• Fastlane

• email burimaz300@outlook.com

• After completing this course, students will be able to:

  Managing Azure Subscriptions and Resources
  Implementing and Managing Storage
  Deploying and Managing VMs
  Configuring and Managing Virtual Networks
  Managing Identities using Azure Active Directory
  Evaluating and Performing Server Migration to Azure
  Implementing and Managing Application Services
  Implementing Advanced Virtual Networking.
  Securing Identities using Azure AD.
  Design and Connectivity Patterns
  Hybrid Networking
  Address Durability of Data and Caching
  Measure Throughput and Structure of Data Access
  Use shell commands to create an App Service Web App
  Create Background Tasks
  Use Swagger to document an API
  Create a reliable service
  Create a Reliable Actors app
  Hands-on with Reliable collections
  Understand the Azure Container Registry
  Use Azure Container instances
  How to configure a message-based integration architecture
  Understand how to Develop for Asynchronous Processing
  Begin creating apps for Autoscaling
  Understand Azure Cognitive Services Solutions

• slides

impro_slides.pdf

• Glauben statt wissen

https://www.heise.de/select/ix/2018/9/1535787443285145

Azure Ramp-Up (ARM)

MSDN subscription for testing best option

Resource groups or other elements can not be renamed

Ein resource group representiert eine applikation

Do not use Classic resource management anymore

• resource group export json template

use templates to deploy resource groups

no CAPEX

only OPEX

Without internet use Azure Storage Emulator

Azure Storage Explorer

azure sdk https://azure.microsoft.com/de-de/downloads/

AzCopy use to copy disks from A to B

az login connect from cmd

• documentation for az cmd's

https://docs.microsoft.com/en-us/cli/azure/group?view=azure-cli-latest

PowerShell

old modules

Get-AzureVM

Get-AzureRmVM

new azure module

Get-AzVM

use dir + cd to navigate in azure objects with powershell

example new-azvm

new-azm -location “westeurope”

azure can only vhd nd no vhdx

• third party for deployment

terraform open source / https://www.terraform.io/

for deploying

HACL language

terraform can be executed also in azure shell

file format terraform file.tf

terraform init / initiazlize the modules

terraform validate / verify that all good

terraform graph /show the file in json format

terraform plan / verify test if the rollout works

terraform apply / to execute the deployment

Visual Studio Code for

SAS von Microosoft AzureDevOps

https://azure.microsoft.com/de-de/services/devops/

DevOps Projects

Windows WebApp (front end)

Function APP (back-end)

Ci/CD pipeline

https://azure.microsoft.com/de-de/services/devops/pipelines/

• DevOps project hosting domain

.azurewebsites.net

burimaz300@outlook.com

Azure Cognitive Services / text analytics

https://azure.microsoft.com/de-de/services/cognitive-services/text-analytics/

It can analize the text and find out what language it is.

#Anleitung Social Media Analyzer

https://docs.microsoft.com/en-us/azure/azure-functions/functions-twitter-email

Function APP / create

Orchestration / azure durable function / Logic App

if this than that IFTTT

kosten.pdf

Contract Type (Pay as you go or business contracts)

EA subscription / not possible to set a cost upper limit

best to use MSDN subscription budget based

platform based SQL is less costly as deploying a virtual machine

azure Advisor for costs management / provides recomendations

TCO calculator

Traffic calculations regional / Ingress will not be calculated / Egress traffic will be calculated

Different prices for internet traffic and regional traffic

DR calculate also traffic costs

I can use my own licenses that I have physical in the cloud / per Core license.

VM Auto Shutdown

Azure RIs / Reservation's should be more cheaper

Subscription quotas / can be changed by opening a ticket with Microsoft

Create Policies / what may be deployed / virtual NIC's with public IP's etc..

two tier apps website used DB / create read delete /

WWW —-CRUD—- SQLC

Option1

1) SQL Database

2) APP service instance

Option2 no schema data base

use Tables Services

Azure Cosmos DB no sequel DB

server name server-sql / password admin01/***

WebConfig holds the connection string

use SAS (Shared Access Signatures) you can do everything expect delete, or only specific IP's will be allowed.

Deploy a website using Microsof Visual Studion templates are offered

WebApp using Data Base

use key vaults for DB connectivity

• Configuration Store pattern

Poweshell script

rotate-servicebus-primary-key.7z

#Anleitung Social Media Analyzer

https://docs.microsoft.com/en-us/azure/azure-functions/functions-twitter-email

#Movies DB (Azure Cosmos DB)

https://github.com/mikepfeiffer/movieapp-documentdb

#Key Rotation Application (External Config Store Pattern)

https://github.com/kasunkv/AzureKeyVaultServiceBusKeyRotationExample

yelp is based on Azure uses a search service in Azure

• OCR

OCR (optical character recognition) is the recognition of printed or written text characters by a computer. This involves photoscanning of the text character-by-character, analysis of the scanned-in image, and then translation of the character image into character codes, such as ASCII, commonly used in data processing

• Deploy microsoft search service

• Data source / create a storage account to store the pictures

• after creating the storage account you can use storage explorer to upload the pictures

• store the data

  Need The storage account.
  A container in the storage account
  A blob in a container

• Search Demo Repo

  http://azjobsdemo.azurewebsites.net/ 
  

https://www.youtube.com/watch?v=_gURf7CW1lg

monitor dashboard

activity log monitors all the activities that happen in azure

alerts, if something happens a notification will be sent

traffics set a metric

logs analytics services

azure data explorer cluster

query logs use take command to see 10 logs

• kusto_kql

#https://docs.microsoft.com/de-de/azure/azure-monitor/log-query/get-started-portal
#https://portal.loganalytics.io/demo

