AZ-900

........ AZURE DEEP DIVE ....….

///////////////////////////AZ-900-p1//////////////////////////////

1.What is cloud computing ?

> It is a delivery of computing services including servers, storage, databases,

networking, software, analytics over the internet (“the cloud”) on a pay-as-you-go
basis.

> Instead of owning physical servers or infrastructure, users can access these resources
remotely from cloud service providers.

Ex: Netflix, Salesforce, Dropbox etc.

Cloud providers :

Cloud providers are companies that offer cloud computing services and infrastructure to
businesses and individuals. Here are some of the major cloud providers:

Ex: Netflix: Salesforce: Dropbox etc.

//Definition: Cloud computing means using remote servers hosted on the internet to store,
manage, and process data, instead of using local servers or personal computers.

2.Why do we use cloud computing ?

1. Cost Efficiency: Cloud computing allows businesses to avoid upfront infrastructure

costs and pay only for what they use, reducing capital expenditure.

2. Scalability: Cloud services offer the ability to scale resources up or down quickly based
on demand, enabling organizations to adapt to changing needs without investing in
additional hardware.
3.
4. Accessibility: Cloud resources can be accessed from anywhere with an internet
connection, enabling remote work and collaboration among teams.

5. Reliability: Cloud providers typically offer high availability, redundancy, and disaster
recovery features to ensure continuous operation and data protection.
6. Innovation: Cloud computing provides access to a wide range of services and tools for
developing, deploying, and managing applications, enabling faster innovation and time-
to-market for businesses.

3.When do we use cloud computing ?

Cloud computing is used in various scenarios, including:

1. Application Hosting: Hosting web applications, mobile apps, and APIs in the cloud for easy
access and scalability.
2. Data Storage and Backup: Storing and backing up data in the cloud to ensure
accessibility, redundancy, and disaster recovery.
3. Development and Testing: Building, testing, and deploying applications in cloud
environments to streamline the development process.
4. Disaster Recovery: Using cloud services for backup and disaster recovery to ensure
business continuity in case of data loss or system failures.

//////////////////////////// topic s to learn //////////////////////////////////////////

Cloud Service Models: Learn about Infrastructure as a Service (IaaS), Platform as a
Service (PaaS), and Software as a Service (SaaS). Understand the differences between
these service models and when to use each one.
Cloud Deployment Models: Explore public, private, and hybrid cloud deployment
models. Understand the characteristics, benefits, and use cases of each deployment
model.
Cloud Providers: Familiarize yourself with major cloud service providers such as
Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and IBM
Cloud. Learn about their core services, pricing models, and certification programs.
Cloud Security: Study cloud security principles, best practices, and compliance
frameworks. Learn about identity and access management (IAM), encryption, network
security, and data protection in cloud environments.
Networking in the Cloud: Understand networking concepts specific to cloud
computing, such as virtual private clouds (VPCs), subnets, load balancing, and content
delivery networks (CDNs). Learn how to design and configure secure and scalable cloud
networks.
Storage and Data Management: Explore cloud storage options such as object storage,
block storage, and file storage. Learn about data lifecycle management, backup and
disaster recovery, and database services offered by cloud providers.
 Cloud service models :
 Service models :
1.IAAS : Infrastructure As A Service Provides Virtual Computing
Resources Over The Internet.
>NO WORRIES about underlying the physical machine
>EVERYTHING IS MANAGED BY USER ONLY, CLOUD PROVIDER JUST
PROVIDES SERVER, STORAGE AND NETWORK.
YOU HAVE TO MANAGE DATA, APPS, OS, RUNTIME ETC.
Ex : AWS EC2, Azure Virtual Machines.

2.PAAS :DON’T HAVE CONTROL OVER UNDERLYING ARCHITECHTURE

INCLUDING OS, STORAGE, SERVERS ETC.
>THE CLOUD PROVIDER PROVIDES ABILITY TO DEPLOY THE CUSTOMER
CREATED APPS BY USING PROGRAMING LANGUAGES, TOOLS ETC. THAT
ARE PROVIDED BY THE CLOUD PROVIDER.
> USED FOR> THEY WANT TO CODE BUT THEY DON’T WANT TO MAINTAIN
THE SERVERS AND OS, STORAGE ETC.
MANAGED BY user DATA AND APPS.
Ex: Google App Engine, Azure App Service

3.SAAS : SOFTWARE AS A SERVICE IS CLOUD PROVIDER LEASES AN

APPLICATION OR SOFTWARE WHICH ARE OWNED BY THEM AND PROVIDE
IT TO THE CLIENTS.
>USED FOR > CLIENTS JUST USE THE APPLICATION, BUT THEY DON’T WANT
TO CODE OR MAINTAIN THE SERVERS DATACENTERS ETC.
MANAGED BY YOU IS DATA.

