26,99 €
Your roadmap to Microsoft Azure Azure is Microsoft's flagship cloud computing platform. With over 600 services available to over 44 geographic regions, it would take a library of books to cover the entire Azure ecosystem. Microsoft Azure For Dummies offers a shortcut to getting familiar with Azure's core product offerings used by the majority of its subscribers. It's a perfect choice for those looking to gain a quick, basic understanding of this ever-evolving public cloud platform. Written by a Microsoft MVP and Microsoft Certified Azure Solutions Architect, Microsoft Azure For Dummies covers building virtual networks, configuring cloud-based virtual machines, launching and scaling web applications, migrating on-premises services to Azure, and keeping your Azure resources secure and compliant. * Migrate your applications and services to Azure with confidence * Manage virtual machines smarter than you've done on premises * Deploy web applications that scale dynamically to save you money and effort * Apply Microsoft's latest security technologies to ensure compliance to maintain data privacy With more and more businesses making the leap to run their applications and services on Microsoft Azure, basic understanding of the technology is becoming essential. Microsoft Azure For Dummies offers a fast and easy first step into the Microsoft public cloud.
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 401
Microsoft® Azure® For Dummies®
Published by: John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774, www.wiley.com
Copyright © 2020 by John Wiley & Sons, Inc., Hoboken, New Jersey
Published simultaneously in Canada
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the Publisher. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
Trademarks: Wiley, For Dummies, the Dummies Man logo, Dummies.com, Making Everything Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and may not be used without written permission. Microsoft and Azure are registered trademarks of Microsoft Corporation. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.
LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.
For general information on our other products and services, please contact our Customer Care Department within the U.S. at 877-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002. For technical support, please visit https://hub.wiley.com/community/support/dummies.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Control Number: 2020931520
ISBN: 978-1-119-61214-8(pbk); 978-1-119-61218-6 (ebk); 978-1-119-61215-5 (ebk)
Cover
Introduction
About This Book
Foolish Assumptions
Icons Used in This Book
Beyond the Book
Where to Go from Here
Part 1: Getting Started with Microsoft Azure
Chapter 1: Introducing Microsoft Azure
What Is Cloud Computing?
Understanding Cloud Computing Models
Introducing Microsoft Azure Services
Starting Your First Azure Subscription
Chapter 2: Exploring Azure Resource Manager
Introducing Azure Resource Manager
Getting Familiar with Azure Regions
Introducing the Azure Management Tools
Part 2: Deploying Compute Resources to Microsoft Azure
Chapter 3: Managing Storage in Azure
Understanding Azure Storage Data Types
Working with a Storage Account
Introducing Azure Disk Storage
Chapter 4: Planning Your Virtual Network Topology
Understanding Virtual Network Components
Creating a Virtual Network
Configuring Virtual Networks
Connecting Virtual Networks
Chapter 5: Deploying and Configuring Azure Virtual Machines
Planning Your VM Deployment
Recognizing Azure VM Components
Architectural Considerations
Deploying Azure VMs from the Azure Marketplace
Configuring Your VMs
Starting, Stopping, and Resizing VMs
Chapter 6: Shipping Docker Containers in Azure
Understanding Docker
Implementing Azure Container Instances
Storing Images in Azure Container Registry
Introducing Azure Kubernetes Service
Using Containers with Azure App Service
Part 3: Deploying Platform Resources to Microsoft Azure
Chapter 7: Deploying and Configuring Azure App Service Apps
Introducing Azure App Service
Deploying Your First Web App
Configuring a Web App
Monitoring a Web App
Chapter 8: Running Serverless Apps in Azure
Defining Serverless
Working with Azure Functions
Building Workflows with Azure Logic Apps
Chapter 9: Managing Databases in Microsoft Azure
Revisiting the IaaS versus PaaS Question
Comparing Relational and Nonrelational Databases in Azure
Implementing SQL Database
Implementing Azure Cosmos DB
Part 4: Providing High Availability, Scalability, and Security for Your Azure Resources
Chapter 10: Backing Up and Restoring Your Azure Data
Protecting Your Storage Account’s Blob Data
Protecting Your Virtual Machines
Protecting Your App Services
Protecting Your Databases
Chapter 11: Managing Identity and Access with Azure Active Directory
Understanding Active Directory
Creating Users and Groups
Configuring Role-Based Access Control (RBAC)
Touring Azure Advisor
Chapter 12: Implementing Azure Governance
Implementing Taxonomic Tags
Implementing Azure Policy
Part 5: Migrating to Microsoft Azure and Monitoring Your Infrastructure
Chapter 13: Extending Your On-Premises Environment to Azure
Data Migration Options
Server Migration Options
Hybrid Cloud Options
Introducing Azure Arc
Chapter 14: Monitoring Your Azure Environment
Azure Monitor
Azure Log Analytics
Part 6: The Part of Tens
Chapter 15: Top Ten Azure News Resources
Azure Status
Azure Blog
Azure Updates
Azure.Source
Build5Nines Weekly
Azure Weekly (Endjin)
Azure Official YouTube Channel
Channel 9: Azure Friday
Azure Feedback
Tim’s Twitter Feed
Chapter 16: Top Ten Azure Educational Resources
Azure Documentation
Azure Architecture Center
Azure REST API Browser
Microsoft @ edX
Microsoft Learn
Azure Certification
MeasureUp
Meetup
CloudSkills
Pluralsight
Index
About the Author
Connect with Dummies
End User License Agreement
Chapter 3
TABLE 3-1 Replication Protection
Chapter 4
TABLE 4-1 Default Inbound Security Rules
TABLE 4-2 Default Outbound Security Rules
Chapter 5
TABLE 5-1 Windows Server VM Sizes in Azure
Chapter 9
TABLE 9-1 Relational and Nonrelational Databases
TABLE 9-2 SQL Database Products
Chapter 11
TABLE 11-1 Azure AD and AD DS Comparison
TABLE 11-2 Azure AD Edition Comparison
Chapter 12
TABLE 12-1 Common Azure Taxonomic Tagging Patterns
Chapter 13
TABLE 13-1 Azure VPN Gateway SKU Comparison
Chapter 1
FIGURE 1-1: In Azure, you can make a database geographically available with onl...
