Showing posts with label Azure. Show all posts
Showing posts with label Azure. Show all posts
Azure Solutions Architect Expert Renewal
Once again its that time to recertify, 2022 is going to be the year of renewal and recertification!
After holding the Azure Solutions Architect Expert certification since 2018, I noticed that Microsoft have changed the process in which renewal takes place on this and other Azure certifications.
In place of just writing another exam based on the syllabus you have already studied and been tested on, Microsoft have implemented a renewal process focused on studying Microsoft Learn modules and then writing an online assessment annually to regain and renew your certification. This is a really a great approach as it gets you to keep learning constantly as well as forces you to recertify annually to keep current.
This effectively replaces the previous method of recertifying every two years with a recertification exam. This process has been seamlessly implemented and really gets you to focus in on key study areas that you may or may not have had recent experience in. This is a great way to get you to use Microsoft Learn modules to increase your skills, get exposure to new concepts and recertify your existing certification that you have already had to write numerous official exams in order to gain. This online assessment is completed annually in order to keep your certification and automatically extends the expiration date on the certificate based on your existing transcript.
Please take note: Microsoft will send you reminders on a monthly basis from three months before the expiration of the certificate which gives you ample time to study the Learn modules and complete the assessment before expiration. The certification will renew for a year from the expiration date. The online assessment can also be written at any time during the renewal period. You will get multiple attempts to write if you do not pass the first time, but there are some waiting periods between attempts.
I really think that this is a great innovation from Microsoft Azure and think it would be great if other public cloud platforms could also look into implementing a similar renewal process in order to assist students. There is also, of course, the fact that there is no cost involved in this renewal process which is really a game changer for people who have invested so much time and costs in achieving these certifications.
Azure Solutions Architect Expert: Microsoft Learn Modules
The below list of Microsoft Learn modules can be studied prior to the online assessment. Please note: This is not compulsory in order to complete the assessment but they are really good if you are trying to brush up on or have not been exposed to these concepts since writing your last exam. The Learn modules focus in on a few of the Well-Architected Framework pillars: performance efficiency, security, Cost and also focus in on designing monitoring on Azure. Further reading on the Well-Architected Framework: https://docs.microsoft.com/en-us/azure/architecture/framework/
They then move into Azure Site Recovery (ASR) and Azure backups. There are also some practical labs on Azure SQL DB's. Overall, its around six and half hours on Learn modules before going ahead to take your assessment.
- Design a holistic monitoring strategy on Azure
- Microsoft Azure Well-Architected Framework - Performance efficiency
- Microsoft Azure Well-Architected Framework - Security
- Protect your Azure infrastructure with Azure Site Recovery
- Protect your virtual machines by using Azure Backup
- Back up and restore your Azure SQL database
- Use monitoring and analytics to gain cost insights
- Analyze your Azure infrastructure by using Azure Monitor logs
Please see the below link to the official Microsoft Learn modules required for study: https://docs.microsoft.com/en-us/learn/certifications/azure-solutions-architect/renew
By using the above link you are also able to check whether you are eligible for renewal.
Quick tip: Make sure you sign into the above portal using your existing MCP login details. You are also able to add additional Learn profiles within your account if these are separate.
Please find the below link for further reading on the renewal process: https://aka.ms/CertRenewalOverview
I have found the overall renewal process simple, well implemented and innovative!
Good luck on completing your Azure Solutions Architect renewal in 2022!
AZ-302 Transition into Architecture
I had the opportunity last week to write the new beta Microsoft AZ-302 transition exam for the new role based Azure Solutions Architect qualification being provided by Microsoft on their Azure Cloud Platform. This exam is only available if you have completed the 70-535 exam for Architecting Azure Solutions which I have previously written about.
This is a new exam that was released at the end of September 2018 and is still currently in beta meaning that you do not receive any results immediately after writing this exam. Microsoft confirms that you should receive transcript entry two weeks later if you pass.
As this is a new exam in beta there is currently very limited available study materials. In fact Microsoft have not released any practise tests or courses on this exam as of October 2018.
https://www.microsoft.com/en-us/learning/exam-az-302.aspx
The best pace to start preparing for this exam is by viewing the official exam page listed above. On this page you will find the exam section breakdown on the AZ-302:
Determine Workload Requirements (15-20%)
Design for Identity and Security (5-10%)
Design a Business Continuity Strategy (15-20%)
Implement Workloads and Security (5-10%)
Implement Authentication and Secure Data (5-10%)
Develop for the Cloud (45-50%)
As you can see from the breakdown the last section is Develop for the Cloud (45-50%) this section is very important and something that was not tested at this level in the 70-535. If you do not have extensive Cloud development background its best to start doing so now.