> EX : SALESFORCE, GMAIL.

Here's a comparison of these cloud service models:

Service
Model Description Example Providers
Provides virtualized computing resources (servers, storage, AWS EC2, Azure Virtual Machines,
IaaS networking) over the internet. Google Compute Engine
 Service
Model Description Example Providers
Offers a platform for building, deploying, and managing Heroku, Google App Engine, Azure
PaaS applications without managing the infrastructure. App Service
Delivers software applications over the internet on a
SaaS subscription basis. Gmail, Office 365, Salesforce

Azure App Service is a platform-as-a-service (PaaS) offering provided by Microsoft

Azure that allows developers to build, deploy, and scale web applications and APIs
quickly and easily.

Cloud Deployment models

 Public cloud
 Private cloud
 Hybrid cloud

1. Public cloud : In a public cloud deployment model, cloud services are provided over
the internet by third-party service providers.

I understand that in a public cloud deployment model,

>the infrastructure and services are managed and maintained by third-party providers
like AWS, Azure, or Google Cloud.
> These providers offer a wide range of services, including servers, storage, virtual
machines, and networking infrastructure.

>The term 'public' indicates that these services are accessible PUBLICLY over the internet.
EX : Amazon aws, Microsoft Azure, Google Cloud Platform, and IBM Cloud.

2. Private cloud : In a private cloud deployment model,

Private cloud deployment means a company has its own exclusive cloud system, giving it more
control and security. But it costs more and needs careful planning.
>Companies should think about what they need and what they can afford before choosing this
option.
EX : private Research Institutions, private companies Etc.

3. Hybrid cloud :
The hybrid cloud deployment model is a way of organizing computing resources where a
company uses a combination of both private and public clouds to run its applications and store
its data.
Hybrid cloud lets you mix and match, so you can use your own space for important stuff and
rent extra space or tools when you need them. It's like having the best of both worlds.

Region pair : for availability of our data during worst scenario.

 Microsoft create a paired zone to protect data during the disaster occurs.

 Both regions should be in the same geo-graphic location

 At least 300 miles of separation between the regions pairs.
 Automatic replicate for some services.
 Prioritized region recovery in the event outage.

AVAILABILITY OPTIONS :

These options aim to minimize downtime, maintain service reliability, and maximize uptime.
Some common availability options include:

High Availability: This ensures that applications remain accessible even if one component or
region fails.

1. Fault Domain:
 A fault domain is a logical grouping of hardware within a data center or availability zone
that shares a common power source, cooling, and network connectivity.
 The purpose of fault domains is to minimize the impact of hardware failures or
maintenance events on the availability of services.
 By distributing resources across fault domains, applications can remain available even if
a fault affects one of the domains.
 In Azure, for example, when deploying virtual machines, you can specify the number of
fault domains to which the VMs should be spread to ensure high availability.
2. Update Domain:
 An update domain is a logical grouping of resources that are updated or patched together
during maintenance operations.
 The purpose of update domains is to minimize the risk of service interruptions during
updates or maintenance activities.
 By dividing resources into update domains, updates can be rolled out gradually across the
infrastructure, ensuring that only a subset of resources is affected at any given time.
 This helps maintain the availability and reliability of services during maintenance
windows.
 In Azure, for example, when deploying virtual machine scale sets, you can specify the
number of update domains to control the rolling updates of VM instances.

In summary, fault domains and update domains are mechanisms used to improve the availability
and reliability of services in cloud environments by ensuring that resources are distributed and
managed in a way that minimizes the impact of hardware failures and maintenance operations.
Fault Tolerance:
The goal of fault tolerance is to ensure that the system remains operational and provides
uninterrupted service to users, even if individual components, such as hardware, software, or
network devices, experience failures.

