Azure Architecture Certification Revision Sheets Nicholas Rogoff Twitter

Azure Architecture Certification Revision Sheets Nicholas Rogoff Twitter: @nrogoff https: //blog. nicholasrogoff. com IMPORTATNT NOTE: Microsoft Azure is constantly evolving and so do the topics tested in the exams. The slides here were pretty accurate’ish as at January 2017, but check them for yourself!! Disclaimer: I can not guarantee that the info here is correct, so don’t come back to me if you fail the exams. These are MY notes and not in any way authoritative or complete, but hopefully helpful.

Azure Certification paths and Exams • MCSD: Azure Solution Architect • Require All Exams 70 -532, 70 -533, 70 -534 • Retiring on March 31 st 2017. • MCSA: Cloud Platform • Require 2 exams of: 70 -532, 70 -533, 70 -534, 70 -473, 70 -475 • MCSE: Cloud Platform and Infrastructure • Require: ‘MCSA: Cloud Platform’, plus 1 exam of: 70 -532, 70 -533, 70 -534, 70 -473, 70475, 70 -744, 70 -413, 70 -414, 70 -246, 70 -247 (not already taken for MCSA) *Red indicates the exams that these notes are focused on

Exam 70 -532: Developing Microsoft Azure Solutions • New Exam Objectives • Here’s the full list of exam objectives for this November 22, 2016 exam update: • Create and manage Azure Resource Manager virtual machines (30 – 35%) • • Deploy workloads on Azure Resource Manager (ARM) virtual machines (VMs) – Identify workloads that can and cannot be deployed; run workloads including Microsoft and Linux; create VMs Perform configuration management – Automate configuration management by using Power. Shell Desired State Configuration (DSC) and VM Agent (custom script extensions); configure VMs using a configuration management tool such as Puppet or Chef; enable remote debugging Configure ARM VM networking – Configure static IP addresses, Network Security Groups (NSGs), DNS, User Defined Routes (UDRs), external and internal load balancing with HTTP and TCP health probes, public IPs, firewall rules, and direct server return; design and implement Application Gateway • Scale ARM VMs – Scale up and scale down VM sizes; deploy ARM VM Scale Sets (VMSS); configure ARM VMSS auto-scale Design and Implement ARM VM storage – Configure disk caching; plan for storage capacity; configure shared storage using Azure File service; configure geo-replication; implement ARM VMs with Standard and Premium Storage Monitor ARM VMs – Configure ARM VM monitoring; configure alerts; configure diagnostic and monitoring storage location Manage ARM VM availability – Configure multiple ARM VMs in an availability set for redundancy; configure each application tier into separate availability sets; combine the Load Balancer with availability sets • Design and Implement a storage and data strategy (25 – 30%) • • Implement Azure Storage blobs and Azure Files – Read data; change data; set metadata on a container; store data using block and page blobs; stream data using blobs; access blobs securely; implement async blob copy; configure Content Delivery Network (CDN); design blob hierarchies; configure custom domains; scale blob storage • Implement Azure storage tables and queues – Implement • • • CRUD with and without transactions; design and manage partitions; query using OData; scale tables and partitions; add and process queue messages; retrieve a batch of messages; scale queues Manage access and monitor storage – Generate shared access signatures, including client renewal and data validation; create stored access policies; regenerate storage account keys; configure and use Cross-Origin Resource Sharing (CORS); set retention policies and logging levels; analyze logs Implement Azure SQL Databases – Choose the appropriate database tier and performance level; configure and perform point in time recovery; enable georeplication; import and export data and schema; scale Azure SQL databases Implement Azure Document. DB – Create databases and collections; query documents; run Document. DB queries Implement Redis caching – Choose a cache tier; implement data persistence; implement security and network isolation; tune cluster performance Implement Azure Search – Create a service index; add data; search an index; handle search results Manage identity, application, and network services (15 – 20%) • • Integrate an app with Azure Active Directory (AAD) – Develop apps that use WS-federation, OAuth, and SAML-P endpoints; query the directory by using graph API Design and Implement a communication strategy – Implement Hybrid Connections to access data sources onpremises; leverage S 2 S VPN and Express. Route to connect to an on-premises infrastructure Design and Implement a messaging strategy – Develop and scale messaging solutions using service bus queues, topics, relays, event hubs, and notification hubs; monitor service bus queues, topics, relays, event hubs and notification hubs Develop apps that use AAD B 2 C and AAD B 2 B – Design and implement. NET MVC, Web API, and Windows Desktop apps that leverage social identity provider authentication, including Microsoft account, Facebook, Google+, Amazon, and Linked. In; leverage AAD B 2 B to design and implement applications that support partnermanaged identities Design and Implement Azure Paa. S Compute and Web and Mobile Services (25 – 30%) • • Design Azure App Service Web Apps – Define and manage App Service plans; configure Web Apps settings, certificates, and custom domains; manage Web Apps by using the API, Azure Power. Shell, and Xplat-CLI; implement diagnostics, monitoring, and analytics; implement web jobs; design and configure Web Apps for scale and resilience Implement Azure Functions – Create Azure Functions; implement a webhook Function; create an event processing Function; implement an Azure-connected Function Implement API Management – Create managed APIs; configure API Management policies; protect APIs with rate limits; add caching to improve performance; monitor APIs; customize the Developer Portal Design Azure App Service API Apps – Create and deploy API Apps; automate API discovery by using the Swashbuckle; use Swagger API metadata to generate client code for an API app; monitor API Apps Develop Azure App Service Logic Apps – Create a Logic App connecting Saa. S services; create a Logic App with B 2 B capabilities; create a Logic App with XML capabilities; trigger a Logic App from another app; create custom and long-running actions; monitor Logic Apps Develop Azure App Service Mobile Apps – Create a Mobile App; add offline sync to a Mobile App; add authentication to a Mobile App; add push notifications to a Mobile App Design and Implement Azure Service Fabric apps – Create a Service Fabric application; build an Actors-based service; add a web front-end to a Service Fabric application; monitor and diagnose services; migrate apps from cloud services; create, secure, upgrade, and scale Service Fabric Cluster in Azure; scale a Service Fabric app It’s worth noting that the percentages (%) displayed in the titles of the main exam objectives are the percentages of the exam questions that will be on that topic area.

Exam 70 -533: Implementing Microsoft Azure Infrastructure Solutions • New Exam Objectives • Here’s the full list of exam objectives for this November 16, 2016 exam update: • Design and implement Azure App Service apps (15– 20%) • Define and use app settings, connection strings, handlers, and virtual directories; configure certificates and custom domains; configure SSL bindings and runtime configurations; manage Web Apps by using Azure Power. Shell and • Xplat-CLI • Configure auto-scale using built-in and custom schedules, configure by metric, • change the size of an instance, configure Traffic Manager • Create and manage Azure Resource Manager Virtual Machines (20– 25%) • Deploy workloads on Azure Resource Manager (ARM) virtual machines (VMs) • • • Configure disk caching, plan storage capacity, configure operating system disk redundancy, configure shared storage using Azure File service, configure georeplication, encrypt disks, implement ARM VMs with Standard and Premium Storage • • Configure ARM VM monitoring, configure alerts, configure diagnostic and monitoring storage location Monitor ARM VM availability • Set retention policies and logging levels, analyze logs • Integrate an Azure Active Directory (Azure AD) with existing directories • Implement Azure AD Connect and single sign-on with on-premises Windows Server 2012 R 2, add custom domains, monitor Azure AD Configure Application Access Configure single sign-on with Saa. S applications using federation and password based, add users and groups to applications, revoke access to Saa. S applications, configure access, configure federation with Facebook and Google ID Integrate an app with Azure AD Implement Azure AD integration in web and desktop applications, leverage Graph API Implement Azure AD B 2 C and Azure B 2 B • Create an Azure AD B 2 C Directory, register an application, implement social Modify a subnet, import and export a network configuration Design and implement a multi-site or hybrid network Choose the appropriate solution between Express. Route, site-to-site, and pointto-site; choose the appropriate gateway; identify supported devices and software VPN solutions; identify networking prerequisites; configure virtual networks and multi-site virtual networks • Design and deploy ARM templates (10– 15%) • Implement ARM templates • • • Author ARM templates; create ARM templates to deploy ARM Resource Providers resources; deploy templates with Power. Shell, CLI, and REST API Implement ARM templates • Create a backup vault, deploy a backup agent, back up and restore data Implement an Azure Active Directory (15– 20%) Deploy a VM into a virtual network; configure external and internal load balancing; implement Application Gateway; design subnets; configure static, public, and private IP addresses; set up Network Security Groups (NSGs), DNS at the virtual network level, HTTP and TCP health probes, public IPs, User Defined Routes (UDRs), firewall rules, and direct server return Modify network configuration • Choose the appropriate database tier and performance level; configure point-in -time recovery, geo-replication, and data sync; import and export data and schema; design a scaling strategy Implement recovery services • • • Create and manage shared access signatures, use stored access policies, regenerate keys Implement Azure SQL Databases • Monitor ARM VMs • • • Configure virtual networks Configure diagnostics, monitoring, and analytics • • Automate configuration management by using Power. Shell Desired State Configuration (DSC) and VM Agent (custom script extensions); configure VMs using a configuration management tool, such as Puppet or Chef; enable remote debugging Design and implement VM storage • • Identify workloads that can and cannot be deployed; run workloads, including Microsoft and Linux; create VMs; connect to a Windows/Linux VM Perform configuration management • • Implement virtual networks (10– 15%) • Read data, change data, set metadata on a container, store data using block and page blobs, stream data using blobs, access blobs securely, implement async • blob copy, configure a Content Delivery Network (CDN), design blob hierarchies, configure custom domains, scale blob storage Manage access • Configure Web Apps for scale and resilience • Scale up and scale down VM sizes, deploy ARM VM Scale Sets (VMSS), configure • ARM VMSS auto-scale Implement Azure storage blobs and Azure files • Retrieve diagnostics data; view streaming logs; configure endpoint monitoring, • alerts, and diagnostics; use remote debugging; monitor website resources identity provider authentication, enable multi-factor authentication, set up selfservice password reset, implement B 2 B collaboration, configure partner users, integrate with applications Design and implement a storage strategy (20– 25%) • Configure diagnostics, monitoring, and analytics • • Define deployment slots; roll back deployments; implement pre- and post- deployment actions; create, configure, and deploy packages; create App Service • plans; migrate Web Apps between App Service plans; create a Web App within • an App Service plan Configure multiple ARM VMs in an availability set for redundancy, configure each application tier into separate availability sets, combine the Load Balancer with availability sets Scale ARM VMs • Configure Web Apps • • • Deploy Web Apps • • • Leverage service principals with ARM authentication, use Azure Active Directory Authentication with ARM, set management policies, lock resources Implement ARM templates • Secure resource scopes, such as the ability to create VMs and Azure Web Apps; implement Azure role-based access control (RBAC) standard roles; design Azure RBAC custom

