Azure architecture explained : a comprehensive guide to building effective cloud solutions / David Rendón, Brett Hargreaves.

Format:

Book

Author/Creator:

Rendón, David, author.

Hargreaves, Brett, author.

Language:

English

Subjects (All):

Microsoft Azure (Computing platform).

Computer architecture.

Physical Description:

1 online resource (446 pages)

Edition:

1st ed.

Place of Publication:

Birmingham, England : Packt Publishing, [2023]

Summary:

Enhance your career as an Azure architect with cutting-edge tools, expert guidance, and resources from industry leaders Key Features Develop your business case for the cloud with technical guidance from industry experts Address critical business challenges effectively by leveraging proven combinations of Azure services Tackle real-world scenarios by applying practical knowledge of reference architectures Purchase of the print or Kindle book includes a free PDF eBook Book Description Azure is a sophisticated technology that requires a detailed understanding to reap its full potential and employ its advanced features. This book provides you with a clear path to designing optimal cloud-based solutions in Azure, by delving into the platform's intricacies. You'll begin by understanding the effective and efficient security management and operation techniques in Azure to implement the appropriate configurations in Microsoft Entra ID. Next, you'll explore how to modernize your applications for the cloud, examining the different computation and storage options, as well as using Azure data solutions to help migrate and monitor workloads. You'll also find out how to build your solutions, including containers, networking components, security principles, governance, and advanced observability. With practical examples and step-by-step instructions, you'll be empowered to work on infrastructure-as-code to effectively deploy and manage resources in your environment. By the end of this book, you'll be well-equipped to navigate the world of cloud computing confidently. What you will learn Implement and monitor cloud ecosystem including, computing, storage, networking, and security Recommend optimal services for performance and scale Provide, monitor, and adjust capacity for optimal results Craft custom Azure solution architectures Design computation, networking, storage, and security aspects in Azure Implement and maintain Azure resources effectively.

Contents:

Cover

Title Page

Copyright and Credits

Foreword

Contributors

Table of Contents

Preface

Part 1 - Effective and Efficient Security Management and Operations in Azure

Chapter 1: Identity Foundations with Azure Active Directory and Microsoft Entra

Protecting users' identities and securing the value chain - the importance of IAM in decentralized organizations

Authentication and authorization in Azure

Engaging and collaborating with employees, partners, and customers

The significance of digital identities in the modern IT landscape

Modernizing your IAM with Microsoft Azure AD

Life cycle management

Leveraging the Microsoft Cloud Adoption Framework

Azure AD terminology, explained

Securing applications with the Microsoft identity platform

Securing cloud-based workloads with Microsoft Entra's identity-based access control

Azure AD

Microsoft Entra Permissions Management

Microsoft Entra Verified ID

Microsoft Entra workload identities

Microsoft Entra Identity Governance

Microsoft Entra admin center

Summary

Chapter 2: Managing Access to Resources Using Azure Active Directory

Understanding the need for IAM

Understanding Azure AD (now Microsoft Entra ID)

Exploring the Microsoft Entra ID editions

Microsoft Entra ID Premium P2

Understanding the capabilities of Microsoft Entra ID

Task 1 - creating a new Azure AD tenant using the Azure portal

Task 2 - creating and configuring Azure AD users

Task 3 - creating an Azure AD group with dynamic membership

Hybrid identity - integrating your on-premises directories (Azure AD Connect sync and cloud sync)

Azure AD Connect sync

Azure AD Connect cloud sync

Azure AD Application Proxy

Azure AD Conditional Access

Azure AD PIM

Assigning roles in PIM

Summary.

