secure and platform
independent so no need to re-compilation.
 Extension to Servlet :- as it has all features of servlets, implicit objects and custom
tags
Example of Hello World
We will make one .html file and .jsp file
demo.jsp
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Hello World - JSP tutorial</title>
</head>
<body>
<%= "Hello World!" %>
</body>
</html>
HTML form data posting using HTTP methods and server scripting
The HTML <form> method Attribute is used to specify the HTTP method used to send
data while submitting the form. There are two kinds of HTTP methods, which are GET
and POST. The method attribute can be used with the <form> element.
Attribute Values:
GET: In the GET method, after the submission of the form, the form values will be visible
in the address bar of the new browser tab. It has a limited size of about 3000 characters.
It is only useful for non-secure data not for sensitive information.
POST: In the post method, after the submission of the form, the form values will not be
visible in the address bar of the new browser tab as it was visible in the GET method. It
appends form data inside the body of the HTTP request. It has no size limitation. This
method does not support bookmark the result.
Syntax:
<form method="get|post">
Get vs. Post
There are many differences between the Get and Post request. Let's see these
differences:

GET POST
1) In case of Get request, only limited In case of post request, large amount of
amount of data can be sent because data data can be sent because data is sent in body.
is sent in header.
2) Get request is not secured because Post request is secured because data is not
data is exposed in URL bar. exposed in URL bar.
3) Get request can be bookmarked. Post request cannot be bookmarked.
4) Get request is idempotent . It means Post request is non-idempotent.

second request will be ignored until
response of first request is delivered
5) Get request is more efficient and used Post request is less efficient and used less
more than Post. than get.
Example:
Create a login page and form to post data to server script and use it
Using Post Method:

Create index.html file and add the following html code into it.
Create a login.php file and add the following code into it.
Using Get Method:

Create index.html and add the following code into it.
Create login.php file and add the following code into it

3.9 Custom Services IaaS
Infrastructure as a service (IaaS) is an instant computing infrastructure, provisioned and
managed over the internet. It is one of the four types of cloud services, along with software
as a service (SaaS), platform as a service (PaaS) and Serverless.
IaaS quickly scales up and down with demand, letting you pay only for what you use. It
helps you avoid the expense and complexity of buying and managing your own physical
servers and other datacenter infrastructure. Each resource is offered as a separate
service component and you only need to rent a particular one for as long as you need it.
A cloud computing service provider, such as Azure, manages the infrastructure, while you
purchase, install, configure and manage your own software—operating systems,
middleware and applications.
Image: IaaS, PaaS & SaaS Model representation

Reference: https://azure.microsoft.com/en-in/overview/what-is-iaas/
3.9.1 Common IaaS business Scenarios
Typical things businesses do with IaaS include:
Test and development. Teams can quickly set up and dismantle test and development
environments, bringing new applications to market faster. IaaS makes it quick and
economical to scale up dev-test environments up and down.
Website hosting. Running websites using IaaS can be less expensive than traditional
web hosting.
Storage, backup and recovery. Organizations avoid the capital outlay for storage and
complexity of storage management, which typically requires a skilled staff to manage data
and meet legal and compliance requirements. IaaS is useful for handling unpredictable
demand and steadily growing storage needs. It can also simplify planning and
management of backup and recovery systems.

Web apps. IaaS provides all the infrastructure to support web apps, including storage,
web and application servers and networking resources. Organizations can quickly deploy
web apps on IaaS and easily scale infrastructure up and down when demand for the apps
is unpredictable.
High-performance computing. High-performance computing (HPC) on

supercomputers, computer grids or computer clusters helps solve complex problems
involving millions of variables or calculations. Examples include earthquake and protein
folding simulations, climate and weather predictions, financial modeling and evaluating
product designs.
Big data analysis. Big data is a popular term for massive data sets that contain
potentially valuable patterns, trends and associations. Mining data sets to locate or tease
out these hidden patterns requires a huge amount of processing power, which IaaS
economically provides.

3.10 Fully Managed Services PaaS & SaaS
Platform as a service (PaaS) is a complete development and deployment environment
in the cloud, with resources that enable you to deliver everything from simple cloud-based
apps to sophisticated, cloud-enabled enterprise applications. You purchase the resources
you need from a cloud service provider on a pay-as-you-go basis and access them over
a secure Internet connection.
Like IaaS, PaaS includes infrastructure—servers, storage and networking—but also

middleware, development tools, business intelligence (BI) services, database
management systems and more. PaaS is designed to support the complete web
application lifecycle: building, testing, deploying, managing and updating.
PaaS allows you to avoid the expense and complexity of buying and managing software
licenses, the underlying application infrastructure and middleware, container
orchestrators such as Kubernetes or the development tools and other resources. You
manage the applications and services you develop and the cloud service provider
typically manages everything else.
3.10.1 Common PaaS scenarios
Organizations typically use PaaS for these scenarios:
Development framework. PaaS provides a framework that developers can build upon
to develop or customize cloud-based applications. Similar to the way you create an Excel
macro, PaaS lets developers create applications using built-in software components.
Cloud features such as scalability, high-availability and multi-tenant capability are
included, reducing the amount of coding that developers must do.
Analytics or business intelligence. Tools provided as a service with PaaS allow

organizations to analyses and mine their data, finding insights and patterns and predicting
outcomes to improve forecasting, product design decisions, investment returns and other
business decisions.
Additional services. PaaS providers may offer other services that enhance applications,
such as workflow, directory, security and scheduling.
Software as a service (SaaS) allows users to connect to and use cloud-based apps over
the Internet. Common examples are email, calendaring and office tools (such as Microsoft
Office 365).
SaaS provides a complete software solution which you purchase on a pay-as-you-go

basis from a cloud service provider. You rent the use of an app for your organization and
your users connect to it over the Internet, usually with a web browser. All of the underlying
infrastructure, middleware, application software and app data are located in the service
provider’s data center. The service provider manages the hardware and software and
with the appropriate service agreement, will ensure the availability and the security of the

app and your data as well. SaaS allows your organization to get quickly up and running
with an app at minimal upfront cost.
3.10.2 Common SaaS scenarios
If you have used a web-based email service such as Outlook, Hotmail or Yahoo! Mail,
then you have already used a form of SaaS. With these services, you log into your
account over the Internet, often from a web browser. The email software is located on the
service provider’s network and your messages are stored there as well. You can access
your email and stored messages from a web browser on any computer or Internet-
connected device.
The previous examples are free services for personal use. For organizational use, you
can rent productivity apps, such as email, collaboration and calendaring; and
sophisticated business applications such as customer relationship management (CRM),
enterprise resource planning (ERP) and document management. You pay for the use of
these apps by subscription or according to the level of use.

3.11 Azure App Service
Quickly build, deploy and scale web apps and APIs on your terms. Work with .NET, .NET
Core, Node.js, Java, Python or PHP, in containers or running on Windows or Linux. Meet
rigorous, enterprise-grade performance, security and compliance requirements used a
trusted, fully managed platform that handles over 40 billion requests per day.
3.11.1 Quickly build web apps and APIs in the cloud
 Bring your code or container using the framework language of your choice.
 Increase developer productivity with tight integration of Visual Studio Code and
Visual Studio.
 Streamline CI/CD with Git, GitHub, GitHub Actions, Atlassian Bitbucket, Azure
DevOps, Docker Hub and Azure Container Registry.
 Reduce downtime and minimize risk for app updates by using deployment slots.
3.11.2 Features:
1. Fully managed platform with built-in infrastructure maintenance, security patching
and scaling.
2. Built-in CI/CD integration and zero-downtime deployments.
3. Integration with virtual networks and ability to run in an isolated and dedicated App
Service environment.
4. Rigorous security and compliance, including SOC and PCI, for seamless
deployments across public cloud, Azure Government and on-premises
environments

3.12 Creating App Service Starter Application
Activity: This activity focuses on creating an instance of Azure App service that allows
user to create and host web applications on cloud quickly without any hassles of
managing infrastructure of their own. It allows quick deploy of starter applications that can
be later modified for custom usage.
1. Login to Azure dashboard
2. Select App Services from Dashboard Menu, or search for App Services in resource
search bar
3. Click on Add button on top left menu

4. Select & Enter details as required
5. Select windows as operating system and click on change size below

6. Select Dev/Test option and then select standard Free type
7. Finally, click on Review + Create button below to create instance
8. On Review page, select Create button to finally create App Service Instance in
Azure Cloud

9. To access your sample application, From the App page, access your application
by clicking on Browse or URL

3.13 Serverless Compute- Azure Function
Serverless computing is a method of providing backend services on an as-used basis.
Servers are still used, but a company that gets backend services from a Serverless
vendor is charged based on usage, not a fixed amount of bandwidth or number of servers.
Serverless computing is a method of providing backend services on an as-used basis. A
Serverless provider allows users to write and deploy code without the hassle of worrying
about the underlying infrastructure. A company that gets backend services from a
Serverless vendor is charged based on their computation and do not have to reserve and
pay for a fixed amount of bandwidth or number of servers, as the service is auto-scaling.
Note that despite the name Serverless, physical servers are still used but developers do
not need to be aware of them.
In the early days of the web, anyone who wanted to build a web application had to own
the physical hardware required to run a server, which is a cumbersome and expensive
undertaking.
Then came cloud computing, where fixed numbers of servers or amounts of server space
could be rented remotely. Developers and companies who rent these fixed units of server
space generally over-purchase to ensure that a spike in traffic or activity will not exceed
their monthly limits and break their applications. This means that much of the server space
that gets paid for can go to waste. Cloud vendors have introduced auto-scaling models
to address the issue, but even with auto-scaling an unwanted spike in activity, such as a
DDoS Attack, could end up being very expensive.
Serverless computing allows developers to purchase backend services on a flexible ‘pay-
as-you-go’ basis, meaning that developers only have to pay for the services they use.
This is like switching from a cell phone data plan with a monthly fixed limit, to one that
only charges for each byte of data that actually gets used.
The term ‘Serverless’ is somewhat misleading, as there are still servers providing these
backend services, but all of the server space and infrastructure concerns are handled by
the vendor. Serverless means that the developers can do their work without having to
worry about servers at all.
Image: Cost benefits of Serverless

Reference: https://www.cloudflare.com/learning/serverless/what-is-serverless/

3.13.1 What are the advantages of Serverless computing?
 Lower costs - Serverless computing is generally very cost-effective, as traditional
cloud providers of backend services (server allocation) often result in the user
paying for unused space or idle CPU time.
 Simplified scalability - Developers using serverless architecture don’t have to
worry about policies to scale up their code. The serverless vendor handles all of
the scaling on demand.
 Simplified backend code - With FaaS, developers can create simple functions
that independently perform a single purpose, like making an API call.
 Quicker turnaround - Serverless architecture can significantly cut time to market.
Instead of needing a complicated deploy process to roll out bug fixes and new
features, developers can add and modify code on a piecemeal basis.
 No infrastructure management - Using fully managed services enables
developers to avoid administrative tasks and focus on core business logic. With a
serverless platform, you simply deploy your code and it runs with high availability.
 Dynamic scalability - With serverless computing, the infrastructure dynamically
scales up and down within seconds to match the demands of any workload.
3.13.2 Serverless Application Patterns

Developers build Serverless applications using a variety of application patterns many of
which align with approaches that are already familiar to meet specific requirements and
business needs.
Serverless Functions
Serverless functions accelerate development by using an event-driven model, with
triggers that automatically execute code to respond to events and bindings to seamlessly
integrate additional services. A pay-per-execution model with sub-second billing charges
only for the time and resources it takes to execute the code.
Serverless Kubernetes
Developers bring their own containers to fully managed, Kubernetes-orchestrated
clusters that can automatically scale up and down with sudden changes in traffic on spiky
workloads.
Serverless Workflows
Serverless workflows take a low-code/no-code approach to simplify orchestration of
combined tasks. Developers can integrate different services (either cloud or on-premises)
without coding those interactions, having to maintain glue code or learning new APIs or
specifications.
Serverless Application Environments
With a Serverless application environment, both the back end and front end are hosted
on fully managed services that handle scaling, security and compliance requirements.

Serverless API Gateway
A Serverless API gateway is a centralized, fully managed entry point for Serverless
backend services. It enables developers to publish, manage, secure and analyses APIs
at global scale.
3.13.3 Serverless Services on AWS

Modern applications are built Serverless-first, a strategy that prioritizes the adoption of
Serverless services, so you can increase agility throughout your application stack. We’ve
developed Serverless services for all three layers of your stack: compute, integration, and
data stores. Consider getting started with these services:
AWS Lambda
AWS Lambda is a Serverless compute service that lets you run code without provisioning
or managing servers, creating workload-aware cluster scaling logic, maintaining event
integrations, or managing runtimes. With Lambda, you can run code for virtually any type
of application or backend service - all with zero administration. Just upload your code as
a ZIP file or container image, and Lambda automatically and precisely allocates compute
execution power and runs your code based on the incoming request or event, for any
scale of traffic. You can set up your code to automatically trigger from 140 AWS services
or call it directly from any web or mobile app. You can write Lambda functions in your
favorite language (Node.js, Python, Go, Java, and more) and use both Serverless and
container tools, such as AWS SAM or Docker CLI, to build, test, and deploy your
functions.
AWS Fargate
AWS Fargate is a Serverless compute engine for containers that works with both Amazon
Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS). Fargate
makes it easy for you to focus on building your applications. Fargate removes the need
to provision and manage servers, lets you specify and pay for resources per application,
and improves security through application isolation by design.
Fargate allocates the right amount of compute, eliminating the need to choose instances
and scale cluster capacity. You only pay for the resources required to run your containers,
so there is no over-provisioning and paying for additional servers. Fargate runs each task
or pod in its own kernel providing the tasks and pods their own isolated compute
environment. This enables your application to have workload isolation and improved
security by design. This is why customers such as Vanguard, Accenture, Foursquare, and
Ancestry have chosen to run their mission critical applications on Fargate.
Amazon API Gateway
Amazon API Gateway is a fully managed service that makes it easy for developers to
create, publish, maintain, monitor, and secure APIs at any scale. APIs act as the "front
door" for applications to access data, business logic, or functionality from your backend
services. Using API Gateway, you can create RESTful APIs and WebSocket APIs that

enable real-time two-way communication applications. API Gateway supports
containerized and Serverless workloads, as well as web applications.
API Gateway handles all the tasks involved in accepting and processing up to hundreds
of thousands of concurrent API calls, including traffic management, CORS support,
authorization and access control, throttling, monitoring, and API version management.
API Gateway has no minimum fees or startup costs. You pay for the API calls you receive
and the amount of data transferred out and, with the API Gateway tiered pricing model,
you can reduce your cost as your API usage scales.
Amazon Aurora Serverless
Amazon Aurora Serverless is an on-demand, auto-scaling configuration for Amazon

Aurora. It automatically starts up, shuts down, and scales capacity up or down based on
your application's needs. It enables you to run your database in the cloud without
managing any database capacity.
Manually managing database capacity can take up valuable time and can lead to
inefficient use of database resources. With Aurora Serverless, you simply create a
database endpoint, optionally specify the desired database capacity range, and connect
your applications. You pay on a per-second basis for the database capacity you use when
the database is active, and migrate between standard and Serverless configurations with
a few clicks in the Amazon RDS Management Console.