Exam 70 -532: Developing Microsoft Azure Solutions • New Exam Objectives • Here’s the full list of exam objectives for this November 16, 2016 exam update: • Secure resources (20– 25%) • Secure resources by using managed identities • • • Secure resources by using identity providers • • • Design an application storage and data access strategy (5– 10%) • Design data storage • • • Select the appropriate storage option • Design advanced applications (20– 25%) • Create compute-intensive applications • Create long-running applications • • Implement Azure Batch for scalable processing, design stateless components to accommodate scale, use Azure Scheduler Design a monitoring strategy Identify the Microsoft products and services for monitoring Azure solutions; leverage the capabilities of Azure Operations Management Suite and Azure Application Insights for monitoring Azure solutions; leverage built-in Azure capabilities; identify third-party monitoring tools, including open source; describe Azure architecture constructs, such as availability sets and update domains, and how they impact a patching strategy; analyze logs by using the Azure Operations Management Suite Describe Azure business continuity/disaster recovery (BC/DR) capabilities • • Design Azure Mobile Services; consume Mobile Apps from cross-platform clients; integrate offline sync capabilities into an application; extend Mobile Apps using custom code; implement Mobile Apps using Microsoft. NET or Node. js; secure Mobile Apps using Azure AD; implement push notification services in Mobile Apps; send push notifications to all subscribers, specific subscribers, or a segment of subscribers Design a management, monitoring, and business continuity strategy (20– 25%) • Design high-performance computing (HPC) and other compute-intensive applications using Azure Services Design Azure App Service Web Apps, design custom web API, offload longrunning applications using Web. Jobs, secure Web API using Azure AD, design Web Apps for scalability and performance, deploy Azure Web Apps to multiple regions for high availability, deploy Web Apps, create App Service plans, design Web Apps for business continuity, configure data replication patterns, update Azure Web Apps with minimal downtime, back up and restore data, design for disaster recovery Design Mobile Applications Select the appropriate storage for performance, identify storage options for cloud services and hybrid scenarios with compute on-premises and storage on Azure • • Design storage options for data, including Table Storage, SQL Database, • Document. DB, Blob Storage, Mongo. DB, and My. SQL; design security options for SQL Database or Azure Storage • Connect to on-premises data from Azure applications using Service Bus Relay, • Hybrid Connections, or the Azure Web App virtual private network (VPN) capability; identify constraints for connectivity with VPN; identify options for joining VMs to domains or cloud services Design Web Applications Leverage the architectural capabilities of BC/DR, describe Hyper-V Replica and Azure Site Recovery (ASR), describe use cases for Hyper-V Replica and ASR Design a disaster recovery strategy • Design and deploy Azure Backup and other Microsoft backup solutions for Azure, leverage use cases when Stor. Simple and System Center Data Protection Design Azure Automation and Power. Shell workflows • • Create a Power. Shell script specific to Azure, automate tasks by using the Azure Operations Management Suite Describe the use cases for Azure Automation configuration • Implement Azure Batch for compute-intensive tasks, use Azure Web. Jobs to implement background tasks, use Azure Functions to implement event-driven • actions, leverage Azure Scheduler to run processes at preset/recurring timeslots Design Azure Web and Mobile Apps (5– 10%) Secure resource scopes, such as the ability to create VMs and Azure Web Apps; implement Azure RBAC standard roles; design Azure RBAC custom roles Identify, assess, and mitigate security risks by using Azure Security Center, Operations Management Suite, and other services • Design connectivity for hybrid applications • • Use a queue-centric pattern for development; select appropriate technology, such as Azure Storage Queues, Azure Service Bus queues, topics, subscriptions, and Azure Event Hubs Implement applications for background processing • Identify security requirements for data in transit and data at rest; identify • security requirements using Azure services, including Azure Storage Encryption, Azure Disk Encryption, and Azure SQL Database TDE Manage security risks by using an appropriate security solution • • • Manager would be appropriate, design and deploy Azure Site recovery Design Azure architecture using Azure services, such as Azure AD, Azure App Service, API Management, Azure Cache, Azure Search, Service Bus, Event Hubs, • Stream Analytics, and Io. T Hub; identify the appropriate use of Azure Machine Learning, big data, Azure Media Services, and Azure Search services Implement messaging applications Design a role-based access control (RBAC) strategy • • • Provide access to resources using identity providers, such as Microsoft account, Facebook, Google, and Yahoo!; manage identity and access by using Azure AD B 2 C; implement Azure AD B 2 B Identify an appropriate data security solution • • Use SAML claims to authenticate to on-premises resources, describe AD Connect synchronization, implement federated identities using Active Directory Federation Services (ADFS) Integrate Azure services in a solution • Describe the differences between Active Directory on-premises and Azure Active Directory (Azure AD), programmatically access Azure AD using Graph API, secure access to resources from Azure AD applications using OAuth and Open. ID Connect Secure resources by using hybrid identities • • Evaluate when to use Azure Automation, Chef, Puppet, Power. Shell, or Desired State Configuration (DSC) Architect an Azure Compute infrastructure (10– 15%) Design ARM Virtual Machines (VMs) • Design VM deployments leveraging availability sets, fault domains, and update domains in Azure; select appropriate VM SKUs Design ARM template deployment • Author ARM templates; deploy ARM templates via the portal, Power. Shell, and CL Design for availability • Implement regional availability and high availability for Azure deployments

Azure - General • Portals • Classic – Service Management Model (ASM) • New – Azure Resource Management (ARM) • Resource Groups can span regions • Use Pricing Calculator to estimate costs • Billing APIs • Rate. Card API - Allows you to get a list of available azure resources along with its estimated pricing information for various subscription types, such as pay-as you-go, MSDN, Biz. Spark etc • Resource Usage API - consumption Power. Shell #Get Azure Powershell version Get-Module -List. Available -Name Azure -Refresh # Get Storage Account Get-Azure. Storage. Account Get-Azure. Rm. Storage. Account # create a context for account and key $ctx = New-Azure. Storage. Context storage-account-name storage-accountkey # Set the default storage account (ARM) Set-Azure. Rm. Current. Storage. Account -Name $strg. Name -Resource. Group. Name $strg. Name # Set the current sub and storage (ASM) Set-Azure. Subscription -Subscription. Name $sub. Name Current. Storage. Account. Name $strg. Name # Create a New Container New-Azure. Storage. Container –Name $name –Permission off # Get Endpoints $storage. Acc. Primary. Endpoints. Blob. To. String() #get current context (ARM) Get-Azure. Rm. Context #list available subscription (ARM) Get-Azure. Rm. Subscription #Set context subscription (ARM) Select-Azure. Rm. Subscription -Subscription. Name "NR MSDN" # Set Context storage account Set-Azure. Rm. Current. Storage. Account -Resource. Group. Name "vm-training" Name "hmsvmtraindsc"

Azure Patterns Cache-aside Load data on demand into a cache from a data store Circuit Breaker Handle faults that may take a variable amount of time to rectify when connecting to a remote service or resource. This pattern can improve the stability and resiliency of an application Competing Consumers Pattern Event Sourcing Pattern Enable multiple concurrent consumers to process messages received on the same messaging channel. Enables a system to process multiple messages concurrently to optimize throughput, to improve scalability and availability, and to balance the workload Command Query Responsibility Segregation (CQRS) Use an append-only store to record the full series of events that describe actions taken on data in a domain, rather than storing just the current state, so that the store can be used to materialize the domain objects. • Segregate operations that read data from operations that update data by using separate interfaces. This pattern can • • maximize performance, scalability, and security; • • Compute Resource Consolidation Pattern Valet Key Pattern External Configuration Store Pattern Federated Identity Pattern Gatekeeper Pattern Index Table Pattern Leader election Pattern Materialized view pattern Priority queue Pattern Queue-based load levelling Pattern Static Content Hosting Pattern

Azure VMs - General • Resource Groups can span regions • 2 Endpoint by default (1 external, 1 internal) • Ports (3389 – Remote Desktop, 5986 – Remote Power. Shell) • Availability Sets • Max update domains: 20 (5 default), Max Fault Domains: 3 (2 default) • Max VMs = 50 • Affinity Groups (Keep resources together. Being phased out of Vnets) • Scale Sets (no need to pre-provision, need to use Azure Resource Explorer to no. deployed) • Load Balance Sets – Classic VMs only and Standard and above • VM Agent – installed by default when using gallery images. • Extensions: DSC, Custom Script Extension, Visual Studio Release Manager (DSC based), Octopus Deploy (DSC based), Docker Extension, Puppet Enterprise, Chef client) • Azure VMs not recommended for: Low volume limited growth or Regulated environments. • Disks • OS Images – Base OS images for new VMs. Sysprepped/Generalized/Read. Only. SATA • Host caching on by default • C: = OS (max 127 GB) • Disks – Writable for VMs. SCSI. 1 TB Max • Caching off by default • D: (/dev/sdb on linux) = temp (not persistent), • E, F, G…=Data disk • Diagnostics • Metrics ( Basic, Network, . NET, ASP. NET, SQL) • Logs (System, Security, Application, Infrastructure, IIS, Boot) Power. Shell - VMs # Deploy using a Template New-Azure. Rm. Resource. Group. Deployment -Name $name -Resource. Group. Name $resource. Group. Name -Template. Uri $template. Uri #Modify caching on disks Set-Azure. Rm. OSDisk Set-Azure. Rm. Data. Disk New-Azure. Acl. Config Set-Azure. VMSize e. g. Get-Azure. VM –Service. Name “My. VM” | Set-Azure. VMSize “Large” | Update-Azure. VM

Azure VMs – Sizes… General • A-Series (and Av 2) • Entry Level - Basic A 0 to Standard A 4 (A 0 is oversubscribed on physical) • High Memory Entry Level - Standard A 5 to A 7 • High Performance - Standard A 8 to A 11 (compute intensive). A 8 & A 9 have 2 nd NIC for remote direct memory access (RDMA) connectivity • D-Series • General purpose production - Standard D 1 to D 14 • Higher compute power, higher mem to core ratio, SSD for temp disk • Dv 2 – 35% faster, same mem & disk conf. 2. 4 GHz Xeon • F-Series (and Fs) • Standard F 1, F 2, F 4, F 8, F 16, F 1 s, F 2 s, F 4 s, F 8 s, F 16 s • Same CPU as Dv 2, but lower mem to core ratio and per-hour list price. • No, matches CPU cores. Fs-Series Optimized for Premium storage • G-Series • High memory and dense local storage - G 1 to G 5 • DS-Series • General purpose production - Standard DS 1 to DS 14 – premium storage ssd • GS-Series • High memory and dense local storage - GS 1 to GS 5 – premium storage ssd • N*-Series • GPU by Nvidea • H-Series • Standard H 8, H 16, H 8 m, H 16 m, H 8 r, H 16 mr • Next gen high performance. For HPC clusters. r, mr feature 2 nd Nic for remote direct memory access (RDMA) connectivity Standard A 0 - A 4 using CLI and Power. Shell Virtual Machine Size CPU Cores Memory Disk Space for Local Storage Resources Max data disk Max NICs / throughput: Network IOPS bandwidth Extra. Small (A 0) Shared 768 MB 20 GB 1 1 x 500 1 / low Small (A 1) 1 1. 75 GB 225 GB 2 2 x 500 1 / moderate Medium (A 2) 2 3. 5 GB 490 GB 4 4 x 500 1 / moderate Large (A 3) 4 7 GB 1000 GB 8 8 x 500 2 / high Extra. Large (A 4) 8 14 GB 2040 GB 16 16 x 500 4 / high A 5 (high mem) 2 14 GB A 6 (high mem) 4 28 GB A 7 (high mem) 8 56 GB A 8 (high network) 8 56 GB 40 Gbit/s Infini. Band A 9 (high network) 16 112 GB 40 Gbit/s Infini. Band

Azure VMs – Migrating and Deploying 1. If Hyper-V then Prepare (complex) 2. Sys. Prep to Generalize a VM 1. %windir%system 32sysprep | OOBE & Generalize & Shutdown 3. If VHDX then convert to VHD (see Power. Shell ) or use Hyper-V manager (Action > Edit Disk > Convert > VHD) 4. If local VM upload VHD (see Power. Shell ). Power. Shell will make disk fixed on upload. Migrate a VM Process 1. Shut down the VM 2. Copy the VHD from source to destination storage account 3. Create an Azure Disk from Blob 4. Create new VM using Azure Disk Power. Shell - VMs # Convert VHDX to VHD Convert-VHD –Path c: testMY-VM. vhdx –Destination. Path c: testMYNEW-VM. vhd -VHDType Fixed # Upload VHD to Azure $url. Of. Uploaded. Image. Vhd = "https: //mystorageaccount. blob. core. windows. net/mycontainer/my. Upl oaded. VHD. vhd" Add-Azure. Rm. Vhd -Resource. Group. Name $rg. Name -Destination $url. Of. Uploaded. Image. Vhd -Local. File. Path "C: UsersPublicDocumentsVirtual hard disksmy. VHD. vhd“ # Set NIC ACL ? ? ? # Add-Azure. Provisioning. Config –Windows –Admin. Username $admin. User – Password $admin. Pasword | $webvm 1 = New-Azure. VMConfig –Name “Webvm 1” –Instance. Size Small – Image. Name $vmimage New-Azure. VM –Service. Name $svcname –VMs $webvm 1 –Location $location

Azure VMs – Config and DSC General • Desired State Configuration • State Drift Control using Azure VM Agent, ARM templates, DSC, Chef (recipes, Knife azure plug-in) and Puppet (Puppet master, puppet enterprise agent) • The Azure DSC Extension takes in DSC configuration documents and enacts them on Azure VMs • Custom Script Extension • Logging • Logs are placed in: C: Windows. AzureLogsPluginsMicrosoft. Powershell. DSC[Version Number] • Compile configuration into a MOF document Power. Shell - VMs # Publish DSC Publish-Azure. VMDsc. Configuration Publish-Azure. Rm. VMDsc. Configuration # Set disk config (e. g. Caching) Set-Azure. OSDisk Set-Azure. Data. Disk Configuration My. Dsc. Configuration { node (“localhost”) { Windows. Feature IIS { Ensure = “present” # Alternatively, to ensure the role is uninstalled, set Ensure to "Absent" Name = “Web-Server” # Use the Name property from Get-Windows. Feature } File Web. Page { Ensure = “Present” Destination. Path = “c: inetpubwwwrootindex. html” Force = $true Type = “File” Contents = ‘<html><body><h 1>Hello!</h 1></body></html>’ Depends. On = "[Windows. Feature]IIS" #ensures this runs after the IIS install } Log After. Web. Page. Creation { # The message below gets written to the Microsoft-Windows-Desired State Configuration/Analytic log Message = "Finished adding the default web page" Depends. On = "[File]Web. Page" # This means run "Web. Page" first. } } } Built-in Resources • • • • Archive Resource Environment Resource File Resource Group Resource Log Resource Package Resource Registry Resource Script Resource Service Resource User Resource Windows. Feature Resource Windows. Process Resource NOT Networking!!

SQL VMs Migration • • • Supported versions • 2014, 2012, 2008 R 2 and templates • Licensing - pay per hour or migrate own license (create own image) Best Practice • Verify disk cache settings on data disks • Avoid using OS drives • Put data and logs on separate disks • Use SQL Server File Groups instead of Disk Striping • Consider using database page compression to reduce i/o • Consider latency between primary and replica when choosing sync mode • Use availability sets • Disable geo-replication on storage account for consistency • Capacity is 20, 000 IOPS per Storage Account - 500 IOPS per disk SQL Always On Availability (AOA). Enable Direct Server Return on NLB!

Azure HPC Pack https: //docs. microsoft. com/en-us/azure/cloud-services/cloudservices-setup-hybrid-hpcpack-cluster General • Microsoft HPC Pack 2016 Templates • Require a PFX certificate to secure comms between HPC Nodes. Upload to Key Vault. • Hybrid (Burst to cloud) • On premise head must be joined to an AD domain • HPC Pack installs a self signed certificate that can be uploaded to Azure • Create an ‘Azure Node’ template Power. Shell create cert: New-Self. Signed. Certificate -Subject "CN=HPC Pack 2016 Communication" -Key. Spec Key. Exchange -Text. Extension @("2. 5. 29. 37={text}1. 3. 6. 1. 5. 5. 7. 3. 1, 1. 3. 6. 1. 5. 5. 7. 3. 2") -Cert. Store. Location cert: Current. UserMy -Key. Export. Policy Exportable -Not. After (Get-Date). Add. Years(5)

Azure Storage - General Valid values for -Sku. Name are: • Standard_LRS - Locally redundant storage. • Standard_ZRS - Zone redundant storage. • Standard_GRS - Geo redundant storage. • Standard_RAGRS - Read access geo redundant storage. • Premium_LRS - Premium locally redundant storage. General • Account Kind • Blob • Standard Performance only • Access Tiers – Hot or cold • General Purpose • Performance • Standard • Premium • SSDs - Currently only store vhds. Up to 64 TB per VM • 80, 000 IOPS per VM, 50, 000 IOPS per disk, 2 GB per sec throughput • ~5 ms read/write latency (uncached), <1 ms read latency (cached) • Used by DS or GS series VMs (creates premium storage automatically) • Limited sizes: 128, 512, 1023 Gi. B • Replication (once selected can’t change) • LRS - Locally redundant - 3 reps, 1 data center • ZRS - Zone-redundant - 3 reps across 2 -3 data centers in 1 or 2 regions • GRS - Geo-redundant - 6 reps in 2 regions • RA-GRS - Read Access Geo - 6 reps in 2 regions, 2 nd readable • Azure Storage Explorer Security • HTTPS or SMB is encrypted. Can encrypt at rest. Storage Access Keys (2) – Full access Storage Access Policy (SAP) – Policies defined, can be revoked Shared Access Signatures (SAS) - Time limited, container or resource level • URL - sv=storage version, st=start time, se=expiry, sr= resource type, sp=permissions, sip=ip range, spr=protocol, sig= auth key Role-Based Access Control (RBAC) – admin controls • Storage Diagnostics (Minimal, Verbose, Off) • • Power. Shell – Storage General # Create New ARM Storage Account New-Azure. Rm. Storage. Account -Resource. Group. Name my. Resource. Group -Name mystorageaccount -Location "West US" -Sku. Name "Standard_LRS" -Kind "Storage" # Get Storage Account Get-Azure. Storage. Account Get-Azure. Rm. Storage. Account # create a context for account and key $ctx=New-Azure. Storage. Context storage-account-name storage -account-key # Set the default storage account (ARM) Set-Azure. Rm. Current. Storage. Account -Name $strg. Name Resource. Group. Name $strg. Name # Set the current sub and storage (ASM) Set-Azure. Subscription -Subscription. Name $sub. Name Current. Storage. Account. Name $strg. Name # Create a New Container New-Azure. Storage. Container –Name $name –Permission off # Get Endpoints $storage. Acc. Primary. Endpoints. Blob. To. String() # Get SAS Url $sas. Url = New-Azure. Storage. Container SASToken -Name $blob. Container. Name -Permission rwdl -Context $ctx Expiry. Time (Get-Date). Add. Months(1) -Full. Uri

