Learn Azure Administration E-Book

Learn Azure Administration

Explore cloud administration concepts with networking, computing, storage, and identity management

Kamil Mrzygłód

BIRMINGHAM—MUMBAI

Learn Azure Administration

Copyright © 2023 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Pavan Ramchandani

Publishing Product Manager: Neha Sharma

Book Project Manager: Ashwini Gowda

Senior Editor: Mohd Hammad

Technical Editor: Rajat Sharma

Copy Editor: Safis Editing

Proofreader: Safis Editing

Indexer: Rekha Nair

Production Designer: Shankar Kalbhor

DevRel Marketing Coordinator: MaryLou De Mello

First published: September 2020

Second edition: December 2023

Production reference: 1061223

Published by

Packt Publishing Ltd.

Grosvenor House

11 St Paul’s Square

Birmingham

B3 1RB, UK

ISBN 978-1-83763-611-2

www.packtpub.com

To Klaudia, for being my soulmate for so many years

Contributors

About the author

Kamil Mrzygłód is a technical lead and technology advisor, working with multiple companies on designing and implementing Azure-based systems and platforms. He’s a former Microsoft Azure Microsoft Most Valuable Professional (MVP) and certified trainer, who shares his knowledge via various channels, including conference speeches and open source projects and contributions. Kamil lives in Poland with his two cats and one dog, dedicating some of his time to video games, cooking, and traveling.

About the reviewers

Sasha Kranjac is a Microsoft Regional Director (RD), Microsoft MVP in two categories (the Azure and Security categories), a Microsoft Certified Trainer (MCT), an MCT Regional Lead, Certified EC-Council Instructor (CEI), a CompTIA Instructor, a frequent speaker at various international conferences, user groups, and events, and a book author on cloud security, Microsoft Azure, Microsoft 365, and Windows Server. Sasha is the CEO of Kloudatech, an IT training and consulting company, a Microsoft Partner, an AWS Partner, and a CompTIA Authorized Delivery Partner, as well as the CEO of Kranjac Consulting and Training, a consulting and engineering company, which specializes in cloud security architecture, civil engineering, and CAD design.

Mustafa Toroman is a technology professional and the Chief Technology Officer (CTO) at run.events, a company that provides a platform to organize and manage events. He has over 20 years of experience in the IT industry and has held various technical and leadership positions in companies around the world. Mustafa has a deep understanding of software development, cloud computing, and IT infrastructure management. Mustafa is a Microsoft MVP, a frequent speaker at technology conferences and events, and a community leader, organizing meetups and events. He is also a published author and has written several books on Microsoft technologies and cloud computing.

Table of Contents

About the reviewers

Preface

Part 1: Introduction to Azure for Azure Administrators

1

Azure Fundamentals

Technical requirements

Exploring Azure Resource Manager

Architecture and terminology of ARM

Scopes

Resource groups

Tags

Quotas and limits

Microsoft Entra ID

Terminology

Users and groups

Applications and service principals

Authorization using RBAC and ABAC

RBAC

ABAC

Basic toolset – the Azure CLI, Azure PowerShell, and Cloud Shell

Azure CLI

Azure PowerShell

Cloud Shell

Summary

2

Basics of Infrastructure as Code

Technical requirements

What is IaC?

Exploring ARM templates

Template schema

Creating a deployment

Deployment modes

Creating and deploying a simple template

Listing deployments

Migrating to Azure Bicep

Bicep language

ARM templates and Bicep compatibility

Performing deployments

Decompiling an ARM template to Bicep

Using ACR as a repository of modules

What is ACR?

Creating an ACR instance

Creating a module

Publishing a Bicep module

Using the published Bicep module

Summary

Part 2: Networking for Azure Administrator

3

Understanding Azure Virtual Networks

Technical requirements

Planning and deploying virtual networks

Planning a network in Azure

Deploying a virtual network

Understanding NSGs

How do NSGs work?

Working with NSGs

ASGs

Working with virtual network peerings

How does peering work?

Setting up peerings

Network routing and endpoints

System routes

Custom routes

Service and private endpoints

Summary

4

Exploring Azure Load Balancer

Technical requirements

Overview of Azure Load Balancer

Load balancing in Azure

Components of Azure Load Balancer

Algorithm of Azure Load Balancer

The differences between public and internal load balancers

Delving into backend pools

Adding a frontend IP configuration

Adding a backend pool

Understanding load balancer rules

Creating a load balancer rule

High availability ports

Floating IP

Comprehending health probes

Creating a health probe

Linking a health probe to a load-balancing rule

Differences between probe protocols

Additional guidelines for health probes

Summary

Part 3: Administration of Azure Virtual Machines

5

Provisioning Azure Virtual Machines

Technical requirements

Exploring the sizes and families of Azure VMs

Families and their pricing

Operating systems

Delving into Azure VM storage

Types of disks

Redundancy of disks

Deploying a VM

Deploying a single VM

Connecting to a VM

Connecting using SSH

Connecting using RDP

Connecting with the DNS name

Connecting using Azure Bastion

The availability of Azure VMs

Availability sets

VMSS

Summary

6

Configuring Virtual Machine Extensions

Technical requirements

Using virtual machine extensions

Employing an extension in a Windows Azure Virtual Machine

Using extension in Linux Azure Virtual Machines

Installing extensions

Implementing the Custom Script Extension

Installing software with the Custom Script Extension

Executing a script

What is the Desired State Configuration?