3.14 Azure Functions for APIs
Activity: This activity focuses on creating Azure Function instances and use it for
creating and deploying Microservices APIs on functions and manage this as API services
through fully manages services available on Azure cloud.
1. Login to Azure Dashboard
2. Select “Function App” or search for “Function App” from search bar
3. On Function App page, select Add button

4. On Create Function App page, enter details,
5. Select Runtime, Region and Version info. Finally click on Review and Create
Button

6. Click on Create as final step to create Function App sample
7. From Apps list, select FunctionDemo App
8. Click on browse or URL to access Function App Sample

Chapter 4: Cloud Modern Application
Development
Learning Outcomes:
 Understand NoSQL databases and its usage
 Use NoSQL database for unstructured data
 Create DevOps tools & pipelines in Azure cloud
 Deploy Docker container images in Azure cloud
 Use Monitoring services for high availability and reliability
 Follow best practices in creating cloud resources
4.1 Concept of NoSQL Databases

NoSQL databases (aka "not only SQL") are non-tabular, and store data differently than
relational tables. NoSQL databases come in a variety of types based on their data model.
The main types are document, key-value, wide-column, and graph. They provide flexible
schemas and scale easily with large amounts of data and high user loads.
When people use the term “NoSQL database”, they typically use it to refer to any non-
relational database. Some say the term “NoSQL” stands for “non SQL” while others say
it stands for “not only SQL.” Either way, most agree that NoSQL databases are databases
that store data in a format other than relational tables.
A common misconception is that NoSQL databases or non-relational databases don’t

store relationship data well. NoSQL databases can store relationship data—they just
store it differently than relational databases do. In fact, when compared with SQL
databases, many find modeling relationship data in NoSQL databases to be easier than
in SQL databases, because related data doesn’t have to be split between tables. NoSQL
data models allow related data to be nested within a single data structure.
NoSQL databases emerged in the late 2000s as the cost of storage dramatically
decreased. Gone were the days of needing to create a complex, difficult-to-manage data
model simply for the purposes of reducing data duplication. Developers (rather than
storage) were becoming the primary cost of software development, so NoSQL databases
optimized for developer productivity.
As storage costs rapidly decreased, the amount of data applications needed to store and
query increased. This data came in all shapes and sizes—structured, semi-structured,
and polymorphic—and defining the schema in advance became nearly impossible.
NoSQL databases allow developers to store huge amounts of unstructured data, giving
them a lot of flexibility.

Additionally, the Agile Manifesto was rising in popularity, and software engineers were
rethinking the way they developed software. They were recognizing the need to rapidly
adapt to changing requirements. They needed the ability to iterate quickly and make
changes throughout their software stack—all the way down to the database model.
NoSQL databases gave them this flexibility.
Cloud computing also rose in popularity, and developers began using public clouds to
host their applications and data. They wanted the ability to distribute data across multiple
servers and regions to make their applications resilient, to scale-out instead of scale-up,
and to intelligent geo-place their data. Some NoSQL databases like MongoDB provided
these capabilities.
4.1.1 What are the Types of NoSQL Databases?

Over time, four major types of NoSQL databases emerged: document databases, key-
value databases, wide-column stores, and graph databases. Let’s examine each type.
 Document databases store data in documents similar to JSON (JavaScript Object

Notation) objects. Each document contains pairs of fields and values. The values
can typically be a variety of types including things like strings, numbers, booleans,
arrays, or objects, and their structures typically align with objects developers are
working with in code. Because of their variety of field value types and powerful
query languages, document databases are great for a wide variety of use cases
and can be used as a general purpose database. They can horizontally scale-out
to accomodate large data volumes. MongoDB is consistently ranked as the world’s
most popular NoSQL database according to DB-engines and is an example of a
document database. For more on document databases, visit What is a Document
Database?
Image: Document Based NoSQL DB

Reference: https://www.guru99.com/nosql-tutorial.html
 Key-value databases are a simpler type of database where each item contains
keys and values. A value can typically only be retrieved by referencing its key, so
learning how to query for a specific key-value pair is typically simple. Key-value
databases are great for use cases where you need to store large amounts of data
but you don’t need to perform complex queries to retrieve it. Common use cases
include storing user preferences or caching. Redis and DynanoDB are popular
key-value databases.

Image: Key-Value NoSQL DB
 Wide-column stores store data in tables, rows, and dynamic columns. Wide-
column stores provide a lot of flexibility over relational databases because each
row is not required to have the same columns. Many consider wide-column stores
to be two-dimensional key-value databases. Wide-column stores are great for
when you need to store large amounts of data and you can predict what your query
patterns will be. Wide-column stores are commonly used for storing Internet of
Things data and user profile data. Cassandra and HBase are two of the most
popular wide-column stores.
Image: Wide Column NoSQL DB

 Graph databases store data in nodes and edges. Nodes typically store
information about people, places, and things while edges store information about
the relationships between the nodes. Graph databases excel in use cases where
you need to traverse relationships to look for patterns such as social networks,
fraud detection, and recommendation engines. Neo4j and JanusGraph are
examples of graph databases.

Image: Wide Column NoSQL DB
4.1.2 How NoSQL Databases Work
One way of understanding the appeal of NoSQL databases from a design perspective is
to look at how the data models of a SQL and a NoSQL database might look in an
oversimplified example using address data.
The SQL Case. For an SQL database, setting up a database for addresses begins with
the logical construction of the format and the expectation that the records to be stored are
going to remain relatively unchanged. After analyzing the expected query patterns, an
SQL database might optimize storage in two tables, one for basic information and one
pertaining to being a customer, with last name being the key to both tables. Each row in
each table is a single customer, and each column has the following fixed attributes:
 Last name :: first name :: middle initial :: address fields :: email address :: phone
number
 Last name :: date of birth :: account number :: customer years :: communication
preferences
The NoSQL Case. In the section Types of NoSQL Databases above, there were four
types described, and each has its own data model.
Each type of NoSQL database would be designed with a specific customer situation in
mind, and there would be technical reasons for how each kind of database would be
organized. The simplest type to describe is the document database, in which it would be
natural to combine both the basic information and the customer information in one JSON
document. In this case, each of the SQL column attributes would be fields and the details
of a customer’s record would be the data values associated with each field.
For example: Last_name: "Jones", First_name: "Mary", Middle_initial: "S", etc

4.1.3 Brief History of NoSQL Databases
 1998- Carlo Strozzi use the term NoSQL for his lightweight, open-source relational
database
 2000- Graph database Neo4j is launched
 2004- Google BigTable is launched
 2005- CouchDB is launched
 2007- The research paper on Amazon Dynamo is released
 2008- Facebooks open sources the Cassandra project
 2009- The term NoSQL was reintroduced
4.1.4 Features of NoSQL

Non-relational
 NoSQL databases never follow the relational model

 Never provide tables with flat fixed-column records
 Work with self-contained aggregates or BLOBs
 Doesn't require object-relational mapping and data normalization
 No complex features like query languages, query planners, referential integrity
joins, ACID
Schema-free
 NoSQL databases are either schema-free or have relaxed schemas

 Do not require any sort of definition of the schema of the data
 Offers heterogeneous structures of data in the same domain
Simple API
 Offers easy to use interfaces for storage and querying data provided
 APIs allow low-level data manipulation & selection methods
 Text-based protocols mostly used with HTTP REST with JSON
 Mostly used no standard based NoSQL query language
 Web-enabled databases running as internet-facing services
Distributed
 Multiple NoSQL databases can be executed in a distributed fashion

 Offers auto-scaling and fail-over capabilities
 Often ACID concept can be sacrificed for scalability and throughput
 Mostly no synchronous replication between distributed nodes Asynchronous Multi-
Master Replication, peer-to-peer, HDFS Replication
 Only providing eventual consistency
 Shared Nothing Architecture. This enables less coordination and higher
distribution.