Azure Storage – General cont… SAS Patterns Value-Key Pattern Power. Shell – Storage General # Get Storage Account #set current sub and storage acc Set-Azure. Subscription -Subscription. Name $sub. Name -Current. Storage. Account. Name $strg. Name # set the default account ARM Set-Azure. Rm. Current. Storage. Account -Name $strg. Name -Resource. Group. Name $strg. Name # Set Logging for Tables Set-Azure. Storage. Service. Logging. Property -Service. Type Table -Logging. Operations Delete, Write -Retention. Days 35 Set-Azure. Storage. Service. Logging. Property -Service. Type Blob -Logging. Operations All -Retention. Days 35 Set-Azure. Storage. Service. Logging. Property -Service. Type Queue -Logging. Operations None -Retention. Days 35 Set-Azure. Storage. Service. Logging. Property -Service. Type File -Logging. Operations Read -Retention. Days 35 # ===== Blobs ======= Get-Azure. Storage. Account -Storage. Account. Name #Add new container New-Azure. Storage. Container -Name "My. Container" -Permission Blob New-Azure. Storage. Container -Name "My. Container" -Permission Container New-Azure. Storage. Container -Name "My. Container" -Permission Off

Azure Storage - Blobs Power. Shell - Blobs # Get Storage Account Get-Azure. Storage. Account # Create a new container New-Azure. Storage. Container -Name $name -Permission Blob # Copy Start-Azure. Storage. Blob. Copy # Upload VHD Add-Azure. Rm. VHD #Download a VHD Save-Azure. Rm. VHD General • • • Block blobs (Max 200 GB each), Append Blobs (like Block, but optimised for append, e. g. logging), Page Blobs (Max 1 TB, Good with high read/write, VHDs, 512 byte pages) All blobs must be in a container • Private (default) (Off) • Blob - Blobs can be read by anyone (Public) (Blob) • Container – metadata read only (Container) Unlimited files and containers OS and Data disk s can be encrypted using Azure Disk Encryption X-plat CLI Account Kind • Blob (Standard Performance only - Access Tiers: Hot or Cold) REM Upload to blob • General Purpose azure storage blob upload --file "c: tempdemofile. txt" --container Performance "files" --blob "uploadedfile. txt" --connection-string • Standard "Default. Endpoints. Protocol=https; Account. Name=edxtrain 1; Account. Key=JGpg • Premium (SSDs - Currently only store vhds, Use for Exchange, SQL Server Dynamix lv 3 ox. Umu 3 fg. Dln 4 a. XK 1 oh. DPfh. L 449 WIU/vqd. O 1 Vj 5 i. QW 6 JAMj. Ksmgj 792 n 8 jwu 0 c. Qbr. EG etc. . , Up to 64 TB per VM, 80, 000 IOPS per VM, 50, 000 IOPS per disk, 2 GB per sec ZJBg 5 c. Y 1 Li 2 a. Q==; " throughput, ~5 ms read/write latency (uncached), <1 ms read latency (cached), Used by REM Create a Storage Access Policy and Share Access Signature DS or GS series VMs (creates premium storage automatically), Limited sizes: 128, 512, 1023 Gi. B, Needs consideration - $policy = New-Azure. Storage. Container. Stored. Access. Policy -Container Replication files -Policy download. Policy -Permission rdl -Context $context • LRS - Locally redundant - 3 reps, 1 data center | ZRS - Zone-redundant - 3 reps across 2 3 Datacenters in 1 or 2 regions | GRS - Geo-redundant - 6 reps in 2 regions | RA-GRS - $token = New-Azure. Storage. Container. SASToken -Name files -Policy Read Access Geo - 6 reps in 2 regions, 2 nd readable download. Policy -Context $context Encryption • List. Blobs() • Default off • Can specify a prefix Az. Copy You can list blobs hierarchically, in a manner similar to traversing a file system, or in a flat listing, where all blobs matching the specified prefix are returned by the listing operation. • You can specify additional details to return with the listing, including copy properties, metadata, snapshots, and uncommitted blobs. List. Blobs. Segmented() • Returns a mx of 5, 000 items, Can specify a prefix, continuation token • •

Azure Storage - Files General • SMB 2. 1 and 3. 0 supported • 1 TB max file size • Max size of File Share = 5 TB, unlimited number of files • Access URL • https: //<storage account name>. file. core. windows. net/<share>/<directory>/<directories…>/<file> • Accessible from anywhere by default Power. Shell - Files # Create new file share $s = New-Azure. Storage. Share myshare – Context $ctx # Create a directory New-Azure. Storage. Directory –Share $s –Path mydirectory # Upload a local file Set-Azure. Storage. File. Content –Share $s – Source c: tempmyfile. txt # Copy to a new directory Start-Azure. Storage. File. Copy Connect commands: net use [drive letter] \hmstrainingdefaultstore. file. core. windows. nettest 1 /u: hmstrainingdefaultstore [storage account access key] sudo mount -t cifs //hmstrainingdefaultstore. file. core. windows. net/test 1 [mount point] -o vers=3. 0, username=hmstrainingdefaultstore, password=[storage account access key], dir_mode=0777, file_mode=0777

Azure Storage - Tables General • No. SQL key/attribute store • Schema-less • Massively scalable Power. Shell - Files # Create a directory New-Azure. Storage. Directory . Net Get SAS public string Get. Shared. Access. Signature( Shared. Access. Table. Policy policy, string access. Policy. Identifier, string start. Partition. Key, string start. Row. Key, string end. Partition. Key, string end. Row. Key ) table. Key = this. my. Table. Get. Shared. Access. Signature(new Shared. Acess. Table. Policy(), my. Policy, Jones. M 01, null, null); Sample Cloud. Storage. Account storage. Account = Cloud. Storage. Account. Parse ("Default. Endpoints. Protocol=https; Account. Name=your_account; Account. Key=your_account_ke y"); Cloud. Table. Client table. Client = storage. Account. Create. Cloud. Table. Client(); Cloud. Table table = table. Client. Get. Table. Reference("customers"); Customer. Entity customer = new Customer. Entity("Harp", "Walter"); customer. Email = "Walter@contoso. com"; customer. Phone. Number = "425 -555 -0101"; Table. Operation insert. Operation = Table. Operation. Insert(customer); await table. Execute. Async(insert. Operation); Table. Operation retrieve. Operation = Table. Operation. Retrieve<customerentity>("Harp", "Walter"); Table. Result result = await table. Execute. Async(retrieve. Operation);

Azure Storage - Queues General Power. Shell - Files # Create a directory New-Azure. Storage. Directory X-plat CLI

Azure Backup Vault Power. Shell - Files General • Backup files from Windows to Azure • Create backup Vault in geographic region • Vault credentials replace certificates • Backup Agent Required • WABInstaller • Requires Windows Identity Framework (WIF) and Power. Shell • Agent Type • Azure Backup Agent • Windows Server and System Center Data Protection Manager • Windows Server Essentials • Can install on Server 2008 R 2 SP 1 +, 64 bit Win 7+, extension available for essentials 2012 Setting up Workflow 1. Configure Azure Backup Vault 2. Download vault credentials 3. Run MARSAgent. Installer. exe /m /q (m=check for updates) 4. Create a passphrase to encrypt and decrypt backups 5. Specify backup schedule # Start-OBRecovery –Recoverable. Item $my. Item –Recovery. Option $secure. String –Credential $cred

Azure Active Directory General • Still uses classic portal • <xyz>. onmicrosoft. com • SSO, Multi-factor, RBAC, Device Registration • Self-service password and group management • Subscriptions • Free – 500, 000 objects, 10 apps per user SSO • Standard – Free + No object limits, Application proxy apps, Groups, Self service, branding, app proxy, SLA, 99. 9% • Premium – Standard + No SSO App limits, Service App integration templates, Selfservice app management, on-premise write back, multi-factor auth, identity manager cal, cloud app discovery, connect health, privileged id management. • Multi-Factor Authentication (MFA) • Mobile App, Phone call, text, email, third party oath • Available as stand-alone or AD Premium • Can configure to skip on federated users on intranets and known subnets. Also to suspend on remembered devices for x days • Hybrid • Extend - Add AD Server VM in Azure. New site. Global Catalog server. • Synchronize – Azure AD Connect (Dir. Sync, Azure AD Sync, FIM+AD Connector). Simplest, password sync and write-back. Multi-forest, filtering objects and attributes. • Federated Trust with Azure AD • AD FS to allow Azure. AD to authenticate against internal AD. • Azure AD Connect Health (supports ADFS, Sync and AD DS) • SSO – Pre-integrated Saa. S Apps (uses SAML federation) Power. Shell - AAD # Active Get-Msoluser New-Msoluser Remove-msoluser Restore-msoluser Set-Msol. User. Password Set-Msol. User. Principle. Name Add-Msol. Group. Member Get-Msol. Group. Member New-Msol. Group Remove-Msol. Group Set-Msol. Domain. Authentication Convert-Msol. Federated. User • • Cloud App Discovery – Premium only! find users app usage. Federation – Passes on Authentication. No local accounts. Claims based authentication. • Security Token Services (STS)

Azure Active Directory cont… General • Still uses classic portal Convert-Msol. Domain. To. Federated