Azure Automation State Configuration

Understanding DSC – general concepts

Summary

7

Configuring Backups

Technical requirements

Protecting VM data

Coping with accidental deletion

Utilizing images and snapshots for securing data

Understanding backup and restore for Azure VMs

Setting up backup for Azure VMs

Recovery of Azure VM

Using Azure Backup Server

Installation platforms

Installation of Azure Backup Server

Exploring Azure Site Recovery

Replication

RTO and RPO targets

Network integration

Configuring Azure Site Recovery

Summary

8

Configuring and Managing Disks

Technical requirements

Expanding on OS and data disks

Shared disks

Encryption

Exploring ephemeral OS disks

Deploying a virtual machine with an ephemeral OS disk

Adding, detaching, and expanding disks

Adding a disk to a virtual machine

Mounting a disk

Detaching disks

Expanding a disk

Swapping OS disks

Summary

Part 4: Azure Storage for Administrators

9

Configuring Blob Storage

Technical requirements

Exploring storage accounts, containers, and blobs

Storage accounts

Containers and blobs

Configuring access tiers in Blob Storage

Hot and cold storage

Configuring the access tier

Configuring the access tier on a blob level

Archive tier

Configuring lifecycle and replication in Blob Storage

Replication of a storage account

Lifecycle of blobs in Blob Storage

Uploading blobs to Blob Storage

Using the Azure CLI to upload a file

Using AzCopy to upload a file

Summary

10

Azure Files and Azure File Sync

Technical requirements

Managing Azure Files (File Service)

Available access protocols

Creating a File Service instance

Creating a File Service share

Mounting a file share

Working with file share snapshots

Creating a file share snapshot

Configuring soft delete

Working with Azure File Sync

Planning for Azure File Sync

Summary

11

Azure Storage Security and Additional Tooling

Technical requirements

Configuring soft delete in Blob Storage

Enabling soft delete for containers

Enabling soft delete for blobs

Use cases for soft delete and versioning in Blob Storage

Using Azure AD for authorization

Azure AD authorization benefits

Data plane and data actions in role-based access control

Examples of roles in Azure for Azure Storage

Using Azure AD in Azure CLI

Using managed identities

Definition of managed identity

Incorporating a managed identity into an application

Considering various options for automation

Automated cleanup of data

SAS token handling

Stored access policies

Rotating access keys

Using the Azure Import/Export service

Azure Import/Export technical details

Azure Import/Export requirements

Preparing disks and configuring the job

Summary

Part 5: Governance and Monitoring

12

Using Azure Policy

Technical requirements

The basics of Azure Policy

Azure Resource Manager and Azure Policy

Deploying policies

Deploying a policy using the Azure CLI

Creating custom policies

Understanding the syntax

Building and deploying custom policy

Simplifying the deployment of policies using initiatives

The idea behind initiatives

When to use initiatives

Reviewing example policies

Policy – secrets should not be active for longer than the specified number of days

Policy – allowed virtual machine size SKUs

Policy – assign a built-in user-assigned managed identity to Virtual Machine Scale Sets

Summary

13

Azure Monitor and Alerts

Technical requirements

Chapter materials

Getting started – an overview of Azure Monitor

Monitoring scenarios

Understanding logs in Azure Monitor

Platform logs

Understanding data types and events in Azure Monitor

Using custom logs

Querying activity logs

Using the Azure CLI to query activity logs

Using the Azure CLI to find correlated events

Implementing custom alerts for Azure infrastructure

Defining an alert

Implementing an alert

Summary

14

Azure Log Analytics

Technical requirements

Getting started – an overview of Azure Log Analytics

Use cases for Azure Log Analytics

Structure of Azure Log Analytics

Using workspaces

Using Azure Log Analytics Workspace

Querying data

The basic syntax of Kusto

Common operators in Kusto

Aggregate functions

Visualizing results

render function

Summary

15

Exploring Network Watcher

Technical requirements

Getting started – an overview of Network Watcher

Network Watcher toolset

Verifying flows

Diagnosing next hops

Visualizing the network topology

Summary

Index

Other Books You May Enjoy

Preface

Cloud computing is one of the cornerstones of today’s IT infrastructure. With platforms such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform, you’re able to build complex computer systems with ease and without any cumbersome management of hardware installation and supplies. Managing cloud platforms, though, is not the same as managing on-premises installations. It is a challenge, which this book intends to help you with.

