02-Governance and Compliance Flashcards
(45 cards)
What are Datacenters organized into
Organized into Regions
What are Regions
Geographical locations that create multiple Datacenters
What to think about when deploying resources to a region
1 - When selecting Region, do you have legal authority to deploy resources to location
2 - Does that region have all the services I require to complete my mission
3 - Is that region as close as possible to my users (minimize latency)
4 - Are the services cheaper in that region (cost of doing business with Microsoft varies by region)
How is planned maintenance done on region pairs
It is done one region at a time
How far apart are region pairs
300 miles apart
Who can create an Azure subscription
Only identities in Azure AD or in a directory that is trusted by Azure AD
What is Azure Subscription
Logical unit of Azure services that is linked to an Azure account
Security and Billing Boundary
How do you get a Subscription
- Enterprise Agreement - customers make upfront commitment and user services
- Resellers - provide simple way to purchase
- Partners can design and implement your solution
- Personal free account - start right away
List subscription types
- Free - $200 credit for first 30 days, free limited access for 12 months
- Pay-as-you-go - monthly charge
- CSP - Cloud Solutions Provider gives discounts
- Enterprise - discounts for new licenses and Software Assurance
- Student - $100 for 12 months
What does Cost Management include
- Conduct cost analysis
- Create a budget
- Review recommendations
- Export the data
What are Resource Tags?
Logically organize resources into categories
Use name-value pair
Gives metadata to resources
Helpful for rolling up billing informations
What are Azure Reservations
Save money by pre-paying for services
What are Azure Hybrid Benefits
Use Windows Server and SQL Server on-prem licenses with Software Assurances
What are Azure Credits
Monthly credit benefit that allows you to experiment with, develop, and test new solutions on Azure
How should you choose Regions to save money
Use low-cost locations and regions
What are spot instances?
Take advantage of unused capacity and very low cost
Use for operations that can afford operation, such as batch processing.
You get 30 minute notice before eviction.
No SLA
What are Management Groups
Manage multiple subscriptions.
Apply governance conditions and policies at scale
Targeting of policies and spend budgets across subscriptions and inheritance down the hierarchies
Compliance and cost reporting by organization (business/teams)
What is Azure Policy
Service in Azure that you use to create, assign and manage policies
Runs evaluations and scans for non-compliant resources
What are advantages of Azure Policy
- Enforcement and compliance
- Apply policies at scale
- Remediation
What are some things you can set with Azure policy
- Allowed resource types
- Allowed virtual machine SKUs
- Allowed locations
- Require tag and its value
- Azure Backup should be enabled for Virtual Machines
How to Implement Azure Policy
- Browse Policy Definitions
- Create Initiative Definitions
- Scope the Initiative Definition
- View Policy evaluation results
What is scoping?
To what level do you want to assign an initiative definition, i.e. subscription, resource group?
What is PCI
Payment Card Industry
What are Initiative Definitions?
Set of Policies
Example: Initiative Definitions complies with PCI