Azure Active Directory cont… 2 App Endpoints • Federation Metadata Document • WS-Federation Sign-on Endpoint • SAML-P Sign-On endpoint • SAML-P Sign-Out endpoint • Microsoft Azure AD Graph API endpoint • OAuth 2. 0 Token endpoint • OAuth 2. 0 Authorization endpoint General • SSO Protocols • SAML-P • 3 rd party vendors • WS-Federation • Open. ID Connect • OAuth 2 • Graph Api • https: //graph. windows. net/{ten ant_id}/{resource _path}? {api_version} • ADAL? ? Azure AD supports three different ways to sign in to applications: • Federated Single Sign-On enables applications to redirect to Azure AD for user authentication instead of prompting for its own password. This is supported for applications that support protocols such as SAML 2. 0, WS-Federation, or Open. ID Connect, and is the richest mode of single sign-on. • Password-based Single Sign-On enables secure application password storage and replay using a web browser extension or mobile app. This leverages the existing sign-in process provided by the application, but enables an administrator to manage the passwords and does not require the user to know the password. • Existing Single Sign-On enables Azure AD to leverage any existing single sign-on that has been set up for the application, but enables these applications to be linked to the Office 365 or Azure AD access panel portals, and also enables Federation • • • Powershell Convert-Msol. Domain. To. Federated ITR (Issuance Transform Rule) • Controls how claims are issued to a trusting relying party • By default, the ITR transforms the Windows. Account. Name, UPN and Immutable. ID from the claims provider so they can be used for tokens • 2 rules created, unless ‘-Support. Multiple. Domains’, then 3. • Rule 3 should be edited if subdomains needed IAR (Issuance Authorization Rule) • Controls access to a trusting relying party. E. g. Office 365 • Defaults to “Permit Access to All Users”

Azure Active Directory cont… 3

Azure App Services • General • Modern Apps – APIs, Mobile Apps, Web Apps, Io. T, Cognitive • Web Apps, Mobile Apps, Logic Apps, API Apps, Functions (server-less) • . Net, Python, node. js, PHP, Java • App Service Plan - Defines Region, Scale count, Instance Size, SKU (Free, Shared, Basic, Standard, Premium) Max 20 servers • App Service Environment – premium service, private isolated, very high scale and security, dedicated compute pools, Max 50 servers • Dynamic Service Plan – for Azure Functions. Cost is a function execution time, memory size and number of executions. 128 MB to 1, 536 MB • Azure Stack – own data center App Service fabric • Cloud App Discovery – Premium only! find users app usage. Federation – Passes on Authentication. No local accounts. Claims based authentication. • Security Token Services (STS)

Azure App Services Plans capability Free Shared Basic Standard Premium Web, mobile, or API apps 10 100 Unlimited Disk space 1 GB 10 GB 50 GB 250 GB Logic App Actions (per day) * 200 10, 000 50, 000 Maximum instances – – Up to 3 Up to 10 Up to 50 App Service Environments (req. min 6 cores) – – Supported SLA – – 99. 95% Slots - - - 5 20 Auto-scale - - - Supported Backups /day - - - 2 50 Custom domains - Supported SSL Certs - - Unlimited SNI + 1 IP Logic App Definitions 10 10 10 25 100 Host Basic Apps More Features for Dev / Test Go Live with Web and Mobile Enterprise Scale and Integration

Azure App Services cont. . General • Lock (Can. Not. Delete, Read. Only) • Swap Slots • See below for which settings swap • • • Kudu – Command Interface Extensions (application Insights, New Relic, Php Manager, Jekyll…) Deployment (FTP, Web Deploy, One. Drive, Dropbox, Kudu (can unzip), VSO, Local Git, Git. Hub, Bitbucket, Azure CLI ) Power. Shell # Create App Service Plan New-Azure. Rm. App. Service. Plan -Location "South Central US" Resource. Group. Name Destination. Azure. Resource. Group -Name New. App. Service. Plan -Tier Premium # Create a Backup New-Azure. Rm. Web. App. Backup -Resource. Group. Name $resource. Group. Name $app. Name -Storage. Account. Url $sas. Url # Restore from backup $backup. List = $app | Get-Azure. Rm. Web. App. Backup. List $backup = $app | Get-Azure. Rm. Web. App. Backup -Backup. Id 10102 $backup | Restore-Azure. Rm. Web. App. Backup -Overwrite # Clone an existing App (Premium Only) $srcapp = Get-Azure. Rm. Web. App -Resource. Group. Name Source. Azure. Resource. Group -Name source-webapp $destapp = New-Azure. Rm. Web. App -Resource. Group. Name Destination. Azure. Resource. Group -Name dest-webapp -Location "North Central US" -App. Service. Plan Destination. App. Service. Plan Source. Web. App $srcapp

Azure App Services - Web Apps X-plat CLI # App Service Plans azure appserviceplan list --resource-group My. RG azure appserviceplan create azure appserviceplan show azure appserviceplan config azure appserviceplan delete # Create, delete and list azure webapp create --name Contoso. Web. App --resource-group Contoso. Azure. Resource. Group --plan Contoso. App. Service. Plan -location "South Central US" azure webapp delete --name Contoso. Web. App --resource-group Contoso. Azure. Resource. Group azure webapp list --resource-group Contoso. Azure. Resource. Group # Config, restart etc. . azure webapp config set azure webapp config hostnames azure webapp config appsettings azure webapp restart azure webapp stop azure webapp start # Get publishing profile azure webapp publishingprofile --name Contoso. Web. App --resource -group My. GG Power. Shell # Get-Azure. Rm. Web. App –Name $sitename New-Azure. Rm. Web. App -Name $sitename -App. Service. Plan $app. Service. Plan -Resource. Group. Name $rg. Name -Location $loc -ASEName $ase. Name -ASEResource. Group. Name $ase. Rg. Name Set-Azure. Rm. Web. App -Name $sitename Restart-Azure. Rm. Webapp Stop-Azure. Rm. Webapp Start-Azure. Rm. Webapp Remove-Azure. Rm. Web. App Get-Azure. Rm. Web. App. Publishing. Profile -Name $sitename -Resource. Group. Name $rg. Name-Output. File . publishingprofile. txt

Azure App Services - Mobile Apps • Cross platform SDK • Offline data and data sync (uses SQLite) • Incl. Notification Hub (Push) • Free (1 M pushes, 500 active devices) | Basic (10 M pushes, 200 K Active Devices)| Standard (10 M pushes, 10 M Active Devices, Rich telemetry, Bulk Operations, Scheduled, Multitenancy) • Require namespace Register App for Push Services (App secret password and package SID) • Tags • Client Requested • Automatically Added • Broadcast | Unicast/Multicast | Segmentation (Tags) • Templates • Platform Notification System (PNS) • Windows Phone (Windows Notification Service (WNS)) – Tiles, Badges, Notifications • i. OS (Apple Push Notification Service (APNS)) FREE 1 BASIC STANDARD Price 2 Free (up to 10 services / month) £ 11. 17 / month per unit £ 104. 34 / month per unit API Calls 2 500 K 1. 5 M / unit 15 M / unit Active Devices 3 500 Unlimited Scale N/A Up to 6 units Unlimited units Push Notifications Notification Hubs Free Notification Hubs Standard Tier included, Basic Tier included, up to 1 M pushes up to 10 M pushes Real time messaging & Web Sockets Limited 350 / mobile service Unlimited Offline synchronizations Limited Included Scheduled jobs 4 Limited 1 Job, 1 exec/hr Included SQL (required) 20 MB included for 1 yr, Standard rates apply Standard rates after apply after 20 MB included for 1 yr, Standard rates apply after CPU capacity 60 minutes / day Unlimited Included 50 GB per 30 days Included 500 GB per 30 days Database 5 165 MB per day (daily Outbound data transfer Rollover)* 5 GB per 30 days

Azure App Services - Mobile Apps cont… • Incl. Notification Hub (Push) • Free (1 M pushes, 500 active devices) | Basic (10 M pushes, 200 K Active Devices)| Standard (10 M pushes, 10 M Active Devices, Rich telemetry, Bulk Operations, Scheduled, Multitenancy) • i. OS, Android, WNS, • Require namespace Register App for Push Services (App secret password and package SID) • Tags • Client Requested • Automatically Added • Broadcast | Unicast/Multicast | Segmentation (Tags/Tag expression) • Templates – Each device type can have multiple templates • Platform Notification System (PNS) • Services Supported • Windows Notification Service (WNS) or Windows Phone (MPNS) – Tiles, Badges, Notifications • i. OS (Apple Push Notification Service (APNS)) • Google Firebase Cloud Messaging (FCM), use Google Cloud Messaging (GCM) in Notification Hub. • Amazon (ADM) • Baidu (Android China)

Azure Websites (Classic) General • Slots only available in Standard or Premium • Deploy using Portal, Git. Hub, VSO, FTP, One. Drive, Drop. Box • Hosting Plans • Free (1 GB storage) • Shared (Free + Custom Domains) • Basic (instance sizes [mall, medium, large], 10 GB, SSL, 3 instances) • Standard (50 GB, autoscaling, schedules, metrics (CPU, Instance), Traffic Manager, 5 slots, 10 instances, daily backup) • Premium (250 GB, 20 Instances, 20 Slots, Backup 50 times per day, Biz. Talk services) • 64 -bit only, Web sockets, SSL Certs, Custom domains (Shared too), SSL Binding to custom domains, Add End Points, available in Basic or Standard • Default domain azurewebsites. net - Awverify. • Monitoring • Endpoints (2 endpoints, 3 geographic locations, every 5 mins) • Performance monitoring • Diagnostics • Application (lasts 12 hours), Web server (W 3 C extended log format), Detailed error messages, failed request tracing (xml). • Can FTP download logs • Kudu – http: //mysite. scm. azurewebsites. net • Connection Strings • . Net uses connection. Strings, not. Net Environment variables Power. Shell # Websites Get-Azure. Website $sitename New-Azure. Website $sitename –Slot staging –Location “North Europe” Publish-Azure. Website. Project $sitename –Slot staging – Package [path]. zip Show-Azure. Website –Name $sitename –Slot staging Switch-Azure. Website. Slot –Name staing Remove-Azure. Website –Name $sitename –Slot staging # Download log Save-Azure. Web. Site. Log –Name $sitename # View live stream Get-Azure. Web. Site. Log –Name $sitename -Tail X-plat CLI # List command available for Websites Call azure site –h azure site list mysite azure site create mysite –slot staging azure site create --git mysite --slot staging azure site swap staging azure site delete mysite --slot staging Azure site log download mysite Azure site log tail mywebsite