FIGURE 1-2: A hybrid cloud in which the on-premises corporate network extends t...
FIGURE 1-3: Word Online, part of the Microsoft Office 365 product family, is an...
FIGURE 1-4: The Windows Azure portal, circa 2012.
FIGURE 1-5: The Azure Marketplace includes prebuilt Windows and Linux VM images...
FIGURE 1-6: Signing in to the Azure portal for the first time.
FIGURE 1-7: Viewing your Free Trial subscription in the Azure portal.
Chapter 2
FIGURE 2-1: The Azure Resource Explorer allows you to view the ARM REST API dir...
FIGURE 2-2: You can locate and download the JSON source code behind every Azure...
FIGURE 2-3: Azure management scopes.
FIGURE 2-4: Providing high availability for replica VMs by placing them in avai...
FIGURE 2-5: The Azure portal is your administrative base of operations.
FIGURE 2-6: Enable the Azure development workload in Visual Studio 2019.
FIGURE 2-7: Azure Resource Explorer gives you access to the ARM APIs.
Chapter 3
FIGURE 3-1: Creating a general purpose storage account.
FIGURE 3-2: Configuring advanced storage account options.
FIGURE 3-3: Watching a Microsoft Azure deployment.
FIGURE 3-4: Azure Storage Explorer.
FIGURE 3-5: Try right-clicking everything in Azure Storage Explorer to see what...
FIGURE 3-6: Changing the access tier of a blob in an Azure storage account.
FIGURE 3-7: Azure Cloud Shell and your personal cloud share.
FIGURE 3-8: Use Managed Disk storage for your VMs in Azure.
Chapter 4
FIGURE 4-1: The Azure virtual network infrastructure used in this chapter.
FIGURE 4-2: The completed virtual network configuration.
FIGURE 4-3: Azure generates nifty network diagrams for you.
FIGURE 4-4: NSG1 configuration.
FIGURE 4-5: In the Azure portal, most resources have a context menu from which ...
FIGURE 4-6: Service endpoints secure Azure resources to a particular virtual ne...
FIGURE 4-7: A hub-and-spoke virtual network topology.
Chapter 5
FIGURE 5-1: Azure Marketplace is a one-stop shop for several VM types.
FIGURE 5-2: Availability set on the left; availability zones on the right.
FIGURE 5-3: The Create a Virtual Machine blade.
FIGURE 5-4: Most admins use SSH (with or without Cloud Shell) to manage Linux V...
FIGURE 5-5: Installing the Azure SDKs in Visual Studio 2019.
FIGURE 5-6: Creating a resource group deployment project in Visual Studio 2019.
FIGURE 5-7: The ARM template in the code editor.
FIGURE 5-8: Validating our ARM template.
FIGURE 5-9: Remote Desktop Connection works the same way with Azure VMs as it d...
FIGURE 5-10: Azure VM TCP/IP settings in the Azure portal.
FIGURE 5-11: Use the toolbar to start, stop, or restart a VM in the Azure porta...
FIGURE 5-12: Azure Monitor is a central point for infrastructure and applicatio...
Chapter 6
FIGURE 6-1: The Docker container deployment process.
FIGURE 6-2: Docker Desktop is easily accessible from the Windows notification a...
FIGURE 6-3: Deploying a Docker container using the Azure Container Instance ser...
FIGURE 6-4: Running the IIS web server as a container with the ACI service.
FIGURE 6-5: Retrieving admin credentials from our Azure Container Registry.
FIGURE 6-6: Don’t be fearful when an Azure deployment fails. Read the error mes...
FIGURE 6-7: AKS high-level architecture.
FIGURE 6-8: The Kubernetes Web UI Dashboard.