1. Redundancy : This redundancy ensures that if one component fails, another identical
component can seamlessly take over its functions without disrupting the system's
operation. Redundancy can be implemented at various levels, including hardware
redundancy (e.g., duplicate servers), software redundancy (e.g., redundant processes or
services), and data redundancy (e.g., data replication).
2. Failure Detection and Recovery:
Fault-tolerant systems include mechanisms for detecting failures and initiating recovery
procedures automatically. These mechanisms continuously monitor the system's health
and performance, and if a failure is detected, they trigger appropriate actions to restore
normal operation. Recovery procedures may involve restarting failed components,
switching to backup resources, or rerouting traffic to alternative paths.
3. Isolation and Containment: Fault-tolerant systems isolate failures to prevent them from
spreading and affecting other parts of the system. Isolation mechanisms ensure that
failures are contained within the affected components or subsystems, minimizing the
impact on the overall system's availability and performance. Isolation techniques may
include using fault domains, partitioning resources, or implementing isolation
boundaries.
4. Continuous Monitoring and Adaptation:
These capabilities enable the system to dynamically adjust its configuration, resources,
and behavior in real-time to mitigate risks, optimize performance, and maintain
resilience in the face of new challenges or failure scenarios.

Hierarchical Structure of Cloud Computing Infrastructure

where servers are the basic units,

Collection of servers are called data centers

Collection of data centers are called regions

>DAY _2….
USERS : "users" typically refers to individuals or entities that interact with Azure
services and resources to perform various tasks and operations.

GROUPS : "groups" typically refer to collections of users that are managed together
for ease of access control and permissions management.
 ADMINISTRATIVE UNITS : administrative units are like smaller teams within a larger
organization, each with its own set of administrators and permissions.

 LARGER ORGANIZATION ARE DIVIDED INTO SMALLER UNITS OR TEAMS AND

MAINTAIN THEIR OWN SET OF ADMINISTRATORS AND PERMISSIONS.
Difference between blob and file storage

 Blobs are optimized for storing large, unstructured data, images, videos, HTML
documents etc..
 while files are suitable for storing structured data in a file share format. EX :Tables,
Xlsheet, json files etc..
 Blobs are accessed directly via HTTP/HTTPS URLs,(export)
 while files are accessed using standard SMB protocols. [ Server Message Block (SMB) used
for accessing files, printers, and other resources on a network.]
 Blobs are commonly used for media storage, backups, and content distribution,
 files are used for shared file storage and application data.

 Difference between Queue and table.

 Azure Table Storage is a NoSQL data store for storing structured data in tables, suitable
for semi-structured or structured data storage and fast data access.
 Azure Queue Storage is a message queuing service for building asynchronous
communication between distributed applications, suitable for implementing reliable
messaging patterns and decoupling application components.

Azure File Sync simplifies file storage management by providing a seamless way to
synchronize, optimize, and protect your files across on-premises and cloud environments.

Azure Blob storage lifecycle management, you can automate the management of your blob
data, reduce manual intervention, and optimize storage costs effectively. It's a powerful feature
that helps you maintain data lifecycle policies in a scalable and cost-efficient manner.
 you can set a rule to transition blobs to the cool storage tier if they haven't been
accessed for 30 days.

////////////////////////AZ-900 -p2//////////////////////////////

Cloud computing: It is a delivery of computing services including servers, storage,

databases, networking, software, analytics over the internet (“the cloud”).
 Azure services :
  Compute: [provides the compute power like memory and processor] Azure offers
various compute services, including Virtual Machines (VMs), Azure App Service, Azure
Functions, and Azure Kubernetes Service (AKS), for running applications and workloads.

 Storage: Azure provides scalable and durable storage solutions like Blob Storage, File
Storage, Queue Storage, and Table Storage for storing data in the cloud.

Cloud computing concepts

On-Demand Service : This means you can quickly use resources when you need them and
release them when you're done, without the need to invest in physical hardware

Scalability: which means you can easily increase or decrease the amount of resources you use
based on your needs.

Pay-Per-Use Pricing: where you only pay for the resources you consume. This makes it
cost-effective because you don't have to pay for unused capacity.

Reliability and Availability: This ensures that your applications and data are always accessible
and protected.
Security:

5. Azure Governance and Compliance:

Azure governance is like setting rules and organizing things to make sure that everything
runs smoothly and securely in your Microsoft Azure cloud environment.

 Azure Policy: Azure Policy is like a set of rules or guidelines for managing and controlling
your resources in the Azure cloud. Azure Policy helps you keep your cloud environment in order.

Defining the Rule:

Enforcement: Azure Policy checks whether the deployment complies with the rule.
Action: for notification purpose msg or email etc..