4.1.5 Advantages of NoSQL
 Can be used as Primary or Analytic Data Source

 Big Data Capability
 No Single Point of Failure
 Easy Replication
 No Need for Separate Caching Layer
 It provides fast performance and horizontal scalability.
 Can handle structured, semi-structured, and unstructured data with equal effect
 Object-oriented programming which is easy to use and flexible
 NoSQL databases don't need a dedicated high-performance server
 Support Key Developer Languages and Platforms
 Simple to implement than using RDBMS
 It can serve as the primary data source for online applications.
 Handles big data which manages data velocity, variety, volume, and complexity
 Excels at distributed database and multi-data center operations
 Eliminates the need for a specific caching layer to store data
 Offers a flexible schema design which can easily be altered without downtime or
service disruption
4.1.6 Disadvantages of NoSQL
 No standardization rules
 Limited query capabilities
 RDBMS databases and tools are comparatively mature
 It does not offer any traditional database capabilities, like consistency when
multiple transactions are performed simultaneously.
 When the volume of data increases it is difficult to maintain unique values as keys
become difficult
 Doesn't work as well with relational data
 The learning curve is stiff for new developers
 Open source options so not so popular for enterprises.
4.1.7 Azure Cosmos DB

Azure Cosmos DB is a fully managed NoSQL database service for modern app
development. Get guaranteed single-digit millisecond response times and 99.999-percent
availability, backed by SLAs, automatic and instant scalability and open-source APIs for
MongoDB and Cassandra. Enjoy fast writes and reads anywhere in the world with turnkey
data replication and multi-region writes. Gain insight over real-time data with no-ETL
analytics using Azure Synapse Link for Azure Cosmos DB.
Guaranteed speed at any scale—even through bursts—with instant, limitless elasticity,

fast reads and multi-master writes, anywhere in the world

Fast, flexible app development with SDKs for popular languages, a native Core (SQL)
API along with APIs for MongoDB, Cassandra and Gremlin and no-ETL (extract,
transform, load) analytics
Ready for mission-critical applications with guaranteed business continuity, 99.999-

percent availability and enterprise-level security
Fully managed and cost-effective serverless database with instant, automatic scaling
that responds to application needs

4.2 Performing CRUD operations with CosmosDB
Activity: This practical activity is to create a NoSQL database using Azure CosmosDB
service and then perform basic operations of create, update, delete and reading through
the database instance.
1. Login to Azure Dashboard
2. Select Azure CosmosDB from the Services List or Search for CosmosDB in search
bar
3. Select Add button

4. On create instance page, enter details, select region, instance type, etc.
5. Click on Review + Create button below
6. Finally click on Create button

7. On resource group page, select deployment from left tab to see deployments. Then
select CosmosDB deployment
8. Select your database instance
9. Click on add container

10. Click on New Container
11. Add new database id name and click OK

12. Click on database name, select new container, add container id & partition key
and click OK
13. Your Cosmas DB is ready for entering data and perform CRUD operations.

4.3 Understanding DevOps with CI/CD Pipelines
What is DevOps?
DevOps is the combination of cultural philosophies, practices, and tools that increases an
organization’s ability to deliver applications and services at high velocity: evolving and
improving products at a faster pace than organizations using traditional software
development and infrastructure management processes. This speed enables
organizations to better serve their customers and compete more effectively in the market.
Image: DevOps Model

Reference: https://aws.amazon.com/devops/what-is-devops/
4.3.1 How DevOps Works
Under a DevOps model, development and operations teams are no longer “siloed.”
Sometimes, these two teams are merged into a single team where the engineers work
across the entire application lifecycle, from development and test to deployment to
operations, and develop a range of skills not limited to a single function.
In some DevOps models, quality assurance and security teams may also become more
tightly integrated with development and operations and throughout the application
lifecycle. When security is the focus of everyone on a DevOps team, this is sometimes
referred to as DevSecOps.
These teams use practices to automate processes that historically have been manual
and slow. They use a technology stack and tooling which help them operate and evolve
applications quickly and reliably. These tools also help engineers independently
accomplish tasks (for example, deploying code or provisioning infrastructure) that
normally would have required help from other teams, and this further increases a team’s
velocity.
4.3.2 Benefits of DevOps

Speed
Move at high velocity so you can innovate for customers faster, adapt to changing markets
better, and grow more efficient at driving business results. The DevOps model enables
your developers and operations teams to achieve these results. For example,
microservices and continuous delivery let teams take ownership of services and then
release updates to them quicker.

Rapid Delivery
Increase the frequency and pace of releases so you can innovate and improve your
product faster. The quicker you can release new features and fix bugs, the faster you can
respond to your customers’ needs and build competitive advantage. Continuous
integration and continuous delivery are practices that automate the software release
process, from build to deploy.
Reliability
Ensure the quality of application updates and infrastructure changes so you can reliably
deliver at a more rapid pace while maintaining a positive experience for end users. Use
practices like continuous integration and continuous delivery to test that each change is
functional and safe. Monitoring and logging practices help you stay informed of
performance in real-time.
Scale
Operate and manage your infrastructure and development processes at scale.

Automation and consistency help you manage complex or changing systems efficiently
and with reduced risk. For example, infrastructure as code helps you manage your
development, testing, and production environments in a repeatable and more efficient
manner.
Improved Collaboration
Build more effective teams under a DevOps cultural model, which emphasizes values
such as ownership and accountability. Developers and operations teams collaborate
closely, share many responsibilities, and combine their workflows. This reduces
inefficiencies and saves time (e.g. reduced handover periods between developers and
operations, writing code that takes into account the environment in which it is run).
Security
Move quickly while retaining control and preserving compliance. You can adopt a DevOps
model without sacrificing security by using automated compliance policies, fine-grained
controls, and configuration management techniques. For example, using infrastructure as
code and policy as code, you can define and then track compliance at scale.
4.3.3 DevOps Practices

The following are DevOps best practices:
Continuous Integration
Continuous integration is a software development practice where developers regularly

merge their code changes into a central repository, after which automated builds and
tests are run. The key goals of continuous integration are to find and address bugs

quicker, improve software quality, and reduce the time it takes to validate and release
new software updates.
Continuous Delivery
Continuous delivery is a software development practice where code changes are

automatically built, tested, and prepared for a release to production. It expands upon
continuous integration by deploying all code changes to a testing environment and/or a
production environment after the build stage. When continuous delivery is implemented
properly, developers will always have a deployment-ready build artifact that has passed
through a standardized test process.
Microservices
The microservices architecture is a design approach to build a single application as a set

of small services. Each service runs in its own process and communicates with other
services through a well-defined interface using a lightweight mechanism, typically an
HTTP-based application programming interface (API). Microservices are built around
business capabilities; each service is scoped to a single purpose. You can use different
frameworks or programming languages to write microservices and deploy them
independently, as a single service, or as a group of services.
Monitoring and Logging
Organizations monitor metrics and logs to see how application and infrastructure
performance impacts the experience of their product’s end user. By capturing,
categorizing, and then analyzing data and logs generated by applications and
infrastructure, organizations understand how changes or updates impact users, shedding
insights into the root causes of problems or unexpected changes. Active monitoring
becomes increasingly important as services must be available 24/7 and as application
and infrastructure update frequency increases. Creating alerts or performing real-time
analysis of this data also helps organizations more proactively monitor their services.
Communication and Collaboration
Increased communication and collaboration in an organization is one of the key cultural

aspects of DevOps. The use of DevOps tooling and automation of the software delivery
process establishes collaboration by physically bringing together the workflows and
responsibilities of development and operations. Building on top of that, these teams set
strong cultural norms around information sharing and facilitating communication through
the use of chat applications, issue or project tracking systems, and wikis. This helps speed
up communication across developers, operations, and even other teams like marketing
or sales, allowing all parts of the organization to align more closely on goals and projects.
Infrastructure as Code
Infrastructure as code is a practice in which infrastructure is provisioned and managed

using code and software development techniques, such as version control and

continuous integration. The cloud’s API-driven model enables developers and system
administrators to interact with infrastructure programmatically, and at scale, instead of
needing to manually set up and configure resources. Thus, engineers can interface with
infrastructure using code-based tools and treat infrastructure in a manner similar to how
they treat application code. Because they are defined by code, infrastructure and servers
can quickly be deployed using standardized patterns, updated with the latest patches and
versions, or duplicated in repeatable ways.
4.3.4 What is a CI/CD pipeline?