FIGURE 6-9: A new Azure web app powered by a Docker container.
Chapter 7
FIGURE 7-1: App Service required and optional components.
FIGURE 7-2: An App Service plan provides raw compute power as well as potential...
FIGURE 7-3: Creating an Azure App Service web app.
FIGURE 7-4: Git version control integrates seamlessly with Azure App Service.
FIGURE 7-5: Ensuring that Visual Studio will use Git for source code version co...
FIGURE 7-6: Adding a local Git repository to an Azure App Service web applicati...
FIGURE 7-7: Working with an App Service web app in Visual Studio.
FIGURE 7-8: Committing code changes using Git and Visual Studio.
FIGURE 7-9: App Service Editor allows you to edit your source code in the Azure...
FIGURE 7-10: Publishing a web app to Azure App Service.
FIGURE 7-11: Deployment slots allow you to move among development, staging, and...
FIGURE 7-12: Each deployment slot is a separate instance of your web app.
FIGURE 7-13: The Azure portal gives you visibility into the ramifications of a ...
FIGURE 7-14: Adding a custom domain to your App Service app is nice, but you wa...
FIGURE 7-15: This web app is ready to rock with both custom DNS and TLS/SSL in ...
FIGURE 7-16: Application Insights telemetry data in Visual Studio.
FIGURE 7-17: Application Insights telemetry data in the Azure portal.
Chapter 8
FIGURE 8-1: Logic Apps requires no API knowledge and uses a drag-and-drop workf...
FIGURE 8-2: Azure Function for taking action on uploaded image files.
FIGURE 8-3: Creating an Azure Function App.
FIGURE 8-4: Whoever designed the Function App’s user interface wasn’t paying at...
FIGURE 8-5: Creating a Function inside the Azure portal.
FIGURE 8-6: Our Azure Function in action.
FIGURE 8-7: Understanding the relationship between the Function App and its enc...
FIGURE 8-8: The workflow for an Azure Logic App.
FIGURE 8-9: Dynamic content in a Logic App.
FIGURE 8-10: An email indicating that the Logic App works.
Chapter 9
FIGURE 9-1: You can save time by deploying a preinstalled VM from the Azure Mar...
FIGURE 9-2: Deploying a new Azure SQL Database virtual server.
FIGURE 9-3: Creating an Azure SQL Database database.
FIGURE 9-4: The SQL Database service tier blade.
FIGURE 9-5: Configuring georeplication for Azure SQL Database.
FIGURE 9-6: Georeplicated Azure SQL database with automatic failover configured...
FIGURE 9-7: Querying an Azure SQL Database.
FIGURE 9-8: The Cosmos DB Quick Start blade.
FIGURE 9-9: Cosmos DB Data Explorer is available directly in the Azure portal.
FIGURE 9-10: Use Azure Data Explorer and SQL to query your Cosmos DB Core API i...
FIGURE 9-11: Editing a document in a Cosmos DB collection.
Chapter 10
FIGURE 10-1: Managing blob snapshots in the Azure portal.
FIGURE 10-2: Configuring soft delete for Azure storage account blobs.
FIGURE 10-3: You can back up multiple VMs simultaneously from your Recovery Ser...
FIGURE 10-4: A VM’s Backup blade is your one-stop shop for backup and recovery ...
FIGURE 10-5: Restoring an Azure App Service app.
FIGURE 10-6: Customizing Azure SQL Database automatic backup.
FIGURE 10-7: Create and track Azure support requests on the Help + Support blad...
Chapter 11
FIGURE 11-1: Relationship between Azure AD and Azure subscriptions.
FIGURE 11-2: Moving an Azure subscription to another Azure AD tenant.
FIGURE 11-3: Custom domain names in Azure Active Directory.
FIGURE 11-4: You purchase AD Premium licenses in the Microsoft 365 portal rathe...
FIGURE 11-5: The application access panel is a one-stop shop that lets Azure AD...
FIGURE 11-6: Azure management scopes use inheritance to simplify administration...
FIGURE 11-7: Before (top) and after (bottom) RBAC role assignment.
FIGURE 11-8: Viewing RBAC role assignments at a particular management scope.
FIGURE 11-9: Advisor provides detailed recommendations and sometimes fixes prob...
Chapter 12
FIGURE 12-1: It’s best practice to tag resources during their deployment.
FIGURE 12-2: Tag reporting in the Azure portal.
FIGURE 12-3: Use tags to perform Azure cost analysis.
FIGURE 12-4: Browsing built-in Azure Policy definitions.
FIGURE 12-5: List of Policy assignments.
FIGURE 12-6: Azure Policy blocked this deployment.
Chapter 13
FIGURE 13-1: The Data Box product family.
FIGURE 13-2: Adding tools to an Azure Migrate project.
FIGURE 13-3: Use DMA to assess your local SQL Server databases for Azure readin...
FIGURE 13-4: The DMA tool can perform database migration as well as assessment.
FIGURE 13-5: Deploy Azure VMs based on your own custom VHD images.
FIGURE 13-6: Adding tools to an Azure Migrate server migration project.
FIGURE 13-7: Azure server assessment reports include graphs and table data.
FIGURE 13-8: Representative Azure S2S VPN topology.
FIGURE 13-9: Your Azure VPN gateway needs to be on its own subnet in your virtu...
FIGURE 13-10: ExpressRoute representative topology.
FIGURE 13-11: Arc topology overview.
FIGURE 13-12: Choosing a server onboarding method for Arc.
FIGURE 13-13: Onboarding a Windows Server system to Arc.
FIGURE 13-14: Viewing onboarded local VMs in the Azure portal.
FIGURE 13-15: Viewing an Arc-managed system’s policy settings.
FIGURE 13-16: Verifying policy compliance and remediation status.
FIGURE 13-17: Applying taxonomic tags to an Arc resource.
Chapter 14
FIGURE 14-1: Azure Activity Log records administrative events initiated by you ...
FIGURE 14-2: Viewing the JSON source for an Azure Activity Log event.
FIGURE 14-3: Azure Monitor Diagnostics settings allow you to enable diagnostics...
FIGURE 14-4: Configuring Azure resource diagnostics.
FIGURE 14-5: Verifying the presence of the VM diagnostics extension for an Azur...
FIGURE 14-6: Customizing the diagnostic logging in a Windows Server VM running ...
FIGURE 14-7: Metrics Explorer in Azure Monitor gives you at-a-glance diagnostic...
FIGURE 14-8: Configuring signal logic for an Azure Monitor alert rule.
FIGURE 14-9: Completing the alert rule definition.
FIGURE 14-10: Different ways Azure informs you that an alert rule was triggered...
FIGURE 14-11: Connecting VMs to an Azure Log Analytics workspace.
FIGURE 14-12: Azure Log Analytics Log Search interface.
Chapter 15
FIGURE 15-1: Sometimes, your Azure feedback results in new-product development.
Chapter 16
FIGURE 16-1: Work from the bare metal by using the Azure REST API Browser.
FIGURE 16-2: Find an Azure user group near you.
Cover
Table of Contents
Begin Reading
i
ii
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
331
332
333
334
335
336
337
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
Microsoft Azure is a public cloud service in which you rent compute services from Microsoft that run in Microsoft’s data centers. You pay only for the resources you use over the course of your billing period.
I wrote this book to give you a gentle yet thorough introduction to Microsoft Azure, showing you how it works and why you may want to use it to save your company money, time, effort, and sanity.
You may wonder why you don’t find a large number of Azure–related books in your local bookstores or at online retailers. The answer is quite simple: Azure changes often, so print publishers have a great deal of difficulty keeping up.
I’ve worked with Azure for several years and have regular contact with Azure team members at Microsoft, who find it to be just as time- and effort-intensive to stay current with the technologies as users do.
Thus, I wrote this book with the intention of helping you with the following:
Becoming comfortable with Microsoft Azure:
I give you this comfort by sticking to what Microsoft calls the “80 percent scenarios,” or Azure deployments used by 80 percent of its customer base.
Gaining skill with programmatic deployment:
Along the way, I show you how to use Azure PowerShell, Azure Command-Line Interface (CLI), and Azure Resource Manager (ARM) templates to get your Azure work done. These Azure access methods change less frequently than the Azure portal graphical user interface (GUI).
Becoming comfortable with tools and staying current:
You can expect the Azure portal to change such that what you see on your screen may not match what’s in this book. That’s to be expected! In the last section of the book, “The Part of Tens,” I give you the skills to stay current on your own and not to feel blindsided when Azure looks different today from how it looked yesterday.
I include many web addresses, also called URLs, throughout this book. If Microsoft changes a page address, and the link I provide no longer works, don’t fret! Simply run a Google search for the article title, and you’ll find the updated page address nearly instantly.
Throughout this book, you’ll find dozens of step-by-step procedures. I want you to keep the following points in mind as you work through them:
You need an Azure subscription to follow the steps. If you haven’t already done so, you can create a free Azure account (
https://azure.microsoft.com/free
) that gives you 30 days to spend $200 USD on any Azure service. This quota should get you through this book’s material so long as you delete your deployments when you finish using them.
I often provide sample values that work in my environment but may not work in yours. You should customize these procedures to suit your requirements.
If you require additional software to complete an exercise, I tell you at before the exercise. Software requirements are limited to free Microsoft software to minimize the financial impact that working through this book has on you.
I assume that you have an Internet connection; otherwise, you’d be unable to access Azure (unless you’re using Azure Stack, but that’s a subject for another book).
Finally, most of the Azure administration and development tools are available for Windows, macOS, and Linux. (I used a Windows 10 workstation.)
I wrote this book with several types of readers in mind. See whether you can place yourself roughly or exactly in any of the following descriptions:
You’re an experienced IT professional who needs to know Azure for future initiatives at work.