I used the following sources for studying for this exam including hands on labs and practising within an Azure subscription. The best place to find these is in the new Microsoft Learning portal within the Azure website. This is a great place to run through study courses and labs without having to create an Azure trial. Experience and skills are really key here.
https://docs.microsoft.com/en-gb/learn/azure
I also used the following free resource on Microsoft Azure courses which is great!
https://www.getazureready.com/
The Microsft Azure documentation is another great place to read up and study, here are some sample links to read that are related to this exam and that I read before writing:
https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-openid-connect-code
https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code
https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-set-up-replication
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-test-failover-to-azure
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-network-design
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-failover
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-workload
https://docs.microsoft.com/en-us/azure/site-recovery/concepts-traffic-manager-with-site-recovery
https://docs.microsoft.com/en-us/azure/architecture/guide/design-principles/
https://docs.microsoft.com/en-us/azure/architecture/guide/design-principles/redundancy
https://docs.microsoft.com/en-us/azure/architecture/guide/design-principles/self-healing
https://docs.microsoft.com/en-us/azure/security/security-azure-encryption-overview
https://azure.microsoft.com/en-us/solutions/confidential-compute/
https://docs.microsoft.com/en-us/azure/azure-functions/durable-functions-overview
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-elastic-transactions-overview
I would go through all the documentation related to the exam sections above and constantly keep reading through the relevant documentation on the study section that you are focusing on as this gives you some good perspective and a high level understanding on solutions.
To sum up the above resources are a good place to start for this exam but this exam is not at all easy especially if you don't have strong cloud development background. Developing for the Cloud would be a great place to start learning or brushing up before tackling this exam. The key take away is that you really need strong Azure experience and high level understanding. This is not a standard architect level exam and will really take you into a technical deep dive so practise, skills and deep knowledge are really important.
Are Containers the future?
What are containers?
Containers can be compared to virtual machines but are very different. Containers contain groups of applications that can run directly on an underlying host operating system unlike virtual machines that require a hypervisor layer. This is greatly beneficial as you are able to achieve higher density, better elasticity, increased portability and advanced scalability. These advantages are achieved with less overhead management and administration.
The older way of achieving this same function was to have virtual machines running over a hypervisor which was running within a host operating system. Each of these layers require management and support and even the virtual machine had to run its own operating system. All of these operating systems require patching and other administration to operate. As you can see containers just contain the actual application and no other overheads are required.
How do containers work?
Containers are implemented using specific technology like Docker which was originally run within the Linux operating system. Nowadays containers can also be run on Windows. Docker containers are really the standard way of doing things now. If you require multiple containers, clusters or are looking to run containers in the cloud you need to look at Kubernetes which is the most popular container orchestration platform currently.
Kubernetes is an open-source container-orchestration system for automating deployment, scaling and management of containerized applications. It was originally designed by Google and is now maintained by the Cloud Native Computing Foundation.
Kubernetes is an open-source container-orchestration system for automating deployment, scaling and management of containerized applications. It was originally designed by Google and is now maintained by the Cloud Native Computing Foundation.
Can I use containers?
This question really depends on your specific workload and application. Most applications should be able to be ported into containers and then launched either onsite or in the cloud. One great thing about containers is that they can be run both onsite and in the cloud and are extremely portable between different operating systems and cloud platforms. With this flexibility its much easier to be able to move your containers anywhere you would like to run them. I would suggest further consultation with your developers and cloud architects to determine your use case and the best applicable solution for your use case.
Containers in the cloud
The easiest way to test and use containers in production is to launch them through your cloud platform. Each public cloud provider offers a widespread range of managed container solutions. Google Cloud Platform offers the original GKE Google Kubernetes Engine. This is currently the most advanced offering of managed Kubernetes in the cloud with Azure coming in second with the recently generally available AKS. Azure Kubernetes Service. Please read the below links in order to learn more about these platforms and containers.
Are containers the future?
Yes containers are the future of application technology in the cloud as well as on-premise. Containers are becoming more and more popular and learning and understanding some background in them whether you are a developer or operations engineer is really required. There are so many courses and further information out there and I suggest starting by looking at your cloud providers documentation to set you in the right direction.