 Azure Policy allows you to enforce organizational standards and compliance

requirements by defining and applying policies to Azure resources.
 Sure, here are some examples of policies in Azure:

1. Require Tagging: You can create a policy that requires all resources to have specific
tags, such as "Environment" or "Owner", to help with organization and cost tracking.
2. Restrict Resource Types: You might want to limit the types of resources that users can
deploy, for example, allowing only specific types of virtual machines or storage
accounts.
3. Enforce Encryption: A policy can ensure that all storage accounts or databases are
encrypted to protect sensitive data from unauthorized access.
4. Limit Regions: You can restrict resource deployment to specific Azure regions to ensure
compliance with data sovereignty or regulatory requirements.
5. Budget Controls: Policies can enforce budget limits to prevent overspending, for
example, by automatically shutting down or scaling back resources when costs exceed a
certain threshold.
6. Network Security: You can enforce network security rules, such as blocking inbound
traffic from specific IP ranges or requiring the use of virtual network peering for
communication between resources.
7. Identity and Access Management (IAM): Policies can enforce role-based access
control (RBAC) rules to ensure that users have the appropriate permissions to access
and manage resources.
8. Backup Requirements: You might create a policy that ensures all critical resources have
regular backups configured to prevent data loss.
9. Compliance Checks: Policies can check for compliance with regulatory standards, such
as PCI DSS or GDPR, by verifying resource configurations against predefined rules.
10. Resource Cleanup: A policy can automatically delete or archive resources that have
been inactive for a specified period to reduce clutter and optimize costs.

 Azure Role-Based Access Control (RBAC): RBAC enables you to control access to
Azure resources by assigning roles to users, groups, and applications based on their
permissions.

From portal
 Owner
Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.
Contributor
Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage
assignments in Azure Blueprints, or share image galleries.
Access Review Operator Service Role
Lets you grant Access Review System app permissions to discover and revoke access as needed by the
access review process.
Role Based Access Control Administrator
Manage access to Azure resources by assigning roles using Azure RBAC. This role does not allow you to
manage access using other ways, such as Azure Policy.
User Access Administrator
Lets you manage user access to Azure resources.

IAM identity and Access management often refers to the management of user identities and
access permissions within cloud platforms such as Azure, AWS, or Google Cloud Platform.

GUEST PERMISSIONS
>? IS THAT GUEST CAN ADD MEMBER
> No, a guest user in Azure Active Directory (Azure AD) typically does not have permissions to
add regular members (users) to the Azure AD tenant.

>? IS THAT USER CAN ADD CO-ADMIN ROLE TO GUEST

Yes based on user role and permissions

The roles that can be assigned to guest users in Azure AD

Guest users are external users who are invited to collaborate with an organization's Azure AD
tenant. The roles that can be assigned to guest users in Azure AD depend on the permissions
required for their collaboration activities. Here are some common roles that can be assigned to
guest users in Azure:

1. Guest Inviter: This role allows users to invite guests to collaborate with the organization's
Azure AD tenant. Users assigned this role can send invitations to external users to access
resources within the organization.
2. Member: Guest users can be assigned the Member role to grant them access to specific
resources or applications within the organization. The Member role provides basic access
permissions to resources based on the permissions granted by the resource owner.
3. Contributor: The Contributor role grants guest users the ability to manage and modify Azure
resources within specific resource groups. Guest users with the Contributor role can create,
update, and delete resources, but they cannot grant access to other users.
4. Reader: The Reader role provides guest users with read-only access to view Azure resources
within specific resource groups or subscriptions. Guest users assigned the Reader role can view
resource configurations, but they cannot make any changes.
5. Owner: The Owner role grants guest users full control over Azure resources within specific
resource groups or subscriptions. Guest users with the Owner role can create, update, delete, and
manage resources, as well as grant access to other users.
6. Custom Roles: Organizations can create custom roles with specific permissions tailored to their
collaboration requirements. Guest users can be assigned custom roles with permissions to
perform specific actions on Azure resources based on their collaboration needs.

These are some of the common roles that can be assigned to guest users in Azure AD. The
specific roles available may vary depending on the Azure AD configuration and the permissions
required for collaboration activities within the organization. It's important to carefully consider
the permissions granted to guest users to ensure that they have the appropriate level of access for
their collaboration activities while maintaining security and compliance requirements.