A CI/CD pipeline is a series of steps that must be performed in order to deliver a new
version of software. Continuous integration/continuous delivery (CI/CD) pipelines are a
practice focused on improving software delivery using either a DevOps or site reliability
engineering (SRE) approach.
A CI/CD pipeline introduces monitoring and automation to improve the process of

application development, particularly at the integration and testing phases, as well as
during delivery and deployment. Although it is possible to manually execute each of the
steps of a CI/CD pipeline, the true value of CI/CD pipelines is realized through automation.
Elements of a CI/CD pipeline
The steps that form a CI/CD pipeline are distinct subsets of tasks grouped into what is
known as a pipeline stage. Typical pipeline stages include:
 Build - The stage where the application is compiled.

 Test - The stage where code is tested. Automation here can save both time and
effort.
 Release - The stage where the application is delivered to the repository.
 Deploy - In this stage code is deployed to production.
 Validation and compliance - The steps to validate a build are determined by the needs
of your organization. Image security scanning tools, like Clair, can ensure the
quality of images by comparing them to known vulnerabilities (CVEs).
Image: CI/CD Pipeline

Reference: https://www.redhat.com/en/topics/devops/what-cicd-pipeline

4.4 Microservices and Container Applications
4.4.1 What are Microservices?
Microservices - also known as the microservice architecture - is an architectural style that
structures an application as a collection of services that are:
 Highly maintainable and testable

 Loosely coupled
 Independently deployable
 Organized around business capabilities
 Owned by a small team
The microservice architecture enables the rapid, frequent and reliable delivery of large,
complex applications. It also enables an organization to evolve its technology stack.
What sets a microservices architecture apart from more traditional, monolithic

approaches is how it breaks an app down into its core functions. Each function is called
a service, and can be built and deployed independently, meaning individual services can
function (and fail) without negatively affecting the others. This helps you to embrace the
technology side of DevOps and make constant iteration and delivery (CI/CD) more
seamless and achievable.
Image: Microservices vs Monolithic Architecture for Applications

Reference: https://www.redhat.com/en/topics/microservices/what-are-microservices
Think of your last visit to an online retailer. You might have used the site’s search bar to
browse products. That search represents a service. Maybe you also saw
recommendations for related products—recommendations pulled from a database of

shopper preferences. That’s also a service. Did you add an item to an online cart? You
guessed it, another service.
So, a microservice is a core function of an application and it runs independent of other

services, but a microservices architecture is about more than just the loose coupling of
an app’s core functions—it’s about restructuring development teams and interservice
communication in a way that prepares for inevitable failures, future scalability, and new
feature integration.
In the early days of app development, even minimal changes to an existing app required
a wholesale version update with its own quality assurance (QA) cycle, potentially slowing
down many sub-teams. This approach is often referred to as "monolithic" because the
source code for the entire app was built into a single deployment unit (like .war or .ear).
If updates to part of an app caused errors, the whole thing had to be taken offline, scaled
back, and fixed. While this approach is still viable for small applications, growing
enterprises can’t afford downtime.
Microservices can communicate with each other, usually statelessly, so apps built in this
way can be more fault tolerant, less reliant on a single ESB. This also allows dev teams
to choose their own tools, since microservices can communicate through language-
agnostic application programming interfaces (APIs).
4.4.2 What are the benefits of a Microservices architecture?

Microservices give your teams and routines a boost through distributed development. You
can also develop multiple microservices concurrently. This means more developers
working on the same app, at the same time, which results in less time spent in
development.
Ready for market faster
Since development cycles are shortened, a microservices architecture supports more

agile deployment and updates.
Highly scalable
As demand for certain services grows, you can deploy across multiple servers, and
infrastructures, to meet your needs.
Resilient
These independent services, when constructed properly, do not impact one another. This
means that if one piece fails, the whole app doesn’t go down, unlike the monolithic app
model.

Easy to deploy
Because your microservice-based apps are more modular and smaller than traditional,
monolithic apps, the worries that came with those deployments are negated. This requires
more coordination, which a service mesh layer can help with, but the payoffs can be huge.
Accessible
Because the larger app is broken down into smaller pieces, developers can more easily
understand, update, and enhance those pieces, resulting in faster development cycles,
especially when combined with agile development methodologies.
More open
Due to the use of polyglot APIs, developers have the freedom to choose the best
language and technology for the necessary function.
4.4.3 What is a Container?

A container is a standard unit of software that packages up code and all its dependencies
so the application runs quickly and reliably from one computing environment to another.
A Docker container image is a lightweight, standalone, executable package of software
that includes everything needed to run an application: code, runtime, system tools,
system libraries and settings.
Container images become containers at runtime and in the case of Docker containers -
images become containers when they run on Docker Engine. Available for both Linux and
Windows-based applications, containerized software will always run the same, regardless
of the infrastructure. Containers isolate software from its environment and ensure that it
works uniformly despite differences for instance between development and staging.
Image: Containerized Application

Reference: https://www.docker.com/resources/what-container#

4.4.4 Comparing Containers and Virtual Machines
Containers and virtual machines have similar resource isolation and allocation benefits,
but function differently because containers virtualize the operating system instead of
hardware. Containers are more portable and efficient.
Image: Container vs Virtual Machine

Reference: https://www.docker.com/resources/what-container#
Containers
Containers are an abstraction at the app layer that packages code and dependencies
together. Multiple containers can run on the same machine and share the OS kernel with
other containers, each running as isolated processes in user space. Containers take up
less space than VMs (container images are typically tens of MBs in size), can handle
more applications and require fewer VMs and Operating systems.
Virtual Machines
Virtual machines (VMs) are an abstraction of physical hardware turning one server into
many servers. The hypervisor allows multiple VMs to run on a single machine. Each VM
includes a full copy of an operating system, the application, necessary binaries and
libraries - taking up tens of GBs. VMs can also be slow to boot.
4.4.5 Why Containers?

Agility
When developers build and package their applications into containers and provide them
to IT to run on a standardised platform, this reduces the overall effort to deploy
applications and can streamline the whole dev and test cycle. This also increases
collaboration and efficiency between dev and operations teams to ship apps faster.

Portability
Containers provide a standardized format for packaging and holding all the components
necessary to run the desired application. This solves the typical problem of “It works on
my machine” and allows for portability between OS platforms and between clouds. Any
time a container is deployed anywhere, it executes in a consistent environment that
remains unchanged from one deployment to another. You now have a consistent format,
from dev box to production.
Rapid scalability
Since containers do not have the overhead typical of VMs, including separate OS
instances, many more containers can be supported on the same infrastructure. The
lightweight nature of containers means they can be started and stopped quickly, unlocking
rapid scale-up and scale-down scenarios.

4.5 Creating Container in Azure to Deploy Docker Images
Activity: This activity creates a container application in Azure cloud using Docker
images. It allows user to create container service in Azure and then push the Docker
images to container repository to deploy image in orchestrated environment of container
service.
1. Login to dashboard of Azure and then search for container registry. On registry
page, click add
2. Add registry name, other details and click on Review + Create
3. Your registry would be created. Upload any Docker images to registry and deploy
directly to container instance in next steps

4. Search for container instances, and select add
5. Add details, container instance name, type of instance, started app and click on
Review +Create
6. Finally click on Create

7. Your deployment will be ready in few seconds, then click on resource
8. At container instance, select IP address to visit starter container app

9. To deploy your own example Docker image, follow steps below:
a. Log into Azure- docker login azure
b. Create an ACI context- docker context create aci myacicontext
c. Run a container- docker –context myacicontext run –p 80:80 nginx

4.6 The 5 Pillars of the Well-Architected Framework
Creating a software system is a lot like constructing a building. If the foundation is not
solid, structural problems can undermine the integrity and function of the building.
When architecting technology solutions on Amazon Web Services (AWS), if you neglect
the five pillars of operational excellence, security, reliability, performance efficiency, and
cost optimization, it can become challenging to build a system that delivers on your
expectations and requirements.
Incorporating these pillars into your architecture helps produce stable and efficient
systems. This allows you to focus on the other aspects of design, such as functional
requirements.
4.6.1 Operational Excellence