Some great further information can be read here:
https://cloud.google.com/kubernetes-engine/
https://azure.microsoft.com/en-us/services/kubernetes-service/
https://www.docker.com/
https://kubernetes.io/
https://azure.microsoft.com/en-us/services/kubernetes-service/
https://www.docker.com/
https://kubernetes.io/
Cloud Based Virtual Networks
While discussing the implementation of cloud infrastructure we touched on the base of core infrastructure that will need to be provisioned in the cloud in order to begin your migration or greenfield cloud deployment. The core infrastructure required is cloud storage, compute resource and virtual networks. Today we will be going into virtual networks in more depth.
Virtual Networks
As previously discussed virtual networks are absolutely vital to understand in order to correctly provision and deploy cloud resources. These virtual networks are used to connect, segment and link your cloud based resources as well as on premises networks.
Virtual network segmentation is completed with the use of subnets. These subnets are used to seperate various cloud based networks using different IP ranges. These are seperate networks that can be used for different functions, for example the front end and back end tier of an application.
Another aspect to understand is the use of firewalls within these virtual networks. Traditionally a firewall is used on premises between the internal network and external network (internet). In cloud services a firewall is used in the same way but also internally, so you are able to secure internal as well as external networks and applications.
As mentioned above another incredibly important aspect of cloud based virtual networks is the ability to connect to your on premises environment. This is valuable in order to build and architect hybrid cloud solutions. This can be achieved by using direct ISP based links that bypass the public internet to keep things internally secure and fast or via VPN tunnels.
Cloud Platforms
There are some differences between the different cloud providers but basically cloud based virtual networks are quite similar and perform reasonably the same function. In Azure you get Virtual Networks which are the base of your cloud based network infrastructure and in Google Cloud Platform you get Virtual Private Cloud Networks (VPC's) both offer a few different features so its always important to read the relevant documentation and use a trial account to test for your specific requirements.
To sum up though you need to brush up on your general network skills (get out the Network+ manual) before planning your cloud based networks and I highly recommend some courses in the cloud platform you are looking into going with. There are literally loads of in depth free video courses available on any platform to learn the necessary skills.
Training
Please see below Coursera GCP and Pluralsight Azure on demand courses:
https://www.coursera.org/specializations/gcp-architecture
https://www.pluralsight.com/courses/planning-designing-microsoft-azure-network-solutions?twoid=e7d045ab-0691-4def-896a-8db6cb74790b&aid=7010a000001xDURAA2
Implementing Cloud Infrastructure
To break it down this is very comparable to on premises infrastructure as when looking to physical storage, physical servers, virtualisation, virtual networks and virtual machines. The cloud reduces the need have the physical infrastructure in place. You are able to utilise this on a pay per use model in any of the public cloud providers for example Google Cloud Platform or Microsoft Azure. You are charged for what you use which is great!
Virtual Networks
After activating your cloud subscription you can begin setting up your virtual network. This has different names depending on what provider you are using i.e in Microsoft Azure its called Virtual Networks and in Google Cloud Platform its called Virtual Private Cloud Networks (VPC's) Basically these are similar ways to perform network segmentation in the cloud based on virtualised networks. Subnets are used to segment these virtual networks or VPC's. You are also able to integrate load balancers and firewalls:
Within these virtual networks you can isolate specific services, i.e virtual machines, you can implement load balancers as well as connect networks from different regions togeather. You are also able to implement security with firewall's across these virtual networks both internally and externally. Another feature of virtual networks is the ability to connect them with your existing on premises networks. There are various methods available in order to achieve this as in a direct Interconnect (GCP) or Express Route (Azure) link from your site to the applicable cloud provider. Another way do to this is be using secure encrypted VPN tunnels:
Cloud Storage
Cloud Storage is absolutely critical as this is where all of your resources will be stored in the cloud. I have previously written about cloud storage if you would like to read further:
In the context of this article we will be referencing more towards storage of infrastructure like virtual machine files, virtual machine disks and general file storage. These will be the locations where your compute workloads will be stored when created. There are various different types of storage but for virtual machines you will look at options like HDD or SSD depending on workload. Google GCP has persistent disks and Azure has managed disks for VM's. http://www.ruckcloud.ml/2018/04/lets-talk-about-managed-disks.html
Compute
The compute layer is all about the computing resources that you will be utilising. This is based on virtual machines in one form or the other. You can spin up traditional VM's one at a time with a large selection of different operating systems from Windows to Linux. These are called IaaS (Infrastructure as a Service) VM's. You can also leverage batch operation with automating a large number VM creation to achieve a large processing job for example. These VM's can automatically scale up and down based on load and you are only charged when they are in use. With IaaS you have direct control and management of your VM's.