1. Global Administrator :

 Role Definition: The Global Administrator role in Azure Active Directory (AAD) has full
access to manage all aspects of Azure services, including access to all resources and
administrative privileges within Azure AD.
 Responsibilities: Global Administrators can manage user accounts, assign
administrative roles, configure access policies, and perform administrative tasks across
the entire Azure environment.
 Scope: This role is typically assigned to individuals who need unrestricted access to
Azure services and resources, such as IT administrators or system administrators
responsible for managing Azure environments.

2. Service Administrator:

 Role Definition: The Service Administrator role is similar to the Global Administrator
role but has administrative access limited to Azure subscription management.
 Responsibilities: Service Administrators can manage Azure subscriptions, including
creating, modifying, and deleting subscriptions, as well as managing billing, resource
groups, and support requests.
 Scope: This role is usually assigned to individuals responsible for managing Azure
subscriptions and billing within an organization.
 3. Owner:

 Role Definition: The Owner role in Azure Resource Manager (ARM) allows users to
manage all aspects of Azure resources within a subscription, including creating,
modifying, and deleting resources.

 Responsibilities: Owners have full control over all resources within a subscription,
including the ability to grant access permissions to other users and assign roles to
resources.

 Scope: Owners are typically individuals responsible for managing specific projects or
environments within an organization and have full control over the resources associated
with those projects.

4. Co-administrator:

 Role Definition: The Co-administrator role is an older role-based access control (RBAC)
assignment in Azure that grants full administrative access to all resources within a
subscription.
 Responsibilities: Co-administrators have the same privileges as Owners, allowing them
to manage resources, assign roles, and perform administrative tasks within a
subscription.
 Scope: This role was commonly used in older versions of Azure for managing
subscriptions but has largely been replaced by more granular RBAC roles.

5. Custom Role:

 Role Definition: A Custom Role in Azure RBAC allows you to define granular access
permissions tailored to specific job responsibilities or requirements.
 Responsibilities: Custom Roles enable organizations to create fine-grained access
control policies that align with their security and compliance requirements, allowing
them to restrict access to only the necessary resources and actions.
 Scope: Custom Roles are highly flexible and can be created and assigned at the
subscription, resource group, or individual resource level, providing precise control over
access permissions within Azure environments.
 Owner: Owners have full access to all resources and can manage access to resources,
create and delete resources, and manage all aspects of the Azure subscription.
Contributor: Contributors can create and manage all types of Azure resources, but they
cannot grant access to others or manage access control for resources.
Reader: Readers can view resources and resource-related properties within the Azure
subscription, but they cannot make any changes to resources.
User Access Administrator: User Access Administrators can manage user access to
Azure resources, including assigning roles to users and groups within the subscription.
Service Administrator: The Service Administrator role is specific to the Azure
subscription and grants administrative privileges for managing services within the
subscription. This role includes managing billing, support tickets, and service health.
Global Administrator (Azure AD): Global Administrators have full access to manage
users, groups, applications, and settings in Azure Active Directory (Azure AD). This role is
separate from Azure subscription roles but is often involved in managing access to
Azure resources.
Security Administrator (Azure AD): Security Administrators can view and manage
security-related configurations in Azure AD, such as conditional access policies, identity
protection, and security alerts.
Compliance Administrator (Azure AD): Compliance Administrators can view and
manage compliance-related configurations in Azure AD, such as data governance
policies and compliance reports.

These are some of the common administrative roles in Azure that help organizations
manage and secure their Azure resources effectively. Each role has specific permissions
and responsibilities, and assigning roles appropriately ensures that users have the access
they need to perform their tasks while maintaining security and compliance.

1. Manage Users:
 To manage user properties, click on "Users" under "Manage."
 Select the user you want to manage from the list.
 You can then edit various properties such as display name, username, job title,
department, contact information, group memberships, and more.

2. Manage Groups:
 To manage group properties, click on "Groups" under "Manage."
 Select the group you want to manage from the list.
 You can then edit group properties such as name, description, membership, and
group owners.
 Domain Name System (DNS)

It's a distributed system that translates human-readable domain names (like

www.example.com) into numerical IP addresses (like 192.0.2.1) that computers use to locate
resources on the internet002E.

A custom domain is a personalized web address that you own and control, like
'yourcompany.com'. It allows you to create professional email addresses and use them for
authentication purposes across various online services. You can also customize websites and
login pages to match your brand, enhancing your organization's online identity and
professionalism."

 Azure Resource Manager (ARM): ARM allows you to manage and organize Azure
resources by grouping them into resource groups and deploying them using templates.

import java.util.Scanner;

?🤔?
Hey bro its not for you

public class ReverseWords {

public static void main (String [] args) {

// Create a Scanner object to read input from the console

Scanner scanner = new Scanner (System.in);

// Prompt the user to enter a string

System.out.print("Enter a string: ");

// Read the input string

String input = scanner.nextLine();

// Close the scanner to prevent resource leak

scanner. close();

// Split the input string into words

 String [] words = input.split(" ");

// Initialize an empty string to store the reversed output

String reversedOutput = "";

// Iterate through the words array in reverse order

for (int i = words.length - 1; i>= 0; i--) {

// Append each word to the reversed output string

reversedOutput += words[i];

// Append a space after each word (except for the last word)

if (i > 0) {

reversedOutput += " ";

// Print the reversed output

System.out.println("Reversed Output: " + reversedOutput);

}

Azure cloud computing services.

Serverless Computing: like an image cropping and editing and image> it is a single task. runs
without server

IAAS > Infrastructure as a Service (IaaS) provides virtualized computing resources over the
internet, including virtual servers, storage, networking, and virtual machines (VMs), among other
components. Users can provision and manage these resources on-demand, scaling them up or
down based on their requirements without needing to invest in and maintain physical hardware.

PAAS> Platform as a Service (PaaS) provides a cloud-based platform with tools and
services that developers can use to build, deploy, and manage applications without
worrying about the underlying infrastructure. PaaS offerings typically include
programming languages, development frameworks, databases, middleware, and other
tools needed for application development and deployment.

With PaaS, developers can focus on writing code and building applications without the
need to manage the underlying hardware, operating systems, or software infrastructure.

SAAS> Software as a Service (SaaS) platforms often provide applications that allow users to
store and manage data efficiently. These applications are hosted and maintained by the SaaS
provider, and users can access them over the internet without needing to install or maintain any
software locally.
**********************************************************************

IAAS> infrastructure as a service. [provides cloud base services like [storage, networking
resources over the internet

IaaS: Provides users with virtualized computing resources over the internet. Users have the most
control over these resources, including virtual machines, storage, and networking.

EXAMPLE : aws, salesforce.

PAAS >platform as a service. [ provides tools [like various programming languages] over
the internet]

PaaS: While users have control over the applications and data they develop and deploy, the
cloud provider manages the underlying infrastructure, including servers, storage, and
networking.
SAAS >software as a service. [3rd party softwares over the internet]

access to software applications hosted and managed by a third-party provider. Users have the
least control as they only interact with the software application through a web browser or API.
The provider manages all aspects of the application, including infrastructure, middleware,
application software, and data.

All three services are delivered over the internet from a cloud provider's servers to users and
businesses, allowing for scalability, flexibility, and accessibility from anywhere with an internet
connection.

 EXAMPLE : G-mail
 This means that the entire email infrastructure, including servers, storage,
networking, and software, is maintained and managed by Google.
 Users don't need to install or maintain email server software: Unlike traditional
email setups where organizations would need to set up and maintain their own
email servers, with Gmail, Google takes care of all the backend infrastructure
management.
 Users can access Gmail through a web browser or dedicated mobile app:
 Accessibility from anywhere with internet access:

Cloud Deployment models

 Public cloud
 Private cloud
 Hybrid cloud

1. Public cloud deployment model : you only pay for what you use,
 2. In a public cloud deployment model, cloud services are provided over the
internet by third-party service providers.
3. "I understand that in a public cloud deployment model, the infrastructure and
services are managed and maintained by third-party providers like AWS, Azure,
or Google Cloud. These providers offer a wide range of services, including
servers, storage, virtual machines, and networking infrastructure. The term 'public'
indicates that these services are accessible to a broad audience over the internet.
This accessibility and the variety of services offered make public cloud
deployments a popular choice for businesses and organizations looking for
scalability, flexibility, and cost-effectiveness in their IT infrastructure."
4. Private cloud deployment model : a private cloud deployment model
offers organizations greater control, security, and customization over their cloud
infrastructure compared to public clouds. However, it comes with higher costs
and requires careful planning and investment to ensure a successful deployment.
Organizations must weigh the benefits and drawbacks of private cloud
deployment against their specific business requirements and budget constraints.

