Exam Ref AZ-304 Microsoft Azure architect design certification and beyond : design secure and reliable solutions for the real world in Microsoft Azure / Brett Hargreaves.

Format:

Book

Author/Creator:

Hargreaves, Brett, author.

Language:

English

Subjects (All):

Microsoft Azure (Computing platform).

Physical Description:

1 online resource (520 pages)

Place of Publication:

Birmingham, England ; Mumbai : Packt, [2021]

Biography/History:

Hargreaves Brett: Brett Hargreaves is a principal Azure consultant for Iridium Consulting, who has worked with some of the world's biggest companies, helping them design and build cutting-edge solutions. With a career spanning infrastructure, development, consulting, and architecture, he's been involved in projects covering the entire solution stack using Microsoft technologies. He loves passing on his knowledge to others through books, blogging, and his online training courses.

Summary:

Master the Microsoft Azure platform and prepare for the AZ-304 certification exam by learning the key concepts needed to identify key stakeholder requirements and translate these into robust solutionsKey FeaturesBuild secure and scalable solutions on the Microsoft Azure platformLearn how to design solutions that are compliant with customer requirementsWork with real-world scenarios to become a successful Azure architect, and prepare for the AZ-304 examBook DescriptionThe AZ-304 exam tests an architect's ability to design scalable, reliable, and secure solutions in Azure based on customer requirements. Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond offers complete, up-to-date coverage of the AZ-304 exam content to help you prepare for it confidently, pass the exam first time, and get ready for real-world challenges. This book will help you to investigate the need for good architectural practices and discover how they address common concerns for cloud-based solutions. You will work through the CloudStack, from identity and access through to infrastructure (IaaS), data, applications, and serverless (PaaS). As you make progress, you will delve into operations including monitoring, resilience, scalability, and disaster recovery. Finally, you'll gain a clear understanding of how these operations fit into the real world with the help of full scenario-based examples throughout the book. By the end of this Azure book, you'll have covered everything you need to pass the AZ-304 certification exam and have a handy desktop reference guide.What you will learnUnderstand the role of architecture in the cloudEnsure security through identity, authorization, and governanceFind out how to use infrastructure components such as compute, containerization, networking, and storage accountsDesign scalable applications and databases using web apps, functions, messaging, SQL, and Cosmos DBMaintain operational health through monitoring, alerting, and backupsDiscover how to create repeatable and reliable automated deploymentsUnderstand customer requirements and respond to their changing needsWho this book is forThis book is for Azure Solution Architects who advise stakeholders and help translate business requirements into secure, scalable, and reliable solutions. Junior architects looking to advance their skills in the Cloud will also benefit from this book. Experience with the Azure platform is expected, and a general understanding of development patterns will be advantageous.

Contents:

Cover

Title Page

Copyright and Credits

Dedicated

Contributors

Table of Contents

Preface

Section 1: Exploring Modern Architecture

Chapter 1: Architecture for the Cloud

Introducing architecture

Exploring the transition from monolithic to microservices

Mainframe computing

Personal computing

Virtualization

Web apps, mobile apps, and APIs

Cloud computing

Migrating to the cloud from on-premises

Understanding infrastructure and platform services

IaaS

PaaS

Moving from Waterfall to Agile projects

Waterfall

Agile

IaC

Summary

Chapter 2: Principles of Modern Architecture

Architecting for security

Knowing the enemy

How do they hack?

Defining your strategy

Networking and firewalls

Identity management

Patching

Application code

Data encryption

Defense-in-Depth

User education

Architecting for resilience and business continuity

Defining requirements

Using architectural best practices

Testing and disaster recovery plans

Architecting for performance

Architecting for deployment

Architecting for monitoring and operations

Monitoring for security

Monitoring for resilience

Monitoring for performance

Network monitoring

Monitoring for DevOps and applications

Further reading

Section 2: Identity and Security

Chapter 3: Understanding User Authentication

Differentiating authentication from authorization

Introducing Azure AD

Why AD?

Azure AD versus AD DS

Azure tenants

Azure AD editions

Integrating AD

Cloud native

Azure AD Connect

Password Hash Synchronization

Azure AD PTA

Password Writeback

Seamless SSO

Federated authentication

Azure AD Connect Health

Understanding conditional access, MFA and security defaults

MFA

Security Defaults.