The Operational Excellence pillar includes the ability to support development and run
workloads effectively, gain insight into their operation, and continuously improve
supporting processes and procedures to delivery business value.
Design Principles
There are five design principles for operational excellence in the cloud:
 Perform operations as code
 Make frequent, small, reversible changes
 Refine operations procedures frequently
 Anticipate failure
 Learn from all operational failures
Best Practices
Operations teams need to understand their business and customer needs so they can
support business outcomes. Ops creates and uses procedures to respond to operational
events, and validates their effectiveness to support business needs. Ops also collects
metrics that are used to measure the achievement of desired business outcomes.
Everything continues to change—your business context, business priorities, customer
needs, etc. It’s important to design operations to support evolution over time in response
to change and to incorporate lessons learned through their performance.
4.6.2 Security
The Security pillar includes the ability to protect data, systems, and assets to take
advantage of cloud technologies to improve your security. You can find prescriptive
guidance on implementation in the Security Pillar whitepaper.
Design Principles
There are seven design principles for security in the cloud:
 Implement a strong identity foundation
 Enable traceability
 Apply security at all layers

 Automate security best practices
 Protect data in transit and at rest
 Keep people away from data
 Prepare for security events
Best Practices
Before you architect any workload, you need to put in place practices that influence
security. You’ll want to control who can do what. In addition, you want to be able to identify
security incidents, protect your systems and services, and maintain the confidentiality and
integrity of data through data protection.
You should have a well-defined and practiced process for responding to security
incidents. These tools and techniques are important because they support objectives
such as preventing financial loss or complying with regulatory obligations.
The Shared Responsibility Model enables organizations that adopt the cloud to achieve
their security and compliance goals. Because AWS physically secures the infrastructure
that supports our cloud services, as an AWS customer you can focus on using services
to accomplish your goals.
4.6.3 Reliability
The Reliability pillar encompasses the ability of a workload to perform its intended function
correctly and consistently when it’s expected to. This includes the ability to operate and
test the workload through its total lifecycle. You can find prescriptive guidance on
implementation in the Reliability Pillar whitepaper.
Design Principles
There are five design principles for reliability in the cloud:
 Automatically recover from failure
 Test recovery procedures
 Scale horizontally to increase aggregate workload availability
 Stop guessing capacity
 Manage change in automation
Best Practices
To achieve reliability, you must start with the foundations—an environment where service
quotas and network topology accommodate the workload. The workload architecture of
the distributed system must be designed to prevent and mitigate failures. The workload
must handle changes in demand or requirements, and it must be designed to detect
failure and automatically heal itself.
Before architecting any system, foundational requirements that influence reliability should
be in place. For example, you must have sufficient network bandwidth to your data center.
These requirements are sometimes neglected (because they are beyond a single
project’s scope).

This neglect can have a significant impact on the ability to deliver a reliable system. In an
on-premises environment, these requirements can cause long lead times due to
dependencies and therefore must be incorporated during initial planning.
With cloud, most of these foundational requirements are already incorporated or may be
addressed as needed. The cloud is designed to be essentially limitless, so it is the
responsibility of AWS to satisfy the requirement for sufficient networking and compute
capacity, while you are free to change resource size and allocation, such as the size of
storage devices, on demand.
4.6.4 Performance Efficiency

The Performance Efficiency pillar includes the ability to use computing resources
efficiently to meet system requirements, and to maintain that efficiency as demand
changes and technologies evolve. You can find prescriptive guidance on implementation
in the Performance Efficiency Pillar whitepaper.
Design Principles
There are five design principles for performance efficiency in the cloud:
 Democratize advanced technologies
 Go global in minutes
 Use serverless architectures
 Experiment more often
 Consider mechanical sympathy
Best Practices
Take a data-driven approach to building a high-performance architecture. Gather data on
all aspects of the architecture, from the high-level design to the selection and
configuration of resource types.
Reviewing your choices on a regular basis ensures you are taking advantage of the
continually evolving Cloud. Monitoring ensures you are aware of any deviance from
expected performance. Make trade-offs in your architecture to improve performance,
such as using compression or caching, or relaxing consistency requirements
The optimal solution for a particular workload varies, and solutions often combine multiple
approaches. Well-Architected workloads use multiple solutions and enable different
features to improve performance.
4.6.5 Cost Optimization

The Cost Optimization pillar includes the ability to run systems to deliver business value
at the lowest price point. You can find prescriptive guidance on implementation in the
Cost Optimization Pillar whitepaper.
Design Principles
There are five design principles for cost optimization in the cloud:
 Implement cloud financial management
 Adopt a consumption model

 Measure overall efficiency
 Stop spending money on undifferentiated heavy lifting
 Analyze and attribute expenditure
Best Practices
As with the other pillars, there are trade-offs to consider. For example, do you want to
optimize for speed to market or for cost? In some cases, it’s best to optimize for speed—
going to market quickly, shipping new features, or simply meeting a deadline—rather than
investing in up-front cost optimization.
Design decisions are sometimes directed by haste rather than data, and as the temptation
always exists to overcompensate rather than spend time benchmarking for the most cost-
optimal deployment. This might lead to over-provisioned and under-optimized
deployments.
Using the appropriate services, resources, and configurations for your workloads is key
to cost savings

4.7 Create Highly Available Multi-Region Deployment
Activity: This practical activity enables learner to create multi region deployment of
application for high availability of resources and therefore, allowing users to access
application all the time, without downtime.
search bar


6. Select Dev/Test option and then select standard free type. Add multiple zone
deployment of your application for high availability

Azure Cloud
by clicking on Browse or URL. Also access monitoring information from monitor
link in options tab on left.

4.8 Azure Monitoring & Messaging Services
Azure monitoring tools are software meant to assist in the different aspects of cloud
infrastructure management and monitoring, centering on Microsoft's cloud computing
platform, Azure. Azure monitoring tools can be provided by either Microsoft or other, third-
party, platforms.
With Azure monitoring services, users can use end-to-end monitoring tools to detect or
diagnose issues in applications or infrastructure, manage Azure in virtual machines (VMs)
or containers, detect bottlenecks and collect data on a large variety of other tasks.
IT teams can use a variety of Azure monitoring tools to provide visibility into their cloud
environment to ensure their workloads run correctly. Insights that monitoring tools can
provide include performance, availability or security metrics. These metrics give an in-
depth view into how an organization's cloud system is working. If something is wrong, or
an IT team needs to troubleshoot an issue, then monitoring tools can be helpful.
4.8.1 Azure Monitor

Full observability into your applications, infrastructure and network. Collect, analyses and
act on telemetry data from your Azure and on-premises environments. Azure Monitor
helps you maximize performance and availability of your applications and proactively
identify problems in seconds.
4.8.2 Features
Unified
Store and analyse all your operational telemetry in a centralised, fully managed, scalable
data store that is optimised for performance and cost.
Intelligent
Test your hypotheses and reveal hidden patterns using the advanced analytic engine,
interactive query language and built-in machine learning constructs.
Open
Integrate with popular DevOps, issue management, IT service management and security
information and event management tools.
4.8.3 Uses
Monitor your applications
Get everything you need to monitor the availability, performance and usage of your web
applications, whether they are hosted on Azure or on-premises. Azure Monitor supports
popular languages and frameworks, such as .NET, Java and Node.js and integrates with
DevOps processes and tools like Azure DevOps, Jira and PagerDuty. Track live metrics
streams, requests and response times and events.