 Cloud Computing
1. Service Models:
 Infrastructure as a Service (IaaS)
 Platform as a Service (PaaS)
 Software as a Service (SaaS)
2. Deployment Models:
 Public Cloud
 Private Cloud
 Hybrid Cloud
 Community Cloud
 Service Models:
1. Infrastructure as a Service (IaaS):
 Virtual Machines (VMs)
 Storage (e.g., object storage, block storage)
 Networking (e.g., virtual networks, load balancers)
 Containers as a Service (CaaS)
2. Platform as a Service (PaaS):
 Web Hosting Platforms
 Application Development Platforms
 Database Services
 Messaging Services
 Serverless Computing
3. Software as a Service (SaaS):
  Productivity Applications (e.g., email, office suites)
 Customer Relationship Management (CRM) Software
 Enterprise Resource Planning (ERP) Software
 Collaboration Tools
 Content Management Systems (CMS)
 Deployment Models:
1. Public Cloud:
 Multi-tenant environment
 Services accessible over the internet
 Managed by cloud provider
2. Private Cloud:
 Dedicated infrastructure for single organization
 Managed by organization or third-party provider
 Offers greater control and customization
3. Hybrid Cloud:
 Combination of public and private clouds
 Allows workload portability and data sharing
 Provides flexibility and scalability
4. Community Cloud:
 Shared infrastructure for specific community or industry
 Collaborative effort among multiple organizations
 Offers shared benefits and resources
Region pair : for availability during worst scenario.

Microsoft create a paired zone to protect data during the disaster occurs.

 Both regions should be in the same geo-graphic location

 At least 300 miles of separation between the regions pairs.
 Automatic replicate for some services.
 Prioritized region recovery in the event outage.
AVAILABILITY OPTIONS :

These options aim to minimize downtime, maintain service reliability, and maximize uptime.
Some common availability options include:

High Availability: This ensures that applications remain accessible even if one component or
region fails.

update domains in Azure play a crucial role in managing updates, maintaining high availability,
and minimizing disruptions to applications deployed in the cloud. They provide a mechanism for
controlled and gradual updates, ensuring the reliability and resilience of cloud-hosted services.

Fault Tolerance:

The goal of fault tolerance is to ensure that the system remains operational and provides
uninterrupted service to users, even if individual components, such as hardware, software, or
network devices, experience failures.

6. Redundancy : This redundancy ensures that if one component fails, another identical
component can seamlessly take over its functions without disrupting the system's
operation. Redundancy can be implemented at various levels, including hardware
redundancy (e.g., duplicate servers), software redundancy (e.g., redundant processes or
services), and data redundancy (e.g., data replication).
7. Failure Detection and Recovery:
Fault-tolerant systems include mechanisms for detecting failures and initiating recovery
procedures automatically. These mechanisms continuously monitor the system's health
and performance, and if a failure is detected, they trigger a ppropriate actions to restore
normal operation. Recovery procedures may involve restarting failed components,
switching to backup resources, or rerouting traffic to alternative paths.
8. Isolation and Containment: Fault-tolerant systems isolate failures to prevent them from
spreading and affecting other parts of the system. Isolation mechanisms ensure that
failures are contained within the affected components or subsystems, minimizing the
impact on the overall system's availability and performance. Isolation techniques may
include using fault domains, partitioning resources, or implementing isolation
boundaries.
9. Continuous Monitoring and Adaptation:
These capabilities enable the system to dynamically adjust its configuration, resources,
and behavior in real-time to mitigate risks, optimize performance, and maintain
resilience in the face of new challenges or failure scenarios.

Hierarchical Structure of Cloud Computing Infrastructure

where servers are the basic units,

 Collection of servers are called data centers

Collection of data centers are called regions

centers are groups of servers,

By organizing computer resources in this way, cloud providers can ensure reliability, scalability,
and efficient management of services for users around the world.

*******

1. Replicating Data :
 Replication in Azure means making copies of your data and storing them in
different places to keep it safe and available.
 It's like making backup copies of your important files and storing them in
multiple locations to prevent losing them.
2. Types of Replication:
 Azure offers different types of replication for different needs:
 Locally Redundant Storage (LRS): Copies data within the same data
center.

> your data is replicated synchronously.

> the most cost-effective replication option but offers the lowest level of
data durability compared to GRS and ZRS.

 Geo-Redundant Storage (GRS): Copies data across multiple data centers

within the same region,

> asynchronously to a paired region

> In the event of a regional outage or disaster, data can be accessed from
the secondary region, ensuring high availability and data durability.