Chapter 3: Using Microsoft Sentinel to Mitigate Lateral Movement Paths

Understanding the Zero Trust strategy

Understanding lateral movement

Leveraging Microsoft Sentinel to improve your security posture

Collecting data

Detecting threats

Investigating anomalies

Responding to incidents

Enabling Microsoft Sentinel

Global prerequisites

Enabling Microsoft Sentinel using the Bicep language

Enabling Microsoft Sentinel using the Azure portal

Setting up data connectors

Mitigating lateral movements

An Office 365 impersonation following a suspicious Azure AD sign-in

Suspicious inbox manipulation rules set following suspicious Azure AD sign-in

Part 2 - Architecting Compute and Network Solutions

Chapter 4: Understanding Azure Data Solutions

Technical requirements

Understanding Azure storage types

Structured data

Unstructured data

Semi-structured data

Azure storage accounts

Understanding Azure database options

Azure SQL

Azure Cosmos DB

Creating a Cosmos DB account

Chapter 5: Migrating to the Cloud

Understanding migration options

Managing servers

Update management

VM backups

Modernizing applications

Scale sets

Azure App Service/Web Apps

Further modernization

Migrating data

Chapter 6: End-to-End Observability in Your Cloud and Hybrid Environments

Understanding the importance of a monitoring strategy

Working on an effective monitoring strategy

Azure Monitor - a comprehensive solution for observability and efficiency

Components

Data sources

Consumption

Chapter 7: Working with Containers in Azure

Understanding cloud-native applications

Understanding the difference between virtual machines and containers

Terminology

Azure Container Instances.

Working with Azure Container Instances

Creating the Azure Container Registry instance

Pushing a container image to ACR

Creating an Azure Container Instance

Deploying Azure Container Instance for web app

Creating Azure Container Apps

Further reading

Chapter 8: Understanding Networking in Azure

Connectivity in Azure

Design considerations for VNets

Exercise 1 - design and implement a virtual network in Azure

Enabling cross-virtual-network connectivity

Using service chaining to direct traffic to a gateway

The hub-spoke network topology in Azure

Azure virtual NAT

Hybrid networking

Azure VPN Gateway

Site-to-site VPN connections

Point-to-site VPN connections

Azure Virtual WAN

ExpressRoute

Decision tree on network topology

Load balancing

Load balancing non-HTTP(S) traffic

Load balancing HTTP(S) traffic

Network security

Azure DDoS protection

Azure Firewall

Exercise 2 - Azure Firewall - implement secure network access using the Bicep language

Azure WAF

Chapter 9: Securing Access to Your Applications

Designing for security

Securing traffic

SQL database firewalls

Web application VNet integration

Application Gateway

Azure Front Door

What to use and when?

Configuring network-level security

Testing and securing the app

Creating an Azure application gateway

Securing keys and secrets

Using managed identities

Part 3 - Making the Most of Infrastructure-as-Code for Azure

Chapter 10: Governance in Azure - Components and Services

Planning a comprehensive cloud governance strategy

Understanding Azure governance

Azure governance - components and services

Management groups

Azure Policy

Azure Blueprints

Azure Resource Graph.

Microsoft Cost Management

Microsoft Cost Management components

Chapter 11: Building Solutions in Azure Using the Bicep Language

Unlocking the benefits of IaC with Azure Resource Manager

Authoring Bicep files

Bicep file structure

Working with parameters

Parameter data types

Bicep modules

Previewing Azure deployment changes using what-if

Chapter 12: Using Azure Pipelines to Build Your Infrastructure in Azure

Understanding the relationship between continuous integration, continuous delivery, and pipelines

Understanding Azure Pipelines

Configuring Azure DevOps

Configuring Azure Repos

Importing a repository into Azure Repos

Configuring a build pipeline in Azure DevOps using the Classic Editor

Configuring a release pipeline in Azure DevOps using the Classic Editor

Configuring Azure Pipelines with YAML

Chapter 13: Continuous Integration and Deployment in Azure DevOps

DevOps transformation - achieving reliable and efficient software development through CI and CD practices

CI in Azure DevOps using the Classic Editor

CD in Azure DevOps

CI/CD baseline architecture using Azure Pipelines

Building a multistage YAML pipeline

Configuring a new project in Azure DevOps

Configuring CI/CD pipelines with YAML

Chapter 14: Tips from the Field

Azure governance

Azure monitoring

Identity management and protection

Azure networking

Azure containers

Index

Other Books You May Enjoy.

Notes:

Includes index.

Description based on print version record.

ISBN:

9781837637942

1837637946

OCLC:

1396062980