Describe Azure Architecture and Service - Chapter 2 Flashcards
What is a geography in Microsoft Azure ?
In order to provide Azure services to people around the world, Microsoft has created boundaries called geographies. A geography boundary is oftentimes the border of a country, and there’s good reason for that: regulations.
List some Azure geographies
- US
- Canada
- UK
- etc.
What is the division construct that come just after the geographies ?
The regions
Why does Microsoft also operate some isolated regions ?
Microsoft also operates isolated regions that are completely dedicated to government data because of the additional regulations that governmental data requires.
What is a regional pair ?
Within each geography, Microsoft has created another logical boundary called a regional pair.
Each regional pair contains two regions within the geography.
When Microsoft must perform updates to the Azure platform, they perform those updates on one region in the regional pair. Once those updates are complete, they move to the next region in the regional pair. This ensures that the availability of your services operating within a regional pair aren’t impacted by updates.
In principle, what is the minimal number of regions within each eligible geography ?
2
it is not always possible. 2 options exists then:
- 1 region and another region that is only optional and for georedundancy purpose (this region cannot be a primary)
- have 1 region within the geography and another one out of the geography for redundancy.
What are the Azure Government datacenters, and how are they different from public datacenters?
Azure Government datacenters are specifically developed for U.S. government needs. They are completely isolated from public datacenters, ensuring enhanced security and compliance.
Who is eligible to work in Azure Government datacenters, and what are the requirements for Microsoft employees providing technical support to Azure Government customers?
All employees working in Azure Government datacenters must be U.S. citizens. This includes Microsoft employees who provide technical support to Azure Government customers.
How does Microsoft ensure compliance of the network communications between the Azure Government cloud and on-premises government systems?
To maintain compliant communication between Azure Government cloud and on-premises government systems, Microsoft developed dedicated, isolated networking infrastructure with its own fiber-optic components.
Can local governments, like cities and municipalities, use Azure Government services? What is the process for them to gain access?
Azure Government is accessible not only to federal agencies but also to local governments like cities and municipalities. They must be vetted by Microsoft to confirm their government agency status before receiving a subscription.
What are some key differences between the Azure Government cloud and the public Azure cloud, particularly in terms of web portal URLs and domain names?
The Azure Government cloud has similar features and services as the public cloud, but with differences like the portal URL (https://portal.azure.us) and .us top-level domain for Azure services.
How transferrable are Azure cloud development skills to Azure Government?
Skills in cloud development in Azure are directly transferable to Azure Government, as the services and functionalities are largely the same outside of specific compliance and domain differences.
What is the DoD Impact Level 5 Provisional Authorization, and how does Azure Government comply with it?
This is a compliance requirement for the U.S. Department of Defense concerning controlled unclassified information needing higher protection. Azure Government meets these requirements through a subset of datacenters approved for DoD usage.
What is Azure Germany, and how is it tailored to meet EU compliance needs?
Azure Germany is a distinct cloud system created for EU compliance needs, similar in concept to Azure Government but tailored for the EU, EFTA, and the UK.
Who operates Azure Germany, and what control does the data trustee have over the data and infrastructure?
Operated by T-Systems International, Azure Germany datacenters are under the control of a local company acting as a data trustee, with full control over data and infrastructure.
In what way is Microsoft’s involvement in Azure Germany limited, especially concerning customer data access?
Microsoft’s involvement in Azure Germany is limited to managing systems without access to customer data, ensuring high compliance with EU data protection standards.
What is Azure China, and how is it operated differently from other Azure clouds?
Azure China, operated by Shanghai Blue Cloud Technology Co., Ltd. (BlueCloud), is a separate cloud service catering to Chinese regulations and compliance requirements.
Who owns and operates BlueCloud, and how is it associated with Azure China?
BlueCloud, operating Azure China, is owned by Beijing 21Vianet Broadband Data Center Co., Ltd., a Chinese internet and datacenter service provider.
How does Azure China differ in terms of features and services compared to other Azure clouds?
Azure China does not offer the full set of features available in other Azure clouds. However, Microsoft is continuously working to add more features and services.
What is Microsoft’s approach to expanding features and services in Azure China?
Microsoft is actively working to enhance Azure China by adding additional features and services, adapting to the unique regulatory environment in China.
Can international entities outside of the EU, EFTA, and the UK access Azure Germany, and if so, under what conditions?
Azure Germany is primarily available to customers doing business in the EU, EFTA, and the UK. The text does not specify whether entities outside these regions can access Azure Germany, but typically access would be restricted to entities within these regions due to compliance and regulatory reasons.
What is the purpose of Azure availability zones?
Azure availability zones are designed to protect users from data loss and application outages by ensuring high availability and fault tolerance in the event of issues within a single building in a region.
Are Azure availability zones available in all regions and for all services?
No, availability zones are not available in all Azure regions and not for all Azure services. The most current list of enabled regions and services can be found at https://bit.ly/az900-azones.
How many availability zones are there in each enabled Azure region?
Each Azure region that supports availability zones has at least three availability zones.
What are the key features of an Azure availability zone?
Each availability zone has its own isolated water supply, cooling system, network, and power supply, separate from other zones.
How do Azure availability zones contribute to high availability?
By deploying an Azure service in two or more availability zones, high availability is achieved, even if one zone experiences a problem.
What limitations do availability zones have in terms of disaster recovery?
Availability zones offer protection against localized disasters but may not be sufficient for large-scale natural disasters, as they are located within the same region.
Are all Azure services supported by availability zones?