You’re an IT newcomer who wants to know Azure to futureproof your career.
You’re proficient in other public cloud platforms, such as Amazon Web Services or Google Cloud Platform, and you want to see how Azure compares.
You’re being forced to use Azure for your job.
You’re tasked with convincing your boss and other decision-makers how valuable Azure could be to your business, and you want to make sure that you understand the basics.
You’re already using Azure but want to fill in your knowledge or skills gaps.
Regardless of your present attitude and orientation toward Azure, I hope that by studying this book and applying its methods you can more knowledge about Azure and thereby excel in your profession.
If you’ve read a For Dummies book before, then you’re probably familiar with the icons. If not, or if you want a formal description of each, then read on!
The Tip icon marks tips (duh!) and shortcuts that you can use to make working with Azure easier.
Remember icons mark especially important information. To siphon off the most important information in each chapter, skim the paragraphs that have these icons.
The Technical Stuff icon marks information of a highly technical nature that you can skip.
The Warning icon tells you to watch out! It marks important information that may save you headaches.
Beyond what’s included between the covers of this book, I’ve created a Cheat Sheet that includes tips, tricks, and shortcuts for the Azure services you use over the course of the book. You can find the Cheat Sheet and other information related to this book (such as errata) by visiting https://www.dummies.com and typing Azure For Dummies in the Search box.
Although I’d read this book in order starting with Chapter 1, you may not prefer to use that method. You can dip into any chapter with no formal dependency on those that come before it, so flip to the chapter that you want to begin with, and let’s get to work!
Part 1
IN THIS PART …
Figuring out exactly what “cloud computing” means and how Microsoft Azure fits into the cloud computing picture
Differentiating the different cloud computing deployment and service delivery models
Understanding the basics of Azure Resource Manager
Gaining familiarity with the various Microsoft Azure administrative tools
Chapter 1
IN THIS CHAPTER
Introducing the cloud
Differentiating among the cloud computing models
Introducing the major Microsoft Azure services
Starting your Azure subscription
Welcome to cloud computing, and welcome to Microsoft Azure! I’m not sure what occurred in your professional or personal life to lead you to read this book, but I’m glad you’re here with me. In this chapter, I cover ground-level terminology, beginning with precisely what buzzwords the cloud and cloud computing mean.
By the end of this chapter, you’ll have your very own Azure subscription running at the free tier. Are you excited? I hope so!
My 9-year-old daughter Zoey knows what the cloud is. “It’s where my iPad apps are stored,” she says. “If I delete an app from my iPad, I can download it again from the cloud.” I can’t argue with that.
My 75-year-old mother told me that as far as she’s aware, the cloud is “a part of the Internet where you can save your stuff.” True enough.
Most people use cloud services whether they’re aware of doing so or not. Think of your smartphone. Where do you think your photos, media, files, and settings are being backed up? What is behind your ability to retrieve your content wherever you are in the world, provided that you have an Internet connection?
Do you use a web-hosting company to host your personal website? Where is the physical server that houses your website?
These scenarios are examples of cloud computing, in which you simply rent resources on another organization’s infrastructure.
The resources you rent consist of the following hardware and software components:
Compute:
Compute
is raw computing power — the central processing unit (CPU) and random-access memory (RAM) that form the platform for applications and data.
Storage:
Persistent storage
means you have a place on Microsoft’s servers to store your files and other data. When you save a file to a cloud-hosted storage account, the file should remain in place forever, or at least until you move or delete it.
Network:
Azure provides a software-defined network infrastructure on which you can host your virtual machines and other Azure services. Because the cloud almost always involves an Internet connection,
online
and
cloud
are essentially synonymous. I say “almost always” because a business can create a private cloud that shares most attributes of a public cloud but is local to its private network environment. Microsoft also sells a private, portable version of Azure called Azure Stack.
Analytics:
You’ll never get to touch the cloud provider’s compute, storage, or network resources. The closest you’ll get is viewing its telemetry data in your web browser or from a management app. Thus, Azure and other public cloud providers give you tools to see precisely how much of their services you consume each minute. Cloud analytics also gives you valuable troubleshooting and performance-tuning advice for your cloud infrastructure.
Businesses are interested in using the cloud because it allows them to offload a lot of what’s scary, annoying, and/or expensive about maintaining an on-premises data center, such as the following:
Power:
It’s potentially very expensive to provide electricity to all the equipment necessary to host your applications and services. And what happens if your on-campus data center experiences a utilities outage? When you move your data into the cloud, your provider takes on the risk of these issues.
Capital expenditure:
When you run an on-premises data center, you either rent your physical servers or purchase them outright. As such, you’re responsible for all hardware upgrades and repairs. All that hardware can be expensive too.
Security and configuration overhead:
If you can’t afford local systems administrators, or if your existing resources are stretched thin, it can be too easy to leave a vulnerability in place on an on-premises server that can be compromised by bad actors. By contrast, when you use a public cloud service like Azure, you rely upon Microsoft’s human and machine learning–based threat intelligence to help keep your applications, services, and data safe.
