# MICROSOFT AZ-900
https://www.itexams.com/exam/AZ-900
## Serviços e conta na azure
* Tipos de serviços
* Tipos de produtos
* Criando a conta e navegando pelo portal
## Principais conceitos de nuvem
* Vantagens da computação em nuvem
* Hight availability
* Scalability
* Agility
* Geo-distribution
* Disaster recovery
* Vantagens e desvantagens da computação em núvem
*
* Modelos de serviços de nuvem
* Why is cloud computing typically cheaper to use?
Cloud computing is the delivery of computing services over the internet by using a pay-as-you-go pricig model. You typically pay only for the cloud services you use, which helps you:
* Lower your operating costs.
* Run your infrastructure more efficiently.
* Scale as your business needs change.
* SaaS
*
* PaaS
*
* IaaS
*
* Tipos de nuvem
What is serverless computing?
Overlapping with PaaS, serverless computing enables developers to build applications faster by eliminating the need for the to manage infrastructure. With serverless applications, the cloud service provider automatically provisions, scales, and manages the infrastructure required to run the code. Serverless architectures are highly scalable and event-driven. They use resources only when a specific function or trigger occurs.
**Type Cloud**
De-para AWS x AZURE
https://docs.microsoft.com/pt-br/azure/architecture/aws-professional/services
## Arquitetura de nuvem da Azure #1
* Infraestrutura global da Azure
Azure global infrastructure is made up of two key componentes:
physical infrastructure and connective network compontes.
The physical component is comprised of 160+ physical datacenters, arranged into regions, and linked by one of the largest interconnected networks on the planet.
* Terminology
* Geography
* Region
* Availability Zone
https://azure.microsoft.com/en-us/global-infrastructure/geographies/
* Regions / Avalability Zone
* Avalability zones are physically separate datacenters within an Azure region. Each availability zone is made up of one or more datacenters equipped with independente power, cooling, and networkng. An availability zone is set up to be an isolation boundary. If one zone goes down, the other continues working. Availability zones are connected through high-speed, private fiber-optic networks.
* Availability zones are created by using one or more datacenters. There's a minimum of three zones within a single region.
* Link citado
https://azure.microsoft.com/en-us/global-infrastructure/geographies/
* Componentes da infraestrutura
* Pares de regiões e marketplace
* Azure region pairs
Each Azure region is always paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away. This approach allows for the replication of resources (such as VM storage) across a geography that helps reduce the likelihood of interruptions because of events such as natural disasters, civil unrest, power outages, or physical network outages that affect both regions at once. If a region in a pair was affected by a natural disater, for instance, services would automatically failover to the other region in its regions pair.
* Regiões na Azure
* Azure Marketplace
Azure Marketplace is an online catalog containing thousands of applications and services designed and optimized to run on Microsoft's Azure public cloud. Microsoft and its technology partners are responsible for developing the products and services you find on Azure Marketplace
* Precificação dos serviços
* Azure pricing
* Pricing by product
* Pricing calculator
* TCO calculator
* Link citado
https://azure.microsoft.com/en-us/pricing/
## Arquitetura de nuvem da Azure #2
### Pay-as-you-go
Pay-as-you-go pricing allows you to easily adapt to changing business needs without overcommitting budgets and improving your responsiveness to changes. With a pay as you go model, you can adapt your business depending on need and not on forecasts, reducing the risk or over provisioning or missing capacity.
VMS - Payment options
* Pay as you go
* Reserved Virtual Maching Instances
* Spot Pricing
### Subscriptions
An Azure subscription is a logical container used to provision resources in Azure. It holds the details of all your resources like virtual machines (VMs), databases, and more.
Multiple Subscriptions - Any Azure Account can have multiple subscriptions
### Resource Group
A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. You decide how you want to allocate resources to resource groups based on what makes the most sense for your organiztion. Generally, add resources that share the same lifecycle to the same resource group so you can easily deploy, update, and delete them as a group.
### Azure Cost Management
Azure Cost Management, available to all Azure customers and partners, is a SaaS solution that empowers organizations to monitor, allocate, and optimize cloud spend in a multi-cloud enviroment. ... Azure Cost Management is available for free.
Billing account - single owner (Account administrator) for one or more Azure subscriptions.
Subscription Represents a grouping of Azure resources.
### Support
* Basic
* Developer
* Standard
* Professional Direct
https://azure.microsoft.com/en-us/support/plans/
https://azure.microsoft.com/en-us/resources/knowledge-center/
## Cloud Shell e Azure CLI
* **Azure CLI**
The Azure command-line interface is a set of commands used to create and manage Azure resources. The Azure CLI is avaliable cross Azure services and is designed to get you working quickly with azure, with an emphasis an automation.
* **Azure PowerShell**
Azure PowerShell is a set of cmdlets for managing Azure resources directly form the PowerShell command line. Azure PowerShell is designed to make it easy to learn and get started with, but providers powerful features for automation. Written in .NET Standard, Azure PowerShell works with PowerShell 5.1 on Windows, and PowerShell 7.x and higher on all platforms.
* **Cloud Shell**
Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.
https://docs.microsoft.com/en-us/cli/azure/reference-index?view=azure-cli-latest
https://docs.microsoft.com/pt-br/cli/azure/install-azure-cli
## Commandos Azure CLI
```csharp=
az group list
az group create
az group create --location westus --resource-group labazcli
az group list | grep name
```
# Modulo II
## Compute Services
* Azure virtual Machines
* Azure App Service
* Azure Container Instances
* Azure Kubernetes Service
* Windows Virtual Descktop
* Axure Functions
Link citado
https://docs.microsoft.com/pt-br/azure/virtual-machines/sizes
## Virtual Machines
* Virtual machines are softwre emulations of physical computers. They include a virtual processo, memory, storage, and networkg resources.
* Virtual Machines provides infrastructure as a service (IaaS) and cna be used in different ways.
## Sizes for VM
* General purpose
* Compute optimized
* Memory optimezed
* Storage optimized
* GPU
* High performance compute
## VMs scale sets
Azure virtual machine scale sets let you create and manage a group of load balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule.
## App Services
* Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends, you can develop in your favorite language, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and Linux-based environments.
* App Service, you pay for the Azure compute resources you use. The compute resources you use are determined by the App Service plan that you run your apps on.
* PaaS
* Web Apps are used to host web sites and web applications.
* Web Apps for Containers can host yours existing container images
* API Apps can host your data backend services.
## Azure Container Instances
* Run Docker containers on-demand in a managed, serverless Azure environment. Azure Container Instances is a solution for any scenario that can operate in isolated containers, without orchestration. Run event-driven applications, quickly deploy from your container development pipelines, and run data processing and build jobs.
* Exemplo
* nginxdemos/hello
## Azure Kubernetes Service
* Azure kubernetes Service (AKS) simplifies deploying a managed Kubernetes cluster in Azure by offloading much of the complexity and operational overhead to Azure. As a hosted kubernetes service, Azure handles critical tasks for you, like health monitoring and maintenance.
* Since the Kubernetes masters are managed by Azure, you only manage and maintain the agent nodes. Thus, as a managed Kubernetes service, AKS is free; you only pay for the agent nodes within your clusters, not for the masters.
## Windows Virtual Desktop
* Windows virutal desktop is a desktop and app virtualization services that on the cloud.
* Set up a mult-session Windows 10
* Virtualize Microsoft 365 Apps
* Provide Windows 7 virtual desktops
* Bring your existing Remote Desktop Services (RDS)
## Functions
* Azure Functions is a serverless solutcion that allows you to write less code, maintain less insfrastructure, and save on cost.
* The cloud infrastructure provides all the up-to-date resources needed to keep your applications running.
* Azure Functions triggers
Triggers are what couse a function to run. A trigger defines how a function is invoked and a function must have exactly one trigger. Triggers have associated data, which is often provided as the payload of the function.
https://docs.microsoft.com/pt-br/azure/azure-functions/functions-triggers-bindings
## Networking
* Virtual network
* Load balancer
* VPN Gateway
* Application Gateway
* ExpressRoute
* Content Delivery Network
## Virtual Network
* Azure virtual network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-primises networks.
## VNet concepts
* Address space
* Subnets
* Regions
* Subscription
https://docs.microsoft.com/pt-br/azure/virtual-network/virtual-networks-faq
## Load Balancer
* Azure Load Balancer operates at layer four of the Open Systems Interconnection (OSI) model. It1s the single point of contact for clients. Load Balancer distributes indound flows that arrive at the load balancer's front end to backend pool instances. These flows are according to configured load balancing rules and health probes. The backend pool instances can be Azure virtual Machines or instances in a virtual machine scale set.
## Types of load balancer
* You can use internal load balancers to balance traffic form private IP addresses.
* Public load balancers can balance traffic originating from public IP addresses.
## Application Gateway
* Application Gateway can make routing decisions based on additional atributes of an HTTP request, for example URI path or host headers. For example, you can route traffic based on the incoming URL. So if/images is in the icoming URL, you can route traffic to a specific set of servers (known as a pool) configured for images. If / video is in the URL, that traffic is routed to another pool that's optimized for videos
https://docs.microsoft.com/pt-br/azure/application-gateway/features
## VPN Gateway
* A VPN gateway is a specific type of virtual network gateway tha is used to send encrypted traffic between an Azure Virtual network and an on-primises location over the public Internet. You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network.
## ExpressRoute
* ExpressRoute connections dont' go over the public internet.
* This allows ExpressRoute connections to offer more reliability, faster speeds, consistent latencies, and higher security than typical connections over the Internet.
https://docs.microsoft.com/pt-br/azure/vpn-gateway/design
## Content Delivery Network
* Azure Content Delivery Network (CDN) offers developers a global solution for rapidly delivering high-bandwidth content to users by caching their content at strategically placed physical nodes across the world. Azure CDN :an also accelerate dynamic content, which cannot be cached, by leveraging various network optmizations using CDN POPs.
https://docs.microsoft.com/en-us/azure/cdn/cdn-pop-locations
# Modulo III
## Storage
* Blob
* Disk
* File
* Archive
## Storage account
* An Azure storage account contains all of your Azure Storage data objects: blobs, files, queues, tables, and disks. The storage account provides a unique namespace for your Azure Storage data that is accessible from anywhere in the world over HTTP or HTTPS. Data in your Azure storage account is durable and highly available, secure, and massively scalable.
https://docs.microsoft.com/pt-br/azure/storage/common/storage-account-overview
## Azure Storage redundancy
* Locally-redundant storage - LRS
* Zone-redundant storage
* Geo-redundant storage
* Geo-zone-redundant storage
* Read-Access
https://docs.microsoft.com/pt-br/azure/storage/common/storage-redundancy#zone-redundant-storage
## Blob
* Azure Blob storage is Microsofit's object storage solution for the cloud. Blob storage is optimized for storing massive amounts of unstructured data. Unstructured data is data that doesn't adhere to a particular data model or definition, such as text or binary data
* Blob = Binary Large Object.
## Blob storage is designed for:
* Serving images or documents directly to a browser.
* Storing files for distributed access.
* Streaming video and audio.
* Writing to log files
* Storing data for backup and restore, disaster recovery, and archiving.
* Storing data for analysis by an on-premises or Azure-hosted servece.
## Azure Files
* Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol or Network File System (NFS) protocol. Azure file shares can be mounted concurrently by cloud or on-premises deployments.
## Azure managed disks
* Azure managed disks are block-level storage volumes that are managed by Azure and used with Azure Virtual Machines.
* Managed disk are like a physical disk in an on-premises server but, virtualized. With managed disks, all you have to do is specify the disk size, the disk type, and provision the disk. Once you provision the disk, Azure handles the rest.
## Types os disks
* Ultra disks
* premium solid-state drives (SSD)
* standard SSDs
* standard hard disk drives (HDD)
https://docs.microsoft.com/pt-br/azure/virtual-machines/disks-types
https://docs.microsoft.com/pt-br/azure/virtual-machines/linux/attach-disk-portal
## Access tiers - Storage
* **Hot** - Optimized for storing data that is accessed frequently.
* **Cool** - Optimized for storing data that is infrequently accessed and stored for at least 30 days.
* **Archive** - Optimized for storing data that is rarely accessed and stored for at leairements, on the order of hours.
## Archive access tier
* The archive access tier has the lowest storage cost but higher data retrieval costs compared to hot and cool tiers. Data must remain in the archive tier for at least 180 days or be subject to an early deletion charge. Data in the archive tier can take several hours to retrieve depending on the specified rehydration priority.
# Serviço de base de dados
## Databases
* Cosmos DB
* Azure SQL
* MySQL
* PostgreSQL
* Database Migration Services
## Cosmos DB
* Azure Cosmos DB is a fully managed NoSQL database for modern app development. Single-digit millisecond response times, and automatic and instant scalability, guarantee speed at any scale.
* Azure Cosmos DB is a fully managed platform-as-a-service (PaaS)
## Key benefits
* Real-time access with fast read and write latencies globally, and throughput and consistency all backed by SLAs
* Mult-region writes and data distribution to any Azure region with the click of a button.
* Independently and elastically scale storage and throughput across any Azure region - even during unpredictable traffic bursts - for unlimited scale worldwide.
## Global distribuition
* Azure Cosmos DB is a globally distributed database system that allwos you to read and write data from the local replicas of your database. Azure Cosmos DB transparently replicates the data to all the regions associated with your Cosmos account.
## Azure SQL
* Azure SQL is a family of managed, secure, and intelligent products that use the SQL Server database engine in the Azure cloud.
* Azure SQL Database
* Azure SQL Managed Instance
* SQL Server on Azure VMs
## Azure PostegreSQL
* Azure Database for PostgreSQL is a relational database service in the Microsoft cloud based on the PostegreSQL Community Edition
* Deployment models
* Single Server
* Flexible Server (Preview)
* Hyperscale(Citus)
## Database Migration Services - DMS
* Azure Database Migration Service is a fully managed service designed to anable seamless migrations from multiple database sources to Azure data platforms with minimal downtime (online migrations).
* On premises - Cloud
## Data Migration Assistant
* The Data Migration Assistant (DMA) helps you upgrade to a modern data platform by detecting compatibility issues that can impact database functionality in your new version of SQL Server or Azure SQL Database. DMA recommends performance and reliability improvements for your target environment and allows you to move your schema, data, and uncontained objects from your source server to your target server.
https://docs.microsoft.com/en-us/sql/dma/dma-overview?view=sql-server-ver15
# Azure IoT
## Azure Solutions
* Internet of Things
* Big Data
* DevOps
## Azure Internet of Things (IoT)
* The Azure Internet of Things (IoT) is a collection of Microsoft-Managed cloud services that connect, monitor, and control billions of IoT assets. In simpler terms, an IoT solution is made up of one or more IoT devices that communicate with one or more back-end services hosted in the cloud.
## IoT Central
* IoT central is an Iot application platform that reduces the burden and cost of developing, managing, and maintaining enterprise-grade IoT solutions.
## Hub IoT
* IoT Hub is a managed service, hosted in the cloud, that acts as a central menssage hub for bi-directional communication between your IoT application and the devices it manages. You can use Azure IoT Hub to build IoT solutions with reliable and secure communications between millions of IoT devices and a clud-hosted solution backend.
https://docs.microsoft.com/en-us/azure/iot-central/core/overview-iot-central
## Azure Data Lake Analytics
* A big data architecture is designed to handle the ingestion, processing, and analysis of data that is too large or complex for traditional database systems.
* Azure Data Lake Analytics is an on-demand analytics job service that simplifies big data. Instead of deploying, configuring, and tuning hardware, you write queries to transform your data and extract valuable insights.
## Machine Learning
* The Azure Machine Learning service empowers developers and data scientists with a wide range of productive experiences for building, training, and deploying machine learning models faster.
* MLOps (Machine Learning Operations)
* Cognitive Services (ready templates)
* Bot Services
## Azure DevOps
* Azure Boards
* Azure Pipelines
* Azure Repos
* Azure Test Plans
* Azure Artifacts
https://azure.microsoft.com/en-us/services/devops/
## Security
* Defense in Depth
* Security Azure Firewall
* Network Security Groups (NSG)
* Azure DDoS Protection
* Azure Defender
* Azure Security Center
* Azure Key Vault
* Azure Information Protection
* Advanced Threat Protection
* Azure Sentinel
* Azure Dedicated Hosts
## Defense in depth
* Defense in depth is a military defensive strategy to secure a critical position using multiple defensive perimeter.
* The objective of defense in depth is to protect information and prevent it from being stolen by those who aren't authorized to access it.
* A defense-in-depth strategy uses a series of mechanisms to slow the advance of an attach that aims at acquiring unauthorized access to data.
https://docs.microsoft.com/en-us/learn/modules/secure-network-connectivity-azure/2-what-is-defense-in-depth
## Azure Firewall
* Azure Firewall is a managed, cloud-based network security service that helps protect resources in your Azure virtual networks. A virtual network is similar to a traditional network that you'd operate in your own datacenter.
## Azure Firewall features
* Built-in high availability
* Availability Zones
* Unrestricted cloud scalability
* Application FQDN filtering rules
* Network traffic filtering rules
* FQDN tags
* Service tags
* Threat intelligence
* Outbound SNAT support
* Inbound DNAT support
* Multiple public IP addresses
* Azure Monitor logging
* Forced tunneling
* Web categories (preview)
* Certifictions
## Network Security Groups - NSG
* A network security group enables you to filter network traffic to and from Azure resources within an Azure virtual network.
* You can think os NSGs like an internal firewall. An NSG can contain multiple inbound and outbound security rules that enable you to filtrer traffic to and from resources by source and destination IP address, port, and protocol.
## Firewall vs NSG
* The Azure Firewall service complements network security group functionality. Together, they provide better "defense-in-depth" network security. Network security groups provide distributed network layer traffic filtering to limit traffic to resources within virtual networks in each subscription.
* Azure Firewall is a fully stateful, centralized network firewall as-a-service, which provides netowrk and application-level protection across different subscriptions and virtual networks.
https://docs.microsoft.com/pt-br/azure/firewall/features
https://docs.microsoft.com/pt-br/azure/architecture/example-scenario/firewalls/
## Azure DDoS Protection
* DDoS Protection uses the scale and elasticity of Microsoft's global network to bring DDoS mitigation capacity to every Azure region.
* The DDoS Protection service helps protect your Azure applications by analyzing and discarding DDoS traffic at the Azure network edge, before it can affect your service's availability.
## DDoS Basic vs Standard
* Every property in Azure is protected by Azure's infrastructure DDoS (Basic) Protection at no additional cost.
* Every property in Azure is protected by Azure's infrastructure DDoS (Basic) Protection at no additional cost.
https://docs.microsoft.com/pt-br/azure/ddos-protection/ddos-protection-overview
## Azure Security Center
* Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises.
## Azure Defender
* Azure Defender provides security alerts and advanced threat protection for virtual machines, SQL database, containers, web applications, your network, and more.
## Azure Key Vault
* Secrets Management
* Key Management
* Certificate Management
* Service tiers: Standard, which encrypts with a software key, and a Premium tier, which includes hardware security module (HSM)-protected keys.
https://docs.microsoft.com/pt-br/azure/security-center/azure-defender
## Azure Information Protection
* Azure Information Protection (AIP) is a cloud-based solution that enables organizations to discover, classify, and protect documents and emails by applying labels to content.
* AIP is part of the Microsoft Information Protection (MIP) solution, and extends the labeling and classification functionality provided by Microsoft 365
## Azure threat protection
* Azure offers built in threat protection functionality through services such as Azure Active Directory (Azure AD), Azure Monitor logs, and Azure Security Center
## Azure Sentinel
* Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
## Dedicated Hosts
* Azure Dedicated Host is a service that provides physical servers - able to host one or more virtual machines - dedicated to one Azure subscription. Dedicated host are the same physical servers used in our data centers, provided as a resource.
## Identity Services / Compliance
* Azure Active Directory
* Single Sign-On
* Multi-Factor Authentication
* Azure Policy
* Azure RBAC
* Azure Monitor
* Azure Health
* Compliance
## Acitive Directory vs Azure Active Directory
AD != AAD
## Azure Active Directory
* Azure Active Directory is the next evolution of identity and access management solutions for the cloud. Microsoft introduced Active Directory Domain Services in Windows 2000 to give organization the ability to manage multple on-premises infrastructure components and systems using a single identity per user.
* Azure AD takes this approach to the next level by providing organization with an Identity as a Service (IDaaS) solution for all their apps across cloud and on-premises.
https://docs.microsoft.com/pt-br/azure/active-directory/fundamentals/active-directory-compare-azure-ad-to-ad
## Single Sign-ON - SSO
* @ith single sign-on, users sign in once with one account to access domain-joined devices, company resources, software as a service (SaaS) applications, and web applications. After signing in, the user can launch applications from the Office 365 portal or My Apps. Administrator can centralize user account management, and automatically add or remove user access to applications based on group membership.
## Azure AD Multi-Factor Authentication
* Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their cellphone or to provide a fingerprint scan.
https://docs.microsoft.com/pt-br/azure/active-directory/manage-apps/sso-options
## Azure Policy
* Azure Policy helps to enforce organizational standards and to assess compliance at-scale. Througth its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment, with the ability to drill down to the per-resource, per-policy granularity.
* Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost, and management.
## Azure RBAC
* Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.
* Azure RBAC is an authorization system built on Azure Resource Manager
## Azure Monitor
* It delivers a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. This information helps you understand how your applications are performing and proactively identify issues affecting them and the resources they depend on.
## Azure Monitor examples
* Detect and diagnose issues across applications and dependencies with Application Insights.
* Drill int your monitoring data with Log Analytics for troubleshooting and deep diagnostics.
* Support operations at scale with smart alerts and automated actions.
* Create visualizations with Azure dashboards and workbooks.
* Collect data from monitored resources using Azure Monitor Metrics.
## Service Health
* Azure offers a suite of experiences to keep you informed about the health of your cloud resources. This information includes current and upcoming issues such as service impacting events, planned maintenance, and other changes that may affect your availability.
* Service Health is available to Azure subscribers at no additional cost.
## Azure compliance documentation
* Docs
https://docs.microsoft.com/en-us/azure/compliance/
* Audit Reports
https://servicetrust.microsoft.com/
## Marcando o exame
* Revisão do Conteúdo
* Práticas / Tutoriais
* Simulado
Sign in with Wallet
Connect another wallet