No, not all services support availability zones because they are designed for enhanced infrastructure availability, and some services, like App Service Certificates, don’t fit this model.
What types of services support Azure Availability Zones?
There are two categories: zonal services (like virtual machines) that must be explicitly deployed in zones, and zone-redundant services (like zone redundant storage) that are made zone redundant upon creation.
What is the difference between availability zones and availability sets in Azure?
Availability sets are about creating VMs in different physical server racks within a single Azure datacenter, offering a 99.95% SLA. In contrast, availability zones involve deploying to two or more distinct datacenters within a region, with a 99.99% SLA.
What are zonal services in Azure, and how do they relate to availability zones?
Zonal services in Azure, like virtual machines, managed disks, and public IP addresses, must be explicitly deployed into two or more zones to achieve high availability.
What happens when you create a virtual machine in an Azure availability zone (regarding to its associated resources - disks, IP, etc.)?
When a virtual machine is created in an Azure availability zone, Azure automatically deploys the associated managed disks and public IP address (if configured) to the same availability zone.
What are zone-redundant services in Azure, and how do they work?
Zone-redundant services, such as zone redundant storage and SQL databases, are replicated automatically to multiple availability zones by Azure for high availability. Options like ZRS for storage and zone redundancy for SQL databases are available during creation.
How can you check the status of Azure services?
The status of Azure services can be checked on the Azure Status page at https://status.azure.com, which shows the operational status of all Azure services.
How does the deployment to multiple availability zones affect the uptime guarantee for Azure virtual machines?
The deployment of Azure virtual machines to multiple availability zones increases the uptime guarantee from 99.95% (with availability sets) to 99.99%, as it involves deploying to distinct datacenters within a region.
What is the basic structure and function of Azure datacenters?
Azure datacenters are physical buildings located in each region, containing server racks and computer hardware. They operate on independent network infrastructures designed for low latency, ensuring reliable and fast network connectivity for Azure services within the same region.
How does Microsoft ensure power reliability in Azure datacenters?
Each Azure datacenter has an isolated power supply, backup power generators, and uses Microsoft’s own fiber-optic network for data transfer. Microsoft aims for 100% renewable energy by 2025 and is developing natural gas-powered fuel cells to reduce reliance on third-party power providers.
What visibility do customers have regarding Azure’s regional infrastructure?
Azure customers can only see and select regions when creating resources. They don’t have visibility into Azure’s internal geography or the concept of regional pairs, although they can see each region within a regional pair.
How does Azure manage data safety and disaster recovery?
To protect data from regional disasters or failures, Azure encourages customers to replicate data across multiple regions. This ensures data safety, as data replicated in a different region remains accessible even if one region faces a disaster.
What are Microsoft’s commitments and advancements in datacenter power efficiency and sustainability?
Microsoft Azure was found to be up to 93% more efficient than on-premises services in a 2018 study. By 2025, Microsoft commits to using 100% renewable energy in Azure datacenters. Recent advancements include the development of a hydrogen-fueled cell capable of running an Azure datacenter for 48 consecutive hours.
What is an Azure resource group and its primary function?
An Azure resource group is a logical container for organizing Azure resources associated with a specific application or deployment. It allows for managing and deploying these resources as a single entity, simplifying administration and ensuring efficient resource management.
How do Azure Resource Manager (ARM) templates work with resource groups?
Azure Resource Manager (ARM) templates are used for deploying resources within a resource group. While it’s typical to deploy to a single resource group using an ARM template, deploying to multiple resource groups is possible but requires a complex setup of interconnected ARM templates.
What are the benefits of using resource groups in Azure?
Resource groups in Azure offer several benefits, including easy deployment and management of resources, the ability to give recognizable names for quick identification, and the convenience of seeing all resources used in a particular application at a glance. They also facilitate cost tracking and management by grouping resources used by specific departments or for certain applications.
Can Azure resources belong to multiple resource groups? How are resources moved?
An Azure resource can only exist in one resource group at a time. It’s possible to move resources from one resource group to another, but this process isn’t without risks, and Microsoft provides guidance to avoid problems during such moves.
What happens when a resource group is deleted in Azure?
Deleting a resource group in Azure results in the automatic deletion of all resources contained within that group. This feature is particularly useful for managing resources in testing scenarios, allowing for the easy cleanup of multiple resources and avoiding unexpected costs from unused resources.
What is an Azure subscription, and how does it relate to Azure resources?
An Azure subscription is automatically created when signing up for Azure, and it’s where all resources you create are housed. Additional subscriptions can be created for logical grouping or specific reporting needs, each with its own set of limits or quotas.
It is the primary isolation and access control boundary of resources within Azure.
What are the different types of Azure subscriptions available?
Azure offers various subscription types including Free Trial (limited-time free access), Pay-As-You-Go (pay only for used resources), and Azure For Students (special subscription with free credits and services for 12 months). The type of subscription depends on the Azure account.
How can you manage and analyze costs within an Azure subscription?
Azure provides tools for cost management and analysis within a subscription. Users can view spending rates, forecasted costs, and detailed breakdowns of expenses by service name, location, and resource group. Additionally, budgets can be created to manage costs effectively.
What are the limitations and capabilities when creating Azure subscriptions?
Each Azure subscription has its own unique identifier and can be given a descriptive name. Subscriptions have specific limits, but some can be increased by Microsoft support if justified. Subscriptions can be organized within management groups for better control.
What is a management group in Azure, and how does it function?
A management group in Azure is a container for organizing Azure resources, specifically subscriptions or other management groups. It allows for applying policies and access control more precisely. Each Azure organization has a limit of up to 10,000