Do you see the trend here? Cloud computing is popular because it’s convenient for the end user and cheaper for the enterprise business. Before I go any further, however, I want to codify what I mean by cloud computing.
The National Institute of Standards and Technology (NIST, pronounced nihst), a research laboratory in the United States, developed the standard definition of cloud computing. According to NIST, the five essential characteristics of cloud computing are
On-demand self-service:
A cloud customer can provision services at any time and is charged only for the resources that he or she consumes.
Broad network access:
Cloud services are ordinarily offered globally, and the customer is encouraged to place services as geographically near its consumers as possible.
Resource pooling:
Cloud services are
multitenant,
which means that different customers’ environments are isolated. You should never, ever see another Azure customer’s data, and vice versa.
Rapid elasticity:
A cloud services customer can accommodate variable traffic patterns by configuring their services to scale accordingly. For instance, you can configure Azure to automatically duplicate your web servers to accommodate traffic spikes and then remove servers automatically when they are no longer needed.
Measured service:
The cloud offers services on demand, which are metered; once again, customers pay only provisioned resources.
If you want to read the source material, check NIST Special Publication 800-145, The NIST Definition of Cloud Computing, which you can download from https://csrc.nist.gov/publications/detail/sp/800-145/final.
As I mention earlier in this chapter, cloud computing is attractive to both businesses and consumers because of its convenience, high availability, and potential cost savings. Specifically, Microsoft Azure or any other public cloud service uses a consumption-based spending model that’s classified as an operational expenditure (OpEx).
Purchasing or leasing on-premises infrastructure is an up-front capital expenditure (CapEx). By contrast, the relatively predictable, recurring cost model of OpEx is appealing to cost-conscious organizations (and what organization isn’t cost-conscious nowadays?).
The cloud’s rapid scalability and elasticity are capabilities that only the largest companies in the world can afford to manage on their own. Microsoft Azure enables smaller companies and individuals to replicate a SQL database between geographical regions with a couple of mouse clicks. (See Figure 1-1.) Making high availability this accessible to customers is an enormous benefit of cloud computing.
FIGURE 1-1: In Azure, you can make a database geographically available with only a couple of clicks.
For completeness, I want you to know that although this book’s focus is Microsoft Azure, other major public cloud providers also take advantage of economies of scale. These public cloud providers include, but aren’t limited to, the following:
Amazon Web Services (AWS)Google Cloud Platform (GCP)IBM CloudOracle CloudSalesforceThe term economies of scale means that a business that purchases its internal resources at a larger volume can pass along savings to its customers.
At this writing, Microsoft has its Azure product portfolio spread across 54 regions worldwide. Within each region are two or more physical data centers. Within each data center are untold numbers of server racks, blade servers, storage arrays, routers, switches, and so forth — an immense physical capacity. I think we can reasonably assume that Microsoft gets a discount from the original equipment manufacturers (OEMs) because it purchases in such huge volume. Microsoft’s purchase discounts means that the company in turn extends the savings to its Azure customers. It’s as simple as that.
The working definition of cloud computing is a subscription arrangement under which a person or business rents a cloud service provider’s infrastructure and pays only for the services consumed. That definition is fine.
In this section, however, I want to sharpen your general understanding of cloud computing by explaining the deployment and service delivery models.
In Azure nomenclature, deployment refers to your provisioning resources in the Azure public cloud. You may be saying, “What’s this? Why is Microsoft Azure called a public cloud? I thought you said that different Azure customers can never see each other’s resources by default.” Hang on; hang on. Let me explain.
Microsoft Azure is a public cloud because its global data center fabric is accessible by the general public. Microsoft takes Azure’s multitenant nature very seriously; therefore, it adds layer after layer of physical and logical security to ensure that each customer’s data is private. In fact, in many cases, even Microsoft doesn’t have access to customers’ data encryption keys!
Other major cloud service providers — including AWS, GCP, Oracle, and IBM (see the nearby sidebar “Other cloud providers”) — are also considered to be public cloud platforms.
Microsoft has three additional, separate Azure clouds for exclusive governmental use. Thus, the Microsoft literature contains references to Azure Cloud, which refers to its public cloud, and to Azure Government Cloud, which refers to its sovereign, special-access clouds. No member of the general public can access an Azure Government Cloud without being associated with a government body that employs it.
As I mention earlier, very, very few businesses have enough financial, capital, and human resources to host their own cloud environments. Typically only the largest enterprise organizations can afford having their own private cloud infrastructure with redundant data centers, storage, networking, and compute, but they may have security prohibitions against storing data in Microsoft’s (or any other cloud provider’s) physical data centers.
Microsoft sells a portable version of the Azure cloud: Azure Stack, which consists of a server rack that a company leases or purchases from a Microsoft-affiliated hardware or service provider.
The idea is that you can bring the hallmarks of cloud computing — on-demand self-service, resource pooling, elasticity, and so forth — to your local environment without involving either the Internet or an external cloud provider unless you want to.