You are also able to make use of virtual machines in PaaS (Platform as a Service) where you can immediately spin up app's for computing needs without the need of managing IaaS VM's. This is very handy for developers that are not too concerned with managing VM's.
In this article I have touched on the core base infrastructure required with cloud computing. These areas all go into much more depth but sometimes its nice to get a simple overview of what they are and how they work. This is really essential to understand when first looking into the cloud to either build new services or migrate your existing infrastructure.
Further information on cloud infrastructure is available at:
Azure Security Center Playbooks Introduction
Azure Security Centre is a great tool in order to manage your hybrid cloud security health. As I have previously written its a tool that can be used to monitor both Azure infrastructure as well as on-premises machines with a central monitoring dashboard. Please feel read to read the other blog post in the Azure Security Centre series. http://www.ruckcloud.ml/2018/02/using-azure-security-center-for.html
Today I will be writing about a specific feature of the Azure Security Centre called Security Playbooks. Security Playbooks are alert triggered procedures that run within Azure Security Center. When a specific alert is is triggered a playbook will run that will automate a response to that specific alert. This can help orchestrate as well as speed up security alert management.
Security Playbooks are based on Azure Logic Apps. What this gives us is the ability to use security templates based in Azure Logic Apps which you can edit or create and then trigger these with Security Centre.
What are Azure Logic apps?
Azure Logic Apps help to simplify and implement scale-able integrations and workflows in the cloud. Please see further info at the end of this post.
Creating a Security Playbook
Please see the below steps in order to create a Security Playbook in the Azure portal:
1. Select Security Centre - Playbooks (preview) - Add Playbook
4. Click on the newly created logic app which will launch the logic app designer:
5. Click blank logic app:
7. Add an action to run and click save:
8. After this has been completed, the playbook can be run from Security Center "Playbooks"
Please read further on Azure Logic Apps: https://docs.microsoft.com/en-gb/rest/api/logic/
Using Azure Security Center for monitoring
You are able to apply policies and also locate and fix vulnerabilities before they can be exploited. What is also great is that you are able to leverage advanced analytics to detect and mitigate attacks on your infrastructure using the Advanced Threat Protection module.
In this article I will go about explaining the basics of this service, from locating where to find it to some basic overviews of the monitoring dashboard and some of the remediation features. As with all my articles they can be read by the first time Azure user all the way up to a seasoned pro who may be interested in learning about a new product.
The Azure Security Centre is simply launched from within the Azure portal:
Once you have opened the portal, it will display your monitoring dashboard with alerts:
This dashboard will contain your security related overview, prevention and detection. Please note that you will require an additional 60 day trial to view the Advanced Threat Detection. the Advanced Threat Detection is an advanced feature that can be used to automatically locate and resolve security issues based on the Azure Security Centre intelligence.
Recommendations
When monitoring the dashboard you can scroll through and check the recommendations that can be implemented to better secure your current workload, these are arranged into a high and medium severity. When opening these they will provide instructions on how to resolve and implement better security practises onto your cloud or on-premise workloads.
As per the the above recommendation I have located that I am not using a Network Security Group (NSG) on a specific virtual network. I can then click through the blades in order to find more information on this specific issue and resolve it directly from within the portal. As per the below I can directly enable the required NSG through the next portal steps:
Prevention
Under the prevention tab you will see additional alerts generated based on your infrastructure. These tabs will contain compute, networking, storage & data and applications.
In my example I have a few alerts across compute and networking. When clicking on the compute tab I am given the following recommendations with regards to my virtual machines:
From within this tab I can continue through to obtain further information as in this case I have not installed the endpoint protection on the virtual machine (this is used to scan for malware threats) as well as having missing disk encryption on the virtual machine disks. Within the following windows you will receive further information and directions for resolving these issues. This allows you to become proactive with regards to security issues.
Within networking, storage and data similar issues are reported with further information on the threats and directions on how to resolve them. This is incredibly useful and provides a great overview of your Azure infrastructure security and gives great direction on resolving any issues that may have been located.