Monitor your infrastructure
Analyse and optimise the performance of your infrastructure, including virtual machines
(VMs), Azure Kubernetes Service (AKS), Azure Storage and databases. Monitor your
Linux and Windows VMs and their health and dependencies—all on a single map.
Monitor your network
Monitor and diagnose networking issues without logging into your virtual machines.
Trigger a packet capture, diagnose routing issues, analyse network security group flow
logs and gain visibility and control over your Azure network.
4.8.4 How Azure Monitor works

Azure Monitor collects monitoring telemetry from a variety of on-premises and Azure
sources. Management tools, such as those in Azure Security Center and Azure
Automation, also push log data to Azure Monitor. The service aggregates and stores this
telemetry in a log data store that is optimised for cost and performance. Analyse data, set
up alerts, get end-to-end views of your applications and use machine learning–driven
insights to quickly identify and resolve problems.
Image: Azure Monitor Working Model
Reference: https://azure.microsoft.com/en-in/services/monitor/#features
4.8.5 Other Monitoring Tools

Azure Advisor is another monitoring tool from Microsoft that can scan resource
configurations and then provide possible actions to improve resources for high availability,
security, performance and cost -- so users can optimize their deployments.
Azure Automation is a tool for admins and developers to automate cloud management
tasks using Azure runbooks. It will monitor for issues or unwanted changes in applications

or configurations. Azure Automation can also monitor and ensure updates for Windows
and Linux workloads on Azure.
Azure Cost Management plus Billing is a tool used to monitor a user's cloud spending.
This tool will break down the costs of specific Azure services and resources.
Azure Service Health monitors active service issues and health advisories. Azure users
can use this tool to monitor the status of events in their cloud environment and to plan
ahead for maintenance.
Azure Network Watcher offers network monitoring for network performance. This tool
can provide insights and metrics on Azure Virtual Networks (VNet), VMs and application
gateways. Users can make use of this tool to identify network issues, to enable or disable
resource logs in an Azure VNet, and to view network metrics.
Azure Resource Health allows users to diagnose and receive support for service
problems in Azure, specifically relating to its use of resources. Azure Resource Health
also monitors the current and past health of an organization's resources.
4.8.6 Messaging services on Azure

Reliably connect hybrid applications using messaging services. Messaging services on
Azure provide the interconnectivity between components and applications that are written
in different languages and hosted in the same cloud, multiple clouds or on-premises. Use
message queues or topics to send messages without concerns of consumer availability
and to help balance varying workload throughput.
Service Bus
 Reliable cloud messaging as a service (MaaS) and simple hybrid integration.

 Build reliable and elastic cloud apps with messaging
 Protect your application from temporary spikes in traffic
 Decouple your applications from each other
 Connect your existing on-premises systems to cloud solutions
 Distribute messages to multiple independent back-end systems
 Scale out ordered messaging to multiple readers
 Enable existing Java Message Service (JMS) applications to talk to Service Bus
Event Grid
Get reliable event delivery at massive scale. Simplify your event-based apps with Event
Grid, a single service for managing routing of all events from any source to any
destination. Designed for high availability, consistent performance and dynamic scale,
Event Grid lets you focus on your app logic rather than infrastructure.
Event Hubs
Simple, secure and scalable real-time data ingestion. Event Hubs is a fully managed, real-
time data ingestion service that is simple, trusted and scalable. Stream millions of events

per second from any source to build dynamic data pipelines and immediately respond to
business challenges. Keep processing data during emergencies using the geo-disaster
recovery and geo-replication features.
Integrate seamlessly with other Azure services to unlock valuable insights. Allow existing
Apache Kafka clients and applications to talk to Event Hubs without any code changes—
you get a managed Kafka experience without having to manage your own clusters.
Experience real-time data ingestion and micro-batching on the same stream.
Azure Relay
The Azure Relay service enables you to securely expose services that run in your
corporate network to the public cloud. You can do so without opening a port on your
firewall, or making intrusive changes to your corporate network infrastructure. The relay
service supports the following scenarios between on-premises services and applications
running in the cloud or in another on-premises environment.
 Traditional one-way, request/response, and peer-to-peer communication

 Event distribution at internet-scope to enable publish/subscribe scenarios
 Bi-directional and unbuffered socket communication across network boundaries
Azure Relay differs from network-level integration technologies such as VPN. An Azure
relay can be scoped to a single application endpoint on a single machine. The VPN
technology is far more intrusive, as it relies on altering the network environment.
Queue Storage
 Durable queues for large-volume cloud services.

 Rich client libraries for .NET, Java, Android, C++, Node.js, PHP, Ruby and Python
 Data accessible via the REST API
Azure SignalR Service
Easily add real-time web functionality to applications. With Azure SignalR Service, adding
real-time communications to your web application is as simple as provisioning a service—
no need to be a real-time communications guru!
Focus on your core business instead of managing infrastructure. You do not have to
provision and maintain servers just because you need real-time features in your solution.
SignalR Service is fully managed which makes it easy to add real-time communication
functionality to your application. No more worrying about hosting, scalability, load
balancing and such details!
Take advantage of the full spectrum of Azure services. Benefit from everything Azure has
to offer! Easily integrate with services such as Azure Functions, Azure Active Directory,
Azure Storage, Azure App Service, Azure Analytics, Power BI, IoT, Cognitive Services,
Machine Learning and more.

Azure HDInsight
Enterprise-ready, managed cluster service for open-source analytics. Run popular open-
source frameworks—including Apache Hadoop, Spark, Hive, Kafka, and more—using
Azure HDInsight, a customizable, enterprise-grade service for open-source analytics.
Effortlessly process massive amounts of data and get all the benefits of the broad open-
source project ecosystem with the global scale of Azure. Easily migrate your big data
workloads and processing to the cloud.
 Open-source projects and clusters are easy to spin up quickly without the need to
install hardware or manage infrastructure
 Big data clusters reduce costs through autoscaling and pricing tiers that allow you
to pay for only what you use
 Enterprise-grade security and industry-leading compliance with more than 30
certifications helps protect your data
 Optimized components for open-source technologies such as Hadoop and Spark
keep you up to date
Notification Hubs
 Send push notifications to any platform from any back end

 Reach all major platforms—iOS, Android, Windows, Kindle, Baidu
 Use any back end, in the cloud or on-premises
 Fast broadcast push to millions of mobile devices with single API call
 Tailor push notifications by customer, language and location
 Dynamically define and notify customer segments
 Scale instantly to millions of mobile devices
Azure IoT Hub
Managed service for bidirectional communication between IoT devices and Azure. Enable
highly secure and reliable communication between your Internet of Things (IoT)
application and the devices it manages. Azure IoT Hub provides a cloud-hosted solution
back end to connect virtually any device. Extend your solution from the cloud to the edge
with per-device authentication, built-in device management and scaled provisioning.

4.9 Create Monitored Resources in Cloud
Activity: This practical activity enables learner to understand and create monitoring
service in Azure cloud for application monitoring. It allows to create alerts on certain
conditions.
search bar


6. Select Dev/Test option and then select standard Free type. Also, add monitoring
service from Monitor tab. Just enable the service for monitoring. (Note: Automated
Monitoring available for .NET type application only. For others, use SDK)

Azure Cloud
by clicking on Browse or URL. Also access monitoring information from monitor
link in options tab on left.