Your administrators and developers use the same Azure Resource Manager (ARM) application programming interface (API) to deploy resources locally to Azure Stack as they use to deploy to the Azure public cloud. This API makes it a snap to bring cloud-based services on premises, and vice versa. You'll learn about ARM in Chapter 2.
When you combine the best of on-premises and cloud environments, you have a hybrid cloud.
In my professional experience, the hybrid cloud deployment model makes the most sense for most businesses. Why? A hybrid cloud allows the business to salvage (read: continue to use) the on-premises infrastructure that it’s already paid for while leveraging the hyper scale of the Azure public cloud.
Take a look at Figure 1-2. In this topology, the on-premises network is extended to a virtual network running in Azure. You can do all sorts of nifty service management here, including
Joining the Azure virtual machines (VMs) to your local Active Directory domain.
Managing your on-premises servers by using Azure management tools.
Providing nearly instant failover disaster recovery (DR) by using Azure as a DR site. Failover refers to having a replicated backup of your production servers available somewhere else so that you can shift from your failed primary environment to your backup environment within minutes. Failover is critical for businesses that cannot afford the downtime involved in restoring backups from a backup archive.
FIGURE 1-2: A hybrid cloud in which the on-premises corporate network extends to Azure.
By the end of this book, you’ll understand how to deploy the environment you see in Figure 1-2, but here’s an overview of what’s going on:
On the left side is a local business network that connects to the Internet via a virtual private network (VPN) gateway.
On the right (Azure) side is a three-VM deployment in a virtual network. A site-to-site VPN connects the local environment to the virtual network. Finally, an Azure load balancer spreads incoming traffic equally among the three identically configured web servers in the web tier subnet. As a result, the company’s internal staff can access the Azure-based web application over a secure VPN tunnel and get a low-latency, reliable, always-on connection to boot.
In this book, I refer to a local, physical network environment as an on-premises environment. In the wild, you’ll see stray references to “on premise”— sadly, even in Microsoft’s Azure documentation. Don’t make this mistake. A premise is an idea; premises refers to a location.
In my experience, only small businesses are agile enough to do all their work in the Azure cloud. That said, you may find that after your organization gets its sea legs with Azure and begins to appreciate its availability, performance, scalability, and security possibilities, you’ll be working to migrate more on-premises infrastructure into Azure, and you’ll be targeting more of your line-of-business (LOB) applications to the cloud first.
Organizations deploy applications in three primary ways: Software as a Service, Infrastructure as a Service, and Platform as a Service.
An SaaS application is a finished, customer-facing application that runs in the cloud. Microsoft Office 365 is a perfect example. As shown in Figure 1-3, you can use Word Online to create, edit, and share documents with only a web browser; an Internet connection; and an Office 365 subscription, which you pay for each month on a subscription basis.
With SaaS applications, you have zero visibility into the back-end mechanics of the application. In the case of Word Online, you neither know nor care how often the back-end servers are backed up, where the Office 365 data centers are geographically located, and so forth. All you care about is whether you can get to your cloud-hosted documents and whether Word Online behaves as you expect.
FIGURE 1-3: Word Online, part of the Microsoft Office 365 product family, is an example of an SaaS application.
Much of my work as an Azure solution architect centers on explaining the benefits of PaaS over IaaS in certain scenarios.
Consider a business that runs a three-tier on-premises web application with VMs. The organization wants to move this application workload to Azure to take advantage of the benefits of cloud computing. Because the organization has always done business by using VMs, it assumes that the workload must by definition run in VMs in Azure.
Not so fast. Suppose that the workload consisted of a Microsoft-stack application. Maybe the business should consider using PaaS products such as Azure App Service and Azure SQL Database to leverage autoscale and pushbutton georeplication.
I discuss both Azure App Service and Azure SQL Database later in Part 3. For now, understand georeplication means placing synchronized copies of your service in other geographic regions for fault tolerance and placing those services closer to your users.
Or maybe the workload is an open-source project that uses PHP and MySQL. No problem. Azure App Service can handle that scenario. Microsoft also has a native hosted database platform for MySQL called (appropriately enough) Azure Database for MySQL.
With PaaS, Microsoft takes much more responsibility for the hosting environment. You’re not 100 percent responsible for your VMs because PaaS products abstract all that plumbing and administrative overhead away from you.
The idea is that PaaS products free you to focus on your applications and, ultimately, on the people who use those applications. If PaaS has a trade-off, it’s that relinquishing full-stack control is an adjustment for many old-salt systems and network administrators.
To sum up the major distinction between IaaS and PaaS, IaaS gives you full control of the environment, but you sacrifice scalability and agility. PaaS gives you full scalability and agility, but you sacrifice some control.
To be sure, the cloud computing literature contains references to other cloud deployment models, such as community cloud. You’ll also see references to additional delivery models, such as Storage as a Service (STaaS) and Identity as a Service (IDaaS). This chapter focuses on the most commonly used cloud deployment and delivery models.