Azure Cloud Service (classic) General • Slots only available in Standard or Premium. Only two, staging and production. • Web Roles and Worker Roles (no public endpoints) • 3 Deployment components • Service Definition file (. csdef) • Defines service model incl. what roles. • Sites, Input. Endpoints, Internal. Endpoints, Configuration. Settings, Certificates, Local. Resources, Imports, Startup • Diagnostics • Service Configuration File (. cscfg) • Configuration for the cloud service and roles, incl. number of role instances. • Instances, Configuration. Settings, Certificates • Can reconfigure cloud service by altering this after deployment • Network configuration (Specify Reserved IP <Reserved. IP name=“” />, VLAN <Virtual. Network. Site>) • Uploaded separately from. cspkg • Service Package (. cspkg) • Contains application code and service definition file (. csdef) • Generated from the. csdef • Can deploy updates to 1 or all roles. Can use portal, VS • CSPack. exe command line tool to create. cspkg Power. Shell # X-plat CLI and batch # List command available for Websites Call azure site –h cspack [Directory. Name][Service. Definition] /role: [Role. Name]; [Role. Binaries. Directory] /sites: [Role. Name]; [Virtual. Path]; [Physical. Path] /out: [Output. File. Name] cspack [Directory. Name][Service. Definition] /out: [Output. File. Name] /role: [Role. Name]; [Role. Binaries. Directory] /sites: [Role. Name]; [Virtual. Path]; [Physical. Path] /role: [Role. Name]; [Role. Binaries. Directory]; [Role. Assembly. Na me]

Azure Redis Cache Power. Shell General • Only Premium tier supports clustering • 99. 9% SLA on Standard and Premium, Not Basic SKU $resource. Group. Name -Name $cache. Name -Location "North Europe" -Sku $sku -Size 13 GB -Shard. Count 6 # New cache New-Azure. Rm. Redis. Cache -Resource. Group. Name Pricing tier Size CPU cores Available bandwidth 1 KB Key size Standard cache sizes Megabits per sec (Mb/s) / Megabytes per sec (MB/s) Requests per second (RPS) . Net C 0 250 MB Shared 5 / 0. 625 600 C 1 1 GB 1 100 / 12. 5 12200 // NOTE: // The object returned from the Get. Database method is a // lightweight pass-through object and does not need to be stored. // Copy C 2 2. 5 GB 2 200 / 25 24000 C 3 6 GB 400 / 50 49000 C 4 13 GB 2 500 / 62. 5 61000 // Perform cache operations using the cache object. . . // Simple put of integral data types into the cache C 5 26 GB 4 1000 / 125 115000 C 6 53 GB 8 2000 / 250 150000 cache. String. Set("key 1", "value"); cache. String. Set("key 2", 25); Premium cache sizes CPU cores per shard Requests per second int key 2 = (int)cache. String. Get("key 2"); (RPS), per shard // If key 1 exists, it is overwritten. P 1 6 GB 2 1000 / 125 140000 P 2 13 GB 4 2000 / 250 220000 P 3 26 GB 4 2000 / 250 220000 P 4 53 GB 8 4000 / 500 250000 4 // connection refers to a previously configured Connection. Multiplexer IDatabase cache = connection. Get. Database(); Connection. Multiplexer connection = Connection. Multiplexer. Connect("contoso 5. redis. cache. windows. net, abort. Connect=false, ssl=true, password=. . . "); IDatabase cache = connection. Get. Database(); // Simple get of data types from the cache string key 1 = cache. String. Get("key 1"); cache. String. Set("key 1", "value 1"); string value = cache. String. Get("key 1"); if (value == null) { // The item keyed by "key 1" is not in the cache. Obtain // it from the desired data source and add it to the cache. value = Get. Value. From. Data. Source(); cache. String. Set("key 1", value); }

Azure Service Bus Power. Shell General • Tool: Service Bus Explorer • Queues • Topics • Relay has now moved to a separate Azure Service • Notification Hub has now moved to a separate Azure Services. Feature Basic Standard Premium Queues y y y Scheduled messages y y y Topics – y y Transactions – y y De-duplication – y y Sessions – y y Forward. To / Send. Via – y y Message Size 256 KB 1 MB Brokered connections included 100 1, 0001 1, 000 per MU Brokered connections (overage allowed) – (billable) Up to 1, 000 per MU Resource isolation N - Shared y # Active G X-plat CLI

Azure Relay General • Add Nu. Get “Microsoft Azure Service Bus” Service. Host sh = new Service. Host(typeof(Problem. Solver)); sh. Add. Service. Endpoint( typeof (IProblem. Solver), new Net. Tcp. Binding(), "net. tcp: //localhost: 9358/solver"); sh. Add. Service. Endpoint( typeof(IProblem. Solver), new Net. Tcp. Relay. Binding(), Service. Bus. Environment. Create. Service. Uri ("sb", "namespace", "solver")). Behaviors. Add(new Transport. Client. Endpoint. Behavior { Token. Provider = Token. Provider. Create. Shared. Access. Signature. Token. Provider("Root. Manage. Shared. Acces s. Key", "<your. Key>")}); sh. Open(); Console. Write. Line("Press ENTER to close"); Console. Read. Line(); sh. Close(); In the example, you create two endpoints that are on the same contract implementation. One is local and one is projected through Service Bus. The key differences between them are the bindings; Net. Tcp. Binding for the local one and Net. Tcp. Relay. Binding for the Service Bus endpoint and the addresses.

Azure Batch General • Fully managed HPC facility • REST, . NET, Python, node. js, Java • Schedules • Pay for what you use • App must have • Batch. Account. Name • Batch. Account. Key • Batch. Account. Url • Storage. Accont. Name & Storage. Account. Key Step 1. Create containers in Azure Blob Storage. Step 2. Upload task application files and input files to containers. Step 3. Create a Batch pool. 3 a. The pool Start. Task downloads the task binary files (Task. Application) to nodes as they join the pool. Step 4. Create a Batch job. Step 5. Add tasks to the job. 5 a. The tasks are scheduled to execute on nodes. 5 b. Each task downloads its input data from Azure Storage, then begins execution. Step 6. Monitor tasks. 6 a. As tasks are completed, they upload their output data to Azure Storage. Step 7. Download task output from Storage. Power. Shell #Creates a job in the Batch service. New-Azure. Batch. Job #Creates a pool in the Batch service. New-Azure. Batch. Pool #Creates a Batch task under a job. New-Azure. Batch. Task

Azure Automation General • Create a Run As account Power. Shell # Get an Azure Automation Credential Get-Azure. Automation. Credential – Automation. Account. Name $acc. Name New-Azure. Automation. Account New-Azure. Automation. Credential New-Azure. Automation. Schedule New-Azure. Automation. Variable New-Azure. Automation. Certificate New-Azure. Automation. Connection New-Azure. Automation. Module New-Azure. Automation. Run. Book Publish-Azure. Automation. Run. Book Register-Azure. Automation. Scheduled. Runbook Start-Azure. Automation. Runbook Stop-Azure. Automation. Runbook Suspend-Azure. Automation. Runbook Register-Azure. Automation. Scheduled. Runbook Unregister-Azure. Automation. Scheduled. Runbook

Azure Notification General • Templates • Limited to XML or JSON • Use for cross-platform • Use for Personalisation • Need to Register Templates Template Expression Description $(prop) Reference to an event property with the given name. Property names are not case-sensitive. This expression resolves into the property’s text value or into an empty string if the property is not present. $(prop, n) As above, but the text is explicitly clipped at n characters, for example $(title, 20) clips the contents of the title property at 20 characters. . (prop, n) As above, but the text is suffixed with three dots as it is clipped. The total size of the clipped string and the suffix does not exceed n characters. . (title, 20) with an input property of “This is the title line” results in This is the title. . . %(prop) Similar to $(name) except that the output is URI-encoded. Used in JSON templates (for example, for i. OS and Android templates). #(prop) This function works exactly the same as $(prop) previously specified, except when used in JSON templates (for example, Apple templates). In this case, if this function is not surrounded by “{‘, ’}” (for example, ‘my. Json. Property’ : ‘#(name)’), and it evaluates to a number in Javascript format, for example, regexp: (0|([1 -9][0 -9]*))(. [0 -9]+)? ((e|E)(+|-)? [0 -9]+)? , then the output JSON is a number. For example, ‘badge : ‘#(name)’ becomes ‘badge’ : 40 (and not ‘ 40‘). ‘text’ or “text” A literal. Literals contain arbitrary text enclosed in single or double quotes. expr 1 + expr 2 The concatenation operator joining two expressions into a single string.