 Zone-Redundant Storage (ZRS): Copies data across multiple availability

zones within the same region for high availability.
> Data stored in ZRS is replicated synchronously across multiple zones.
> providing resilience against zone-level failures such as power outages,
network failures, or hardware failures.
************

LRS (Locally Redundant Storage):

  With LRS, your data is replicated synchronously within a single data center (or
availability zone in regions that support availability zones).
 This means that your data is stored multiple times within the same data center,
providing redundancy in case of hardware failures or other localized issues.
 LRS is the most cost-effective replication option but offers the lowest level of
data durability compared to GRS and ZRS.
3. GRS (Geo-Redundant Storage):
 GRS builds on LRS by providing additional redundancy across multiple data
centers within the same region, typically at least 300 miles apart for natural
disaster resilience.
 Data stored in GRS is replicated synchronously within the primary region (same
as LRS) and then asynchronously to a paired region.
 In the event of a regional outage or disaster, data can be accessed from the
secondary region, ensuring high availability and data durability.
 GRS provides higher data durability than LRS but comes with higher costs due to
the additional replication.
4. ZRS (Zone-Redundant Storage):
 ZRS is designed for high availability within a single region by replicating
data across multiple availability zones (physically separate data centers)
within that region.
 Data stored in ZRS is replicated synchronously across multiple zones,
providing resilience against zone-level failures such as power outages,
network failures, or hardware failures.
 ZRS offers similar durability and availability guarantees as GRS within a
single region but without the added cost of replication to a secondary
region.

Availability Zones are physically separate data centers within an Azure region, each with
independent power, cooling, and networking infrastructure. Azure provides Availability Zones to
ensure high availability and resiliency for applications and services deployed in the cloud.

Azure Virtual Network (VNet) : VNet is your private space in Azure where you keep your
resources safe, organize them neatly, and connect them securely to the outside world when
needed.

provides a scalable and secure network infrastructure in the cloud, allowing you to create
isolated network environments, connect resources, and control network traffic flow according to
your specific requirements.
 Subnets:
 Within your VNet, you can create smaller groups called subnets to organize your
resources based on their needs or functions.

Address Space:
 You define a range of IP addresses for your VNet, like setting the size of your
network neighborhood.

 NSG: Controls traffic in and out of your virtual network based on rules.
 Firewall: Monitors and filters traffic at network entry and exit points to block
unauthorized access.
 Load Balancer: Distributes incoming traffic across multiple resources to ensure
efficient use and prevent overload.

1. Network Security Group (NSG):

 NSG is like a bouncer at the door of your virtual network. It controls traffic in and
out of your network by allowing or denying specific types of connections based
on rules you set.
 Think of it as a filter that decides which guests (traffic) are allowed into your party
(network) and which ones are turned away.
2. Firewall:
 A firewall is similar to a security guard that monitors and filters traffic at the
entrance and exit points of your network. It inspects the data packets passing
through and blocks any suspicious or unauthorized traffic.
 It's like having security cameras and alarms at the entrances of your building to
detect and prevent intruders from entering.

3. Load Balancer:
 A load balancer is like a traffic cop directing cars on a busy road. It distributes
incoming traffic across multiple servers or resources to ensure they're used
efficiently and no single resource gets overloaded.
 Imagine a load balancer as a traffic signal that distributes cars to different lanes,
preventing congestion and ensuring smooth traffic flow.

Vertical Scaling:
 Definition: Vertical scaling, also known as scaling up or scaling vertically, involves
increasing the capacity or performance of a single server or virtual machine by adding
more resources, such as CPU, memory, or storage.

Horizontal Scaling:

 Definition: Horizontal scaling, also known as scaling out or scaling horizontally, involves
adding more instances of servers or virtual machines to distribute the workload across
multiple machines.

Azure Resource Manager (ARM) templates are JSON files that define the infrastructure and
configuration of Azure resources. allow users to automate the deployment and management of
Azure resources.

A Network Interface Card (NIC), often simply referred to as a "network card" or "Ethernet
card," is a hardware component that enables a computer to connect to a network and
communicate with other device.

public ip : Public IP addresses are used for communication between devices over the
internet. They allow devices to send and receive data to and from other devices on the internet.

Private ip : Private IP addresses are used for communication within a local network. They
allow devices within the same network to communicate with each other without being directly
exposed to the internet.

Int

Az-900.

Foundational Knowledge: Mention that AZ-900 covers fundamental concepts of cloud

computing and specifically focuses on Microsoft Azure services. It assesses understanding of
core Azure services, basic cloud concepts, and Azure pricing and support.