In this book, you’ll learn about the topics and tasks required by Azure administrators in their day-to-day activities. You can also think about it as a good introduction to the skills required to obtain Azure certifications as the book provides detailed explanations of Azure services and features, knowledge of which is necessary to become a certified Azure specialist.

During the process of writing this book, Microsoft decided to rename Azure Active Directory to Microsoft Entra ID. However, this change doesn’t affect the value of the information contained within the book, so you’ll be able to leverage the concepts described in exactly the same way as you’d have been able to before the rebranding process.

Who this book is for

This book is intended for everyone wanting to understand topics related to managing and configuring infrastructure in Microsoft Azure. As it focuses more on the operational aspects of cloud infrastructure, the main audience is people with experience in infrastructure management (IT administrators, SysOps, and infrastructure support engineers), though it’ll be beneficial to everyone responsible for infrastructure provisioning in Microsoft Azure.

What this book covers

Chapter 1, Azure Fundamentals, offers an introduction to basic Microsoft Azure concepts including core Azure services such as Microsoft Entra ID and Azure Resource Manager.

Chapter 2, Basics of Infrastructure as Code, discusses automated deployments of infrastructure in Azure using ARM templates, Azure Bicep, and Terraform.

Chapter 3, Understanding Azure Virtual Networks, introduces networking in Microsoft Azure, starting with general virtual network concepts, best practices, and configuration options.

Chapter 4, Exploring Azure Load Balancer, sees us implement load balancing in Microsoft Azure using Azure Load Balancer in connection with Azure Virtual Machines.

Chapter 5, Provisioning Azure Virtual Machines, discusses the fundamentals of virtual machines in Microsoft Azure, including concepts such as provisioning, automation, and storage.

Chapter 6, Configuring Virtual Machine Extensions, examines how to configure extensions for virtual machines in Azure to allow you to enhance the configuration and service provisioning process.

Chapter 7, Configuring Backups, shows you how to configure backups for virtual machines using Azure Backup.

Chapter 8, Configuring and Managing Disks, discusses working with managed disks in Microsoft Azure, including different disk types, performance options, and cost optimizations.

Chapter 9, Configuring Blob Storage, examines how to store files in Azure Storage using Blob Storage for future integrations and services.

Chapter 10, Azure Files and Azure File Sync, looks at working with file shares in Microsoft Azure as an alternative to file shares configured on-premises.

Chapter 11, Azure Storage Security and Additional Tooling, uncovers some advanced topics related to storage in Microsoft Azure including replication, security, and automation.

Chapter 12, Using Azure Policy, looks at how to set up automated governance of infrastructure in Microsoft Azure using both built-in and native policies.

Chapter 13, Azure Monitor and Alerts, introduces monitoring in Microsoft Azure with Azure Monitor, including configuring alerts.

Chapter 14, Log Analytics, examines how to aggregate logs in Microsoft Azure with Kusto queries run within a Log Analytics workspace.

Chapter 15, Exploring Network Watcher, shows how to validate and debug network flows in Microsoft Azure using Network Watcher and its capabilities.

To get the most out of this book

To get started with the book, make sure you have access to a Microsoft Azure subscription, and that you are the owner of that subscription. If you don’t have such a subscription, take a look at a free account for Microsoft Azure athttps://azure.microsoft.com/en-us/free.

Software/hardware covered in the book

Operating system requirements

Azure PowerShell

Windows, macOS, or Linux

Azure CLI

Windows, macOS, or Linux

cURL

Windows, macOS, or Linux

PuTTY

Windows, macOS, or Linux

AzCopy

Windows, macOS, or Linux

If you are using the digital version of this book, we advise you to type the code yourself.

Code in Action

The Code in Action videos for this book can be viewed at https://packt.link/GTX9F.

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “Look at one of the returned fields called primaryEndpoints:”

A block of code is set as follows:

Any command-line input or output is written as follows:

Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: “To simplify things for now, we’ll use the basic configuration by clicking on the Create storage button.”

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, email us at [email protected] and mention the book title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Share Your Thoughts

Once you’ve read Learn Azure Administration – Second Edition, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.

Download a free PDF copy of this book

Thanks for purchasing this book!

Do you like to read on the go but are unable to carry your print books everywhere?

Is your eBook purchase not compatible with the device of your choice?

Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.

Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical books directly into your application.

The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content in your inbox daily.

Follow these simple steps to get the benefits:

https://packt.link/free-ebook/9781837636112

Part 1:Introduction to Azure for Azure Administrators

In this part, you’ll learn about the fundamentals of Microsoft Azure, including topics such as basic resource structure, deployment models, identity management, and authorization. You’ll also read about automated deployments of infrastructure, using tools such as ARM templates, Azure Bicep, and Terraform.

This part has the following chapters: