Implement Storage Implement Blobs and Azure Files Manage

Implement Storage Implement Blobs and Azure Files Manage Access Configure Diagnostics, Monitoring & Analytics Implement SQL Databases Implement Recovery Services See Websites, Cloud Service and Virtual Machines Comparison

Block blobs Page Blobs AZCopy

Azure Files - SMB 2. 1 Protocol • •

Best Practice to use with SAS 5 policies per Container Ad Hoc SAS with Stored Access Policy Delegated access Blobs, Queues, Tables URI format permissions specified time | signedidentifier specifies Stored Access Policy Share Access Signatures, Pt 1 | Stored Access Policies

Minimal Verbose Blob Table Queue Off blob container $logs Blob svc API See Monitor Storage Account

. Service Tier Common App Pattern Perf Objectives Max Size Basic Small databases with a single operation at a given point in time Reliability per hour 2 GB Standard Workgroup and cloud applications with multiple concurrent transactions Reliability per minute 250 GB Premium Mission-critical, high transactional volume with many concurrent users Reliability per second 500 GB Must Read

Geo-Restore & Point in Time BACPAC Storage Account | Use Export Data-tier Application Wizard Automated Exports & Also Can Import/Export using REST API DAC package BACPAC SSDT BACPAC both schema and data DAC packages only schema Read More

Vault Credentials Win Server Azure geographic region Start-OBRecovery -Recoverable. Item $Final. Item -Recovery. Option $secure. String -Credential $cstrial See Configure Azure Back Up to back up Windows Server Also Azure Backup Overview

• 64 bit 2012 R 2, 2012, 2008 R 2 SP 1 7, 8, 8. 1 Update Roll up 2 Azure Backup Agent Windows Server and System Center Data Protection Manager Windows Server Essentials See Install Backup Agent and upload vault credential Also Administer Azure Backup with Windows Power. Shell

Block Blobs (Sequential IO) up to 200 GB each | Page Blobs (Random Access) up to 1 TB Delegated Access Blobs Tables Blobs, Queues, Tables URI Queue wperms spec. time Off , Minimal, Verbose - > per Storage operations BACPAC contains both schema and data | DAC packages contain only schema 2012 R 2, 2012, 2008 R 2 SP 1, 64 bit 7, 8, 8. 1, Server 2012 Essentials

Implement Azure Active Directory Integrate Azure AD with other dirs Configure the Application Panel Integrate an app with Azure AD

Synchronization Active Directory *Write back of attributes to support cloud first and co-existence Identity Sync with password hash sync User attributes are synchronized including the password hash, Authentication can be completed against either Azure or Windows Server Active Directory Federation Identity Sync Active Directory AD FS provides conditional access to resources, Work Place Join for device registration and integrated Multi-Factor Authentication User attributes are synchronized, Authentication is passed back through federation and completed against Windows Server Active Directory AD FS

• Get-Azure. Deployment -Service. Name yourservicename | Select Url Read More

SAML-P, WS-Federation, Open. ID Connect

http: //myapps. microsoft. com contosobuild. com Read more…

Reference Slide

REST API Endpoint CRUD operations must register APP with AAD Query an Azure AD directory using the Graph API

Azure AD Sync | Dirsync | FIM 2012 R 2 Get-Azure. Deployment -Service. Name yourservicename | Select Url

Implement Virtual Networks Configure a Virtual Network Modify a Network Configuration Design and implement a multi-site or hybrid network Virtual Network Configuration Tasks

Implement Virtual Networks Service consumers Azure Virtual Networks Flexible, multi-tier topology Network segmentation Internal load balancing Internet Front-End Network Access Load-balanced and direct VIPs ACLs & DDo. S protection Traffic Manager & Azure DNS Hybrid Connectivity Secure Internet cross premises VPN connectivity Express. Route – direct connectivity On premises

Traffic Manager: DNS-based Load Balancing www. yourapp. com Load balancing policies Performance - Direct to “closest” service based on network latency Round-robin - Distribute equally across all services Failover - Direct to “backup” service if primary fails —also included in other policies

Nested Profile for Traffic Manager My. App. Traffic. Manager. net EUNorth-new. Cloud. App. net Reference Slide

Internet IP Addresses & Load Balancing • VIP Internet among one or more VM instances load balanced • PIP LB assigned to a single VM exclusively Cloud service Reserved VIP VM 1 VM 2 DIP 1 DIP 2

Azure Virtual Network On Premises 10. 0/16 • Bring Your Own Network RFC 1918 Internet Public IP Direct Internet Connectivity S 2 S VPNs & Express. Route • Logical isolation with control over network segmentation using Network Security Groups • Secure cross premises connectivity VPN GW Backend 10. 3/16 Mid-tier 10. 2/16 Frontend 10. 1/16 Azure Virtual Network

Network Security Groups On Premises 10. 0/16 • Enables network segmentation & DMZ • Access Control List Internet S 2 S VPNs • Associate with VMs or subnets See About NSGs Internet √ √ VPN GW Backend 10. 3/16 Virtual Network √ √ Mid-tier 10. 2/16 Frontend 10. 1/16

Network Security Groups See About NSGs Additional Key Points each NSG 200 rules 100 NSGs per subscription. Endpoint-based ACLs network security groups VM instance. not supported on the same

Test-Azure. Static. VNet. IP –VNet. Name Test. VNet –IPAddress 192. 168. 4. 7 see all PS Examples Existing virtual networks that have been configured for an affinity group cannot use ILB Read More