Azure Functions General • Languages (c#, f#, node. js, python, PHP, Batch, Bash, Exe) • Uses Web. Jobs SDK, Supports Nuget, Supports o. Auth providers • 2 Plans • Consumption and App Service (dedicated VM. Use for continuous functions) • Project Files • Appsettings. json (VS – Connection strings) • Hosts. json (VS – Config behaviour of Azure Functions host) • Function. json (Input and output bindings. Random GUID syntax for path = {rand-guid} • Project. json (dependencies, Nu. Gets) • Run. csx (c# code) • • Triggers • Blob. Trigger - Process Azure Storage blobs when they are added to containers. You might use this function for image resizing. • Event. Hub. Trigger - Respond to events delivered to an Azure Event Hub. Particularly useful in application instrumentation, user experience or workflow processing, and Internet of Things (Io. T) scenarios. • Generic webhook - Process webhook HTTP requests from any service that supports webhooks. • Git. Hub webhook - Respond to events that occur in your Git. Hub repositories. For an example, see Create a webhook or API function. • HTTPTrigger - Trigger the execution of your code by using an HTTP request. • Queue. Trigger - Respond to messages as they arrive in an Azure Storage queue. For an example, see Create an Azure Function that binds to an Azure service. (default 1 min polling) • Service. Bus. Queue. Trigger - Connect your code to other Azure services or onpremise services by listening to message queues. • Service. Bus. Topic. Trigger - Connect your code to other Azure services or onpremise services by subscribing to topics. • Timer. Trigger - Execute cleanup or other batch tasks on a predefined schedule. For an example, see Create an event processing function. Integrations • Azure Document. DB, Azure Event Hubs , Azure Mobile Apps (tables), Azure Notification Hubs, Azure Service Bus (queues and topics), Azure Storage (blob, queues, and tables) , Git. Hub (webhooks), On-premises (using Service Bus) . Net // Environment Variables in App Settings use: System. Environment. Get. Environment. Variable("my. Setting", Environment. Variable. Target. Process)

Azure Logic Apps General • Triggers • HTTP request • Webhook • Polling • Batches and Looping • Split. On • For. Each • Until • Functions integration • Use Generic Webhook template • Connectors that includes Salesforce, Office 365, Twitter, Dropbox, Google Services and more • Integration Accounts Power. Shell # Active New-Azure. Rm. Logic. App Creates a logic app in a resource group. X-plat CLI

Azure Media Services General • Encryption Options • Storage. Encrypted • Common. Encryption. Protected • Envelop. Encryption. Protected • Dynamic Packaging (Standard or Premium) • Encoders • FLV (with H. 264 and AAC codec) • MXF • GXF • MPEG 2 • MWV / ASF • MP 4 / ISMV • . dvr-ms • . MKV • WAV • Quick. Time (. mov) • …plus many more Power. Shell # Active X-plat CLI

Azure Web. Jobs Power. Shell # Active G General • . exe, . cmd (Batch), . ps 1 (Power. Shell), . py (Python), . php (PHP), . js (Node. js) • How to run • Continuous • Do NOT use with schedule • Scheduled (classic portal) • Triggered / On Demand • Use with schedule in Settings. job • With or without web service • Zip Deployment • Settings. job contains schedules with CRON expression. Root of Zip file • {second} {minute} {hour} {day} {month} {day of the week} • Every hour (0 0 * *), Every hour from 9 AM to 5 PM (0 0 9. Net -17 * * *), at 9: 30 am every day (0 30 9 * * *) et 9: 30 am every week day (0 30 9 * * 1 -5), every 15 minutes (0 */15 * // Example Queue Trigger public static void Main() * * *) { Job. Host host = new Job. Host(); host. Run. And. Block(); } public static void Process. Queue. Message([Queue. Trigger("webjobsqueue")] string input. Text, [Blob("containername/blobname")]Text. Writer writer) { writer. Write. Line(input. Text); }

Azure SQL General • DTU – Data Transaction Unit Power. Shell # Active G X-plat CLI

Azure SQL cont… Migration • Min Downtime • SQL Server Transactional replication • Some Downtime • Deploy Wizard in SSMS Migration Wizard (DAC Package) • SQL Azure Migration Wizard • BACPAC contains both schema and data • DAC packages contain ONLY schema Elastic Database • https: //docs. microsoft. com/en-us/azure/sql-database-elastic-scaleintroduction • Elastic Database Client Library – Allow multi database management including shard management • Elastic Database Job – execute T-SQL that span multiple databases Power. Shell # Active G X-plat CLI

Azure Virtual Networks General • 50 per subscription per region • CIDR Subnet Hosts in Azure = 2 n-5 (normally 2 n-2), ‘/29’ is smallest subnet • Multiple NICs • Can't make a VM multi NIC after deployment. Need to delete and redeploy • D 1 - 1 NIC, D 2 - 2 NICs, D 3 - 4 NICs, D 4 - 8 NICS • Access Control Lists (ACL) • For endpoints only. Inbound only!) Not preferred, use NSGs. • Network Security Groups (NSG) • Can’t use if ACL’s. Remove ACL’s first • Name, Direction, Priority, Access (allow or NOT), Source IP, Source port, Destination IP, Destination Port, Protocol • Subnet can only 1 NSG • Applied to one or more VMs or subnet • Subnet can only have 1 NSG applied • Each NSG can have up to 200 rules • Is associated to a region 100 NSGs per region per subscription • Default Tags (Internet, Virtual_network, Azure_loadbalancer) • Do NOT Block 168. 63. 129. 16 and port 1688!! • UDR (Routing Tables) • VPNs (Site-to-Site, VNet 2 Vnet, Point-to-Site, Express-Route (private network)) • Express-route – Exchange providers (layer 3, 200 Mbps – 10 Gbps, Site 2 Site, BGP with client), Network Service Providers (10 Mbps – 1 Gbps, Any 2 Any, BGP with telco) • Max 30 VPN tunnels per VPN Gateway and 128 connections from clients Power. Shell # Get and Set Vnet config xml Get-Azure. VNet. Config -Configuration. Path c: tempoldconfig. xml Set-Azure. VNet. Config -Configuration. Path c: tempupdatedconfig. xml #Create a new Vnet $frontend. Subnet = New. Azure. Rm. Virtual. Network. Subnet. Config -Name frontend. Subnet -Address. Prefix "10. 1. 1. 0/24" $backend. Subnet = New. Azure. Rm. Virtual. Network. Subnet. Config -Name backend. Subnet -Address. Prefix "10. 1. 2. 0/24" New-Azure. Rm. Virtual. Network -Name "hms-trainvnet-arm-1" -Resource. Group. Name $rg. Name Location "North Europe" -Address. Prefix "10. 1. 0. 0/16" -Subnet $frontend. Subnet, $backend. Subnet

Azure Virtual Networks - VPNs • Site-to-Site, VNet 2 Vnet • Max 10 tunnels, 100 Mbps (Basic and Standard) | 30 tunnels, 200 Mbps (High Performance) • Point-to-Site • Max 128 connections, Secure Socket Tunneling Protocol (SSTP) • Use makecert to create a self-signed root certificate (can’t use a CA) • • Power. Shell # Create a PIP for the Gateway $pip = New-Azure. Rm. Public. Ip. Address Allocation. Method Dynamic -Resource. Group. Name $rg. Name -Name "hms-train-gateway-1" Import. ver file with private key to Azure Generate a client certificate for each client to install X-plat CLI • • Download package from portal and then install client Express-Route (private network)) • Express-route – Exchange providers (layer 3, 500 Mbps – 10 Gbps, Site 2 Site, BGP with client), Network Service Providers (10 Mbps – 1 Gbps, Any 2 Any, BGP with telco) • Max 30 VPN tunnels per VPN Gateway and 128 connections from clients Gateway SKUs – Basic (BGP & Express. Route not supported), Standard, High Performance Considerations • No overlapping IP address ranges • Only 1 VPN gateway per VNet

Azure Virtual Networks cont… General • Azure Load Balancer (Layer 4 – Transport Layer), Random network levelling. Health probes (Custom for non 200 ACK) • Application Gateway (50 per subscription, max 10 instances each) • SKUs: WAF and Standard • Small (7. 5 Mbps / 35 Mbps), Medium (10 Mbps / 100 Mbps), Large (50 Mbps / 200 Mbps) • Firewall, Round Robin LB, Cookie session affinity, SSL offload, URL based content routing, up to 20 websites consolidation, websocket support, health monitoring, advanced diagnostics. • Traffic Manager (Layer 7 – DNS based LB) • Weighted (Round-robin) • Performance (Performance/latency) • Priority (DR/Failover) Power. Shell # Active # List reserved IPs Get-Azure. Reserved. IP # Reserve a new IP address New-Azure. Reserved. IP -Reserved. IPName AGSReserved. IP -Location "North Europe" # List reserved IPs Get-Azure. Reserved. IP #List all azure services Get-Azure. Service #allocate the ip to a service Set-Azure. Reserved. IPAssociation Reserved. IPName AGSReserved. IP -Service. Name FFApi-VBTest

Azure Virtual Networks cont… Advanced • Peering – Connects 2 VNets in the same region through the Azure backbone • Can use between subscriptions if both associated with same AD tenant • Peering between ARM and ASM VNets can be done if both in same subscription • Requirements • Same region • Non-overlapping IP address spaces Power. Shell # Active # List reserved IPs Get-Azure. Reserved. IP # Reserve a new IP address New-Azure. Reserved. IP -Reserved. IPName AGSReserved. IP -Location "North Europe" # List reserved IPs Get-Azure. Reserved. IP #List all azure services Get-Azure. Service #allocate the ip to a service Set-Azure. Reserved. IPAssociation Reserved. IPName AGSReserved. IP -Service. Name FFApi-VBTest

Power. Shell & x-plat CLI - General Power. Shell # List all Get-Module –List. Available # Install the Azure Resource Manager modules from the Power. Shell Gallery Install-Module Azure. RM # Install the Azure Service Management modules from the Power. Shell Gallery Install-Module Azure # Get a list of cmdlets in the Azure module Get-Command -Module Azure | Get-Help | Format-Table Name, Synopsis # Get a list of cmdlets in the Resource Manager module Get-Command -Module Azure. RM | Get-Help | Format-Table Name, Synopsis # Login (Classic) Add-Azure. Account # Login (ARM) alias is ‘Login-Azure. Rm. Account’ Add-Azure. Rm. Account # Get a list of subscriptions Get-Azure. Subscription Get-Azure. Rm. Subscription # Get Context (ARM) Get-Azure. Rm. Context # Set the subscription for the session (ARM) Select-Azure. Rm. Subscription # select default storage context Set-Azure. Rm. Current. Storage. Account -Resource. Group. Name $rgname -Storage. Account. Name $strgname # Remote Power. Shell – Install certificate. Installwin. RMCert. Azure. VM. ps 1 –Subscription. Name $s –Service. Name $svc –Name $vm # Retrieve the URI of the VM $uri = Get-Azure. Rm. Uri –Service. Name $svc –Name $vm # Execute a script remotely $cred = Get-Credential Invoke-Command –Connection. Uri $uri –File. Path ‘. deployad. ps 1’ –Credentials $cred X-plat CLI REM Set mode to ARM Azure config mode arm REM Set mode to Service Management Mode Azure config mode asm REM Login Azure login REM List subscriptions Azure account list REM Set Current Subscription Azure account set "{name of subscription}" REM Create Resource Group Azure group create -n "{name}" -l "{location}" • • Use npm to install on Linus Docker container available for version 2. 0