Understanding and setting up CA

Using external identities

Multi-tenancy

Consumer applications - B2C

External user collaboration - B2B

Exam scenario

Chapter 4: Managing User Authorization

Technical requirements

Understanding Azure roles

Classic roles

Azure roles

Azure AD roles

Managing users with hierarchies

Management groups, subscriptions, and resource groups

Controlling access with PIM

Activating PIM

Just-In-Time elevated access

Managing risk with Identity Protection

User risk

Sign-in risk

Exam solution

Chapter 5: Ensuring Platform Governance

Applying tagging

Adding tags manually

Managing tags through Azure PowerShell

Managing tags in ARM templates

Using tags

Understanding Azure policies

Using policies and initiatives

Policy structure

Creating a policy and initiative definition

Assigning an initiative

Viewing the compliance dashboard

Creating a remediation task

Using virtual machine guest configurations

Best practices

Using Azure Blueprints

Creating a blueprint definition

Publishing and assigning a blueprint

Chapter 6: Building Application Security

Introducing Azure Key Vault

Creating a key vault

Managing Key Vault secrets

Using Key Vault keys

Using Key Vault certificates

Access policies

Working with security principals

Creating the service principal

Setting the access policy

Creating the web app

Integrating applications into Azure Active Directory

Deploying a web app

Enabling AD integration

Using managed identities

Assigning a managed identity

Using managed identities in web apps

Exam Scenario

Further reading.

Section 3: Infrastructure and Storage Components

Chapter 7: Designing Compute Solutions

Understanding different types of compute

Comparing compute options

Automating virtual machine management

Architecting for containerization and Kubernetes

Containerization

Azure Kubernetes Service

Pods

Chapter 8: Network Connectivity and Security

Understanding Azure networking options

Understanding IP addressing and DNS in Azure

Understanding subnets and subnet masks

Public IP addresses

Private IP addresses

Azure DNS

Azure private DNS zones

Azure public DNS zones

Implementing network security

Network Security Groups

Application Security Groups

Azure Firewall

Service endpoints

Private endpoint connections

Connectivity

VNET peering

VPN gateways

ExpressRoute

Routing

Load balancing and advanced traffic routing

Azure Load Balancer

Azure Traffic Manager

Application Gateway

Azure Front Door

Choosing the right options

Chapter 9: Exploring Storage Solutions

Understanding storage types

Azure Storage accounts

Data classification

Operational decisions

VM disks

Designing storage security

Network protection

Authorization

Encryption

Auditing

Using storage management tools

Azure Storage REST APIs

AzCopy

Azure Storage Explorer

Chapter 10: Migrating Workloads to Azure

Assessing on-premises systems

The discovery phase

Understanding migration options

Migrating virtual machines and databases

Migrating virtual machines

Migrating databases.

Monitoring and optimizing your migration

Azure Monitor

Azure Cost Management

Azure Advisor

Section 4: Applications and Databases

Chapter 11: Comparing Application Components

Working with web applications

Using deployment slots

App services VNet Integration

Managing APIs with Azure API Gateway

Using API policies

Securing your APIs with subscription keys

Client certificates

OAuth 2.0 and OpenID Connect

Understanding microservices

Using messaging and events

Azure Event Grid

Event Hubs

Storage queues

Azure Service Bus

Chapter 12: Creating Scalable and Secure Databases

Selecting a database platform

Understanding SQL databases

NoSQL databases

Understanding database service tiers

SQL Database tiers

Designing scalable databases

Using read replicas

Using database sharding

Securing databases with encryption

Chapter 13: Options for Data Integration

Understanding data flows

Comparing integration tools

ADLS Gen2

Azure Data Factory

Exploring data analytics

Azure Databricks

Azure Synapse Analytics

Putting it all together

Chapter 14: High Availability and Redundancy Concepts

Understanding virtual machine availability

Fault domains and update domains

Availability Zones

Azure virtual machine scale sets

Understanding Azure storage resiliency options

Understanding SQL database availability

Understanding Cosmos DB availability

Consistency levels

Section 5: Operations and Monitoring.

Chapter 15: Designing for Logging and Monitoring

Understanding logs and storage options

Understanding data types and sources

Understanding log use cases

VM logging and monitoring

Understanding deployment options

Exploring monitoring tools

Activity logs

Azure Metrics

Azure alerts

Log Analytics workspaces

Understanding security and compliance

Azure Security Center

Azure Defender

Azure Sentinel

Using cost management and reporting

Chapter 16: Developing Business Continuity

Understanding recovery solutions

Understanding the Recovery Time Objective (RTO)

Understanding the Recovery Point Objective (RPO)

Understanding Azure Backup options

Planning for Azure Backup

Understanding backup policies

Planning for Site Recovery

Understanding recovery plans

Planning for database backups

Understanding Azure SQL backups

Understanding Cosmos DB backups

Understanding the data archiving options

Chapter 17: Scripted Deployments and DevOps Automation

Exploring provisioning options

Looking at the Azure REST API

Choosing between PowerShell and the Azure CLI

Signing in to Azure

Selecting a subscription

Listing resource groups

Understanding ARM templates

Looking at Azure DevOps

Azure Repos

Azure Pipelines

Azure Artifacts

Section 6: Beyond the Exam

Chapter 18: Engaging with Real-World Customers

Working with customers

Who are my stakeholders?

Gathering requirements

Exploring common goals

Understanding costs

Understanding operational requirements

Understanding performance requirements.

Understanding reliability requirements.

Notes:

Includes index.

Description based on print version record.

ISBN:

1-80056-054-0

OCLC:

1263869838