References
1. https://docs.microsoft.com/en-us/azure
2. https://azure.microsoft.com/en-in/get-started/
3. https://www.javatpoint.com/cloud-computing-tutorial
4. https://www.javatpoint.com/linux-directories
5. https://docs.microsoft.com/en-us/azure/virtual-machines/windows/quick-create-
portal
6. https://docs.microsoft.com/en-us/azure/virtual-machines/linux/quick-create-portal
7. https://docs.microsoft.com/en-us/azure/virtual-network/quick-create-portal
8. https://docs.microsoft.com/en-us/azure/storage/common/storage-introduction
9. https://docs.microsoft.com/en-us/learn/modules/azure-compute-fundamentals/
10. https://azure.microsoft.com/en-in/global-infrastructure/
11. https://docs.microsoft.com/en-in/azure/
12. https://docs.microsoft.com/en-us/learn/modules/network-fundamentals/
13. https://docs.microsoft.com/en-us/learn/modules/network-fundamentals/2-network-
types-topologies
14. https://docs.microsoft.com/en-us/learn/modules/network-fundamentals/4-network-
protocols
15. https://www.networkcomputing.com/networking/cisco-networking-basics-ip-
addressing
16. https://www.cloudflare.com/learning/network-layer/internet-protocol/
17. https://docs.microsoft.com/en-us/troubleshoot/windows-client/networking/tcpip-
addressing-and-subnetting
18. https://en.wikipedia.org/wiki/Transmission_Control_Protocol
19. https://www.cisco.com/c/en_in/products/security/vpn-endpoint-security-
clients/what-is-vpn.html#~types-of-vpns
20. https://en.wikipedia.org/wiki/Virtual_private_network
21. https://developer.mozilla.org/en-US/docs/Web/HTTP
22. https://www.w3schools.com/whatis/whatis_http.asp
23. https://www.sqlservertutorial.net/sql-server-basics
24. https://docs.microsoft.com/en-us/azure/networking/fundamentals/networking-
overview
25. https://docs.microsoft.com/en-us/azure/mysql/quickstart-create-mysql-server-
database-using-azure-portal
26. https://docs.microsoft.com/en-us/azure/app-service/tutorial-php-mysql-
app?pivots=platform-windows
27. https://docs.microsoft.com/en-us/azure/mysql/quickstart-create-mysql-server-
database-using-azure-portal
28. https://docs.microsoft.com/en-us/azure/azure-sql/database/design-first-database-
tutorial
29. https://docs.microsoft.com/en-us/azure/storage/common/storage-account-
create?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&tabs=azure-portal

30. https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-create-
account-block-blob?tabs=azure-portal
31. https://docs.microsoft.com/en-us/azure/azure-sql/database/single-database-
create-quickstart?tabs=azure-portal
32. https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-data-sync-sql-
server-configure
34. https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal
36. https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-
subnet#:~:text=Go%20to%20the%20Azure%20portal,Settings%2C%20select%20
Subnets%20%3E%20Subnet.
37. https://docs.microsoft.com/en-us/azure/azure-sql/database/single-database-
create-quickstart?tabs=azure-portal
38. https://docs.microsoft.com/en-us/azure/cognitive-services/what-are-cognitive-
services
39. https://azure.microsoft.com/en-in/updates/memcached-cloud-available-in-the-
azure-store
40. https://docs.microsoft.com/en-us/azure/security/fundamentals/services-
technologies
41. https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/privileged-
identity-management-for-active-directory-domain-services
42. https://docs.microsoft.com/en-us/azure/cognitive-services/face/overview
43. https://docs.microsoft.com/en-us/azure/architecture/data-guide/technology-
choices/natural-language-processing
44. https://docs.microsoft.com/en-us/azure/cognitive-services/what-are-cognitive-
services
45. https://docs.microsoft.com/en-us/azure/hdinsight/spark/apache-spark-overview
46. https://docs.microsoft.com/en-us/azure/synapse-analytics/spark/apache-spark-
overview
47. https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/cognitive-
services/text-analytics/includes/quickstarts/python-sdk.md
48. https://docs.microsoft.com/en-us/azure/analysis-services/analysis-services-
overview
49. https://azure.microsoft.com/en-in/blog/first-azure-as/
50. https://www.guru99.com/difference-web-application-website.html
51. https://www.guru99.com/html-vs-html5.html
52. https://www.geeksforgeeks.org/css-introduction/
53. https://www.guru99.com/introduction-to-javascript.html
54. https://www.guru99.com/what-is-php-first-php-program.html
55. https://www.guru99.com/jsp-life-cycle.html
56. https://www.javatpoint.com/html-layout
57. https://www.tutorialspoint.com/php/php_get_post.htm
58. https://www.cloudflare.com/learning/serverless/what-is-serverless/
59. https://azure.microsoft.com/en-in/overview/serverless-computing/

60. https://aws.amazon.com/lambda/?c=ser&sec=srv
61. https://aws.amazon.com/serverless/
62. https://aws.amazon.com/fargate/
63. https://aws.amazon.com/api-gateway/?c=ser&sec=srv
64. https://aws.amazon.com/rds/aurora/serverless/?c=ser&sec=srv
65. https://www.mongodb.com/nosql-explained
66. https://www.guru99.com/nosql-tutorial.html
67. https://www.couchbase.com/resources/why-nosql
68. https://aws.amazon.com/nosql/
69. https://azure.microsoft.com/en-in/overview/nosql-database/
70. https://www.redhat.com/en/topics/devops/what-cicd-pipeline
71. https://www.leapwork.com/blog/how-to-create-a-devops-ci/cd-pipeline-with-
example
72. https://www.azuredevopslabs.com/labs/vstsextend/azuredevopsprojectdotnet/
73. https://aws.amazon.com/devops/what-is-devops/
74. https://microservices.io/
75. https://www.redhat.com/en/topics/microservices/what-are-microservices
76. https://stackify.com/what-are-microservices/
77. https://www.docker.com/resources/what-container
78. https://azure.microsoft.com/en-in/overview/what-is-a-container/#why-containers
79. https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-
framework/
80. https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-
Architected_Framework.pdf
81. https://azure.microsoft.com/en-in/solutions/messaging-services/
82. https://azure.microsoft.com/en-in/services/monitor/
83. https://searchcloudcomputing.techtarget.com/definition/Microsoft-Azure-
monitoring-tools

Cloud Computing Students Handbook - v1.3 - 115444

Uploaded by

Copyright:

Available Formats

You might also like

Cloud Computing Students Handbook - v1.3 - 115444

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cloud Computing Students Handbook - v1.3 - 115444

Uploaded by

Copyright:

Available Formats

2021

LEARNING CLOUD, THE AZURE WAY

Disclaimer: the content is curated for educational purposes only.

© Edunet Foundation. All rights reserved.1

© Edunet Foundation. All rights reserved.2

© Edunet Foundation. All rights reserved.3

© Edunet Foundation. All rights reserved.4

After completing the course, learner should be able to

© Edunet Foundation. All rights reserved.5

1.1 Introduction to Cloud Computing

© Edunet Foundation. All rights reserved.6

Cloud computing is growing now-a-days in the interest of technical and business

1.1.3 Cloud Computing Basics

© Edunet Foundation. All rights reserved.7

1.1.4 Types of Cloud

1.1.5 Types of Cloud Computing Services

© Edunet Foundation. All rights reserved.8

We’ll now discuss some salient features of some of these models –

2. PaaS (Platform as a service) – Delivers development environment as a service. One

© Edunet Foundation. All rights reserved.9

Image: Cloud Service Delivery Models Comparison

1.1.6 Advantages of Using Cloud

© Edunet Foundation. All rights reserved.10

1.1.7 Cloud Architecture

Image: Basics Cloud Computing Architecture

© Edunet Foundation. All rights reserved.11

Image: Virtualization Basics

1.1.8 Cloud Computing Application

© Edunet Foundation. All rights reserved.12

1.1.9 Market Trends of Cloud Computing.

© Edunet Foundation. All rights reserved.13

© Edunet Foundation. All rights reserved.14

Create a Microsoft Azure Account and Login

Click on Start Free

© Edunet Foundation. All rights reserved.15

Create Account using Mail or Phone Number

© Edunet Foundation. All rights reserved.16

Then Click on Sign In

© Edunet Foundation. All rights reserved.17

Click on three vertical line on left side as shown in red block

© Edunet Foundation. All rights reserved.18

© Edunet Foundation. All rights reserved.19

Microsoft Azure Services

© Edunet Foundation. All rights reserved.20

 Cloud bursting- A configuration which is set up between a private cloud and a

© Edunet Foundation. All rights reserved.21

1.3.3 On-premises vs Cloud

Image: Cloud vs On-premise

1.3.4 On-premise vs Cloud.

© Edunet Foundation. All rights reserved.22

1. On Premise Vs Cloud Difference #1: Deployment

© Edunet Foundation. All rights reserved.23

6. On Premise Vs Cloud Difference #6: Mobility

© Edunet Foundation. All rights reserved.24

1.3.5 Introduction to VMs

What is a virtual machine (VM)?

© Edunet Foundation. All rights reserved.25

1.3.6 How virtualization works