//1. Ziehen einer Stichprobe
SecurityEvent
| take 10

//2. Datensätze filtern
SecurityEvent
| where Level == 8

//3. Einsatz der Volltextsuche
search in (SecurityEvent) "A new process has been created"
| take 10

//4. Gruppiertes Zählen
Event 
| where EventLevelName == "Error" 
| where TimeGenerated > ago(1d) 
| summarize count() by Source

//5. Daten erweitern und aufbereiten
SecurityEvent
| top 10 by TimeGenerated
| extend EventCode=substring(Activity, 0, 4)

//6. Anzeigen bestimmter Spalten
SecurityEvent 
| top 10 by TimeGenerated 
| project TimeGenerated, Computer, Activity

//7. Entfernen von Duplikaten
AzureActivity 
| where ActivityStatus == 'Succeeded' and ResourceProvider == 'Azure Web Sites' 
//| distinct CorrelationId

• application insights

• network watcher

My questions beim PAAS how does Microsoft apply patches SLA's sync with client?

• SAS / user attacks / user's identity can be stolled / 2factor authentication

• PAAS / application code audited / QA checks bugs issues / injections? / Data retention /

• IAAS / most vulnerable

• design patterns

  Federated Identity pattern / AD not / conditional access rules
  ADFS
  
  ADFS is recomended to be used allways
  
  Active Directory Federation Services (ADFS) is a Single Sign-On (SSO) solution created by Microsoft. 
  As a component of Windows Server operating systems, it provides users with authenticated
   access to applications that are not capable of using Integrated Windows Authentication (IWA) through Active Directory (AD)

• MIM microsoft identity management

• learn website

 https://www.troyhunt.com/hack-yourself-first-how-to-go-on/

• Gatekeeper pattern

https://docs.microsoft.com/en-us/azure/architecture/patterns/gatekeeper

• OWASP Top 10 security attacks - 2019

• Microsoft WAF can not be customized

• Valet key PAAS

https://docs.microsoft.com/en-us/azure/architecture/patterns/valet-key

• debuging strg + shift + j

• enable MFA for users different options dependent on AD setup

• admin per change requests that are allowed only for limited time / 4 eyes / ticket based admin role

• Identity Protection - Risky users (Users flagged for risk) it collects minus points if failed attempts / connecting from different region / connecting from TOR network . etc.. (low - MFA request / medium - password change / high - user disabled).

• Azure Information Protection / i.e NTFS not enough apply encryption / applying automated security policies based on risk class.

• PAAS security use https://www.sonarqube.org to check Code Quality and Security

• Advisor / security - redundancy - performance - costs etc.

• Using management groups you can apply different classification policies for security

web tier + application tier + database

• step1 requirements

1) upload pictures in to the cloud
2) consistency automated / thumbnails
3) analyze motivs of the picture what it shows
4) data grid that shows all the files that are in the cloud i.e listing of the photos.
5) authenticate against azure AD

• step2 create a framne how the website should look like.

 1) If I hover over to a picture the description text should show up
 2) Login button

a storage account is good enough for a website to be published

function app is needed if I need to run a backend

the difficulty will be how to interconnect the micro-services to talk to each other

* Needed files

pictureanalysis.zip

• how to setup storage account name

  i.e storage001ba

• enable static website

• not documented / change runtime version to 1 to support ASP.NET

• each function only one triger

• set triger GetUploadUrl

• Valet key design pattern / application will ask target resource for the key / target resource will response with the key

• CORS / establish trust between storage and function in both directions

• next step thumbnails

• computervision use from Microsoft

https://azure.microsoft.com/en-us/services/cognitive-services/computer-vision/

• caption text for the hover over

• smartcrop

• create the data grid of the images that will be written to the data base

• for performance use EventGrid / to solve the issue were one function has only one trigger

https://azure.microsoft.com/en-us/services/event-grid/

• training https://de.linkedin.com/learning/azure-functions-grundkurs

• Marketplace automation / works with checkpoints / it will run only on required times

• SAM inventory creation

• change tracking / which file is changed etc.

• desired state configuration / use a script to restore a state / timely activated + event activated

• Update Management / which update is missing, which update to be installed etc.

• runbooks / are scripts / i happens job based

• scripts can be written or use a microsoft library

• watcher tasks, an event triggert the other runbook

• credentials for scripts

• topic modules / for different cmd's different module versions

• PowerShell Workflow supports checkpoints

• Test pane / can be used for testing it's a real run against the system / no undo possible

• Tags can be used in resources and used referenced in the cost analyses

• automation brings costs also / charged based on process automation

Test script remove resource groups

subscription —-ResourceGroups are flat organized and not hierarchical

• IAM

Reader / can use the vm start/stop not possible to add disks or delete vm's

Contributor / can do all / but cannot change premonitions

Best practice / one resource group use per application

do not use the practice per service / like resource group attached to DataBase / this will not work with the Azure architecture

example for DB's give roles on top to the subscription with DB role and he will get the roles for DB access in all the resource groups.

Azure custom roles

#AKS (Kubernetes on Azure)

https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough#run-the-application

kubernetes_auf_azure.pdf

costs / nodes traffic + disks

pod smallest deploy-able

load tests can be performed from dev ops

https://karrierebibel.de/eisenhower-prinzip/

• not able to change availability set afterwards / fault and updates domains

• VM scaleset

vm_scaleset.7z

• you can create also own images for deployment

• packer multicloud problem disk images

• peering vnet peering to interconnect different instances

https://appmigration.microsoft.com/

https://azure.microsoft.com/en-us/services/site-recovery/

traffic manager same as load balancer but can switch from one site to another site

Recovery site tools

migrate a service

https://www.flande.de/eval

Password = 9c05b2ff

AMS Video Indexer

Powershell need to understand

• Singleshot voucher

• Secondshot voucher

• azure backup rule