I find that most businesses that migrate their applications and services to Azure use the IaaS model, if only because they’ve delivered their services via VMs in the past — the old “If it ain’t broke, don’t fix it” approach.
In large part, IaaS is where the customer hosts one or more VMs in a cloud. The customers remain responsible for the full life cycle of the VM, including
Configuration
Data protection
Performance tuning
Security
By hosting your VMs in Azure rather than in your on-premises environment, you save money because you don’t have to provision the physical and logical resources locally. You also don’t have to pay for the layers of geographic, physical, and logical redundancy included in Azure out of the box.
Thus, whereas SaaS is a service that’s been fully abstracted in the cloud, and the customer simply uses the application, IaaS offers a split between Microsoft’s responsibility (providing the hosting platform) and the customer’s responsibility (maintaining the VMs over their life cycle).
Cloud computing in general, and Microsoft Azure in particular, use what’s called the shared responsibility model. In this model, Microsoft’s responsibility is providing the tools you need to make your cloud deployments successful — Microsoft’s data centers, the server, storage and networking hardware, and so on. Your responsibility is to use those tools to secure, optimize, and protect your deployments. Microsoft isn’t going to configure, back up, and secure your VMs automatically; those tasks are your responsibility.
The Microsoft Azure service catalog has hundreds of services. Listing all of them in this book would be a waste of ink and paper, because by the time you read this chapter, the service list will have expanded even more.
Microsoft maintains a services directory at https://azure.microsoft.com/en-us/services, but in this chapter, I give you a high-level tour of what Microsoft calls 80 percent services — the Azure products that 80 percent of the customer base uses.
In October 2008, Microsoft announced Windows Azure at its Professional Developers Conference. Many people feel that this product was a direct answer to Amazon, which had already begun unveiling AWS to the general public.
The first Azure-hosted service was SQL Azure Relational Database, announced in March 2009. Then came support for PaaS websites and IaaS virtual machines in June 2012. Figure 1-4 shows what the Windows Azure portal looked like during that time.
Satya Nadella became Microsoft’s chief operating officer in February 2014. Satya had a vision of Microsoft expanding its formerly proprietary borders, so Windows Azure became Microsoft Azure, and the Azure platform began to embrace open-source technologies and companies that Microsoft formerly considered to be hostile competitors.
FIGURE 1-4: The Windows Azure portal, circa 2012.
I can’t overstate how important that simple name change was and is. Today, Microsoft Azure provides first-class support for Linux-based VMs and non-Microsoft web applications and services, which is a huge deal.
Finally, Microsoft introduced the RM deployment model at Microsoft Build 2014. The API behind Windows Azure was called Azure Service Management (ASM), and it suffered from several design and architectural pain points. ASM made it super-difficult to organize deployment resources, for example, and it was impossible to scope administrative access granularly.
The ARM API is modeled closely on the AWS API (you know the old saw “Imitation is the sincerest form of flattery”), with core architectural concepts such as resource groups and role-based access controls that were direct analogs of features in the AWS cloud.
To support old customers with old deployments, ARM still offers limited support for ASM deployments in the Azure portal (see Chapter 2). These resources are tagged with the suffix Classic. This book is committed to the ARM API, however, so I won’t be addressing ASM IaaS products.
Azure Virtual Machines is Microsoft’s Azure mainline IaaS product. Specifically, the Azure Marketplace in the Azure portal lists thousands of preconfigured VM images from Microsoft, endorsed Linux distributions, and third-party solution providers. You can see the gallery of VM images in Figure 1-5.
FIGURE 1-5: The Azure Marketplace includes prebuilt Windows and Linux VM images.
You can migrate your on-premises physical and virtual machines to Azure, of course, as well as create custom VM images. I’ll get to those topics in time; I promise.
The Azure product portfolio is filled with powerful, cost-saving PaaS offerings. Following are some of the more high-profile Azure PaaS products:
App Service:
Web Apps, Mobile Apps, API Apps, Logic Apps, and Function Apps
Databases:
Cosmos DB, Azure SQL Database, Azure Database for MySQL, and Azure Cache for Redis
Containers:
Azure Container Instances, Azure Container Registry, and Azure Kubernetes Service
DevOps:
Azure DevOps and Azure DevTest Labs
Internet of Things (IoT):
Azure IoT Hub, Azure IoT Edge, Azure Sphere, and Azure Digital Twins
Machine learning:
Azure Machine Learning Service, Azure Bot Service, Cognitive Services, and Azure Search
Identity:
Azure Active Directory, Azure AD Business-to-Business, and Azure AD Business-to-Consumer
Monitoring:
Application Insights, Azure Monitor, and Azure Log Analytics
Migration:
Azure Site Recovery, Azure Cost Management, Azure Database Migration Service, and Azure Migrate
You can have a free, low-obligation trial of the Microsoft Azure platform with the Azure free account. Low-obligation