Azure Data Lake General • Azure Data Lake Store - A data repository that enables you to store any type of data in its raw format without defining schema. The store offers unlimited storage with immediate read/write access to it and scaling the throughput you need for your workloads. The store is Hadoop Data File System (HDFS) compatible so you can use your existing tools. • Azure Data Lake Analytics - An analytics service that allows you to run analysis jobs on data. Analytics using Apache YARN to manage its resources for the processing engine. By using the U-SQL query language you can process data from several data sources such as Azure Data Lake Store, Azure Blob Storage, Azure SQL Database but also from other data stores built on HDFS. • Azure Data Lake HDInsight - An analytics service that enables you to analyze data sets on a managed cluster running open-source technologies such as Hadoop, Spark, Storm & HBase. Power. Shell - Files # Active G X-plat CLI

HDInsight General • 99. 9% enterprise scale SLA • Hadoop: Petabyte scale processing with Hadoop components like • Hive (SQL on Hadoop) Hive. QL, Power. Shell - Files # Active G • Apache Pig is a platform for creating programs for Hadoop by using a procedural language known as Pig Latin Sqoop - tool designed to transfer data between Hadoop clusters and relational databases. You can use it to import data from a relational database management system (RDBMS) such as SQL Server • HCatalog is a table and storage management layer for Hadoop that enables users with different data processing tools — Pig, Map. Reduce — to more easily read and write data on the grid HBase: Fast and scalable No. SQL Offering Storm: Allows the processing of infinite streams of data in real-time. Spark: Fast data analytics and cluster using in-memory processing. Interactive Hive (preview): Enterprise Data Warehouse with in-memory analytics using Hive(SQL on Hadoop) and Long Live and Process (LLAP) R Server: Terabyte scale, provides enterprise grade R analytics used for machine learning models. Kafka (preview): High throughput, low latency, real-time streaming platform, typically used in streaming and Io. T scenarios Mahout - One of the Microsoft HDInsight key components is Mahout, a scalable machine learning library that provides a number of algorithms relying on the Hadoop platform Oozie - Apache Oozie is a workflow/coordination system that manages Hadoop jobs. • • • X-plat CLI

API Management Power. Shell - Files General • API Gateway (99. 9% SLA, 99. 95% SLA for Premium across two or more regions) • Features - access control, rate limiting, monitoring, event logging, and response caching • Groups – Administrators, Developers, Guests • Policy Types (Access restriction, Advanced, Authentication, Caching, Cross domain, Transformation) Developer Standard Premium Price £ 0. 9652/day £ 13. 78/day per unit £ 56. 14/day per unit API Calls (per unit) 32 K / day ( ~1 M / month ) 7 M / day ( ~217 M / 32 M / day ( ~1 B / month ) Data Transfer (per unit) 161 MB / day ( ~5 GB / month ) 32 GB / day ( ~1 TB / month ) 161 GB / day ( ~5 TB / month ) Cache 10 MB 1 GB 5 GB Scale-out None 4 units Contact us for more Unlimited SLA No 99. 9% 99. 95% Multi-Region Deployment No Yes Azure Active Unlimited User Directory Integration Accounts No Unlimited User Accounts VPN No Yes # Active G

API Management – cont… Trace Policy reference index Transformation policies Access restriction policies Wait Convert JSON to XML Check HTTP header Authentication policies Convert XML to JSON Limit call rate by subscription Find and replace string in body Authenticate with Basic Limit call rate by key Mask URLs in content - Re-writes Authenticate with client certificate Restrict caller IPs (masks) links in the response body so Caching policies Set usage quota by subscription that they point to the equivalent link Get from cache via the gateway. Set usage quota by key Store to cache Set backend service Validate JWT Get value from cache Set body Advanced policies Store value in cache Set HTTP header Control flow Remove value from cache Set query string parameter Forward request Cross domain policies Rewrite URL - Converts a request URL Log to Event Hub - Sends messages in Allow cross-domain calls - Makes the from its public form to the form the specified format to a message API accessible from Adobe Flash and expected by the web service. target defined by a Logger entity. Microsoft Silverlight browser-based Retry clients. Return response CORS - Adds cross-origin resource Send one way request sharing (CORS) JSONP - Adds JSON Send request with padding (JSONP) support to an Set request method operation or an API to allow cross. Set status domain calls from Java. Script browser. Set variable based clients.

Mobile Apps • • Notifications Hub Autoscale Social Integration Offline Data Sync • SQLLite • IMobile. Services. Sync. T able (. net), MSSync. Table (IOS), m. Client. get. Sync. Table () (android) • Push. Async, Pull. Async, update. At (Incremental Sync), IMobile. Services. Sync. T able. Purge. Async (clear local store) Service Plan Cores RAM DISK F 1 Shared 1 GB D 1 shared 0. 5 GB 1 GB B 1, 2, 4 1. 75, 3. 5, 7 GB 10 GB S 1, 2, 4 1. 75, 3. 5, 7 GB 50 GB P 1, 2, 4, 8 1. 75, 3. 5, 7, 14 GB 250 GB Shared Host Free Try for free basic apps Basic More features for Dev/Test Standard Go live with web and mobile Premium Enterprise scale and integration Web, mobile or API apps 10 100 Unlimited Disk space 1 GB 10 GB 50 GB 250 GB Logic App Actions (per day) * 200 10, 000 50, 000 Maximum instances – – Up to 3 Up to 10 Up to 50 App Service Environments (require min. 6 cores) – – Supported SLA – – 99. 95%

Azure Container Service • Standard infrastructure for Docker cluster • Scale and orchestrate using DC/OS, Docker Swarm, or Kubernetes • Saves about 6, 000 lines of config code • Has no registry or other customisation

Azure Service Fabric • Provides fast deployment, Placement and activation, high density, reliability, scaling, health reporting, coordinated upgrades, service endpoint discovery • Programming models • Guest executable (as-is code) plus Service. Manifest. xml • Reliable Services Model • VS development using Fabric sdk. Package and deploy and debug etc. . • Dynamic resource balancing based on actual usage. • . Net or Java. Script? • Stateful Programming model • Reliable collections • Reliable Queues • Reliable … • Application Manifest • Cluster port: 19080

Azure Key Vault Power. Shell - Files • Tiers – Standard | Premium (incl. Hardware Security Module (HSM) backed keys) • Secrets New-Azure. Rm. Key. Vault -Vault. Name $kv. Name -Resource. Group. Name $rg. Name -Location $location -Sku Standard Enabled. For. Deployment -Enabled. For. Template. Deployment Enabled. For. Disk. Encryption • Any sequence of bytes under 10 KB. E. g. Passwords and connection strings that can be encrypted, PFX file. • AES key used to encrypt data • Low latency • Keys • A cryptography key. RSA 2048. • Can’t be read back, but can ask the service to decrypt using the key or sign using a key. • Use when security requirement is greater than performance. • Advanced Access Policies • Enable access to Azure VMs for deployment • Enable access to Azure Resource Manager for template deployment • Enable access to Azure Disk Encryption for volume encryption • Access Policies • • Key & Secret Management Key Management Secret Management SQL Server Connector • Admins & Consumers MUST have an Azure AD account incl. applications. • Url: https: //{vaultname}. vault. azure. net/secrets/{secret name}/{version [optional]} # Create key vault #Set Permissions to key vault for service Set-Azure. Rm. Key. Vault. Access. Policy -Vault. Name $kv. Name Resource. Group. Name $rg. Name -Service. Principal. Name $spn Permissions. To. Keys all -Permissions. To. Secrets all Permissions. To. Certificates all #Gets key vaults. Get-Azure. Rm. Key. Vault #Adds a certificate to a key vault. Add-Azure. Key. Vault. Certificate # Creates a key in a key vault or imports a key into a key vault. Add-Azure. Key. Vault. Key #Gets the secrets in a key vault. Get-Azure. Key. Vault. Secret #Creates or updates a secret in a key vault. Set-Azure. Key. Vault. Secret #Updates attributes of a secret in a key vault. Set-Azure. Key. Vault. Secret. Attribute #Deletes a secret in a key vault. Remove-Azure. Key. Vault. Secret

Azure Key Vault cont… Xplat-CLI - Files Workflow with AAD N 1. CSO creates Vault adds keys and authorizes AAD users 2. CSO uploads a ‘Service Certificate’ (pfx incl. private key) to Azure 3. Operator then creates App Instances (VMs) 4. Azure injects the Service Certificate into each VM 5. Now the App (which has used the same certificate as it’s Auth in AAD) can retrieve and authorize against AAD 6. AAD returns the Token 7. App can now access the Key Vault App Config Needed when NOT using certificate (app or web. config or app settings) • Vault. Url • AAD Auth. Client. Id • AAD Auth. Client. Secret (Shared Key) # Create key vault

Stuff to do • Azure Backup • Azure Automation • Azure Batch • Service Bus • HPC and HPC Pack • Biz. Talk Hybrid Connection • Stor. Simple • Azure Key Vault • Azure Media Services • Microsoft Enterprise Library Autoscaling Application Block (WASABi) • Hyper-V (MVMM) • Check out neo 4 j • Azure RMS • Event Hubs • Relay • Hyper-V Replica