One other point that I haven't mentioned is that you can also install the Azure Security Centre monitoring agent on on-premises machines which create a fully hybrid cloud security monitoring overview. Its also great as you can have all security information for cloud and on-premises in one place (dashboard) for monitoring and reporting. A Log Analytics work space is required to on-board non-Azure computers to Security Centre:
There are a lot more functions that can be enabled within Azure Security Centre and I have only touched on the basics in this article. Please feel free to look further into Advanced Threat Detection which contains great threat intelligence and security alerting functions.
Further information can be found here: https://azure.microsoft.com/en-gb/services/security-center/ and documentation here: https://azure.microsoft.com/en-us/documentation/services/security-center/
Using Azure Site Recovery with Managed Disks
Today I will be elaborating on that article slightly to explain a new feature that was announced last week around being able to protect Azure VM's using managed disks.
What are managed disks?
Managed disks are basically VM level disks that are managed and controlled by Azure. What this means is that when you are creating a new VM you are given an option of using an existing storage account and creating a normal disk in this location or the option of selecting a managed disk. A managed disk simplifies overall storage management and is also more reliable as its managed by Azure and will have better high availability during planned or unplanned maintenance. This can really help with making your life easier!
What is Azure Site Recovery?
As mentioned in the previous article Azure Site Recovery is used to be able to provide a business continuity disaster recovery (BC/DR) service for your IaaS VM's in Azure or on premises. ASR can also be used to migrate your on premises VM's into Azure. For further information on configuring this to protect an indivudual VM's please view the full article here: http://www.ruckcloud.ml/2018/02/using-azure-site-recovery-to-replicate.html
The new feature announced is implemented within the disaster recovery (preview) section and relates to your selections for setting up protection. You now have the option to select managed disks for replication. What this means is that you can select the manage disks that you would like to migrate to the secondary region, thus creating a fail-over copy. This also means that you will not need to select a storage account to migrate unless you still have VM's that may be located in them. Below is an image from Microsoft depicting this:
As you can see from this image, you now have the following options:
Source Managed Disk - Your original primary location VM managed disk
Replica Managed Disk - Your new replica managed disk location for protection
Replica Managed Disk Type - The type of managed disk that was initially selected
So in order to sum up this service, the advantage that this gives us is that any VM's with managed disks can easily be replicated to a secondary region through the Azure Site Recovery (preview) service without the need of managing multiple storage accounts within the target location in order to manage all of your replicated virtual machines.
Please read the official Microsoft blog post on the subject for further detailed information:
Using Azure Site Recovery to replicate a VM
Today I will be writing about Microsoft Azure's Azure Site Recovery (ASR) service. This is really an incredible service that makes running your own DR replicated "secondary site" easy and cost effective.
The Microsoft Azure ASR service is a cloud based business continuity and disaster recovery (BC/DR) service. It can be used for a whole bunch of different scenarios, as in copying on premises virtual machines (VM's) into Azure within a hybrid cloud model which can then be used in a full scale DR replication situation, permanently migrating on premises Hyper-V and VMware VM's into Azure and also for protecting current Azure VM's by replicating them to other regions. These options could also be used together depending on your architecture and individual requirements. Please view the official Microsoft Documentation for in depth required information.
In today's blog post I will be writing about the option of simply protecting your current VM's running in Azure as this is a good way to initially start using and learning the service. Please note that there are also various options for setting this up for a large number of VM's, but the below guide is just for a single VM running within Azure. For any further information the Azure documentation linked at the bottom of this article a great place to start!
As of writing this feature is still listed as under preview within the Azure portal.
1. Login in to the Azure portal:
2. Select an existing VM and then click on the "Disaster recovery (preview)" tab:
3. Next you will need to specify the region that you would like to replicate to, as well as some further information, as in your existing resource group, availability sets and virtual network. Some of these settings will auto populate depending on the location of the current region of the selected VM, as in this case "West Europe":
4. The next information required is related to storage, you will need to check or adjust the initial storage location (if not managed disks which aren't being referenced in this article - this particular VM is using an existing storage location), as well as setup a new or existing recovery services vault which will be used for the replication. A recovery services vault is a storage "backup" location in which your VM will be copied and stored. You can also select a new or existing resource group as well as replication policy. If you leave these as defaults new resources will be automatically created for you:
5. Once you have completed the above steps you will see a graphic displaying the available replication regions:
6. if all looks good click "Enable replication" and that's it, replication will begin! :)
Once completed you can check the replication status within the same "Disaster Recovery (preview tab)" above.
You are also able to delete the replication and adjust other settings if required.
Source: https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-quickstart
Subscribe to:
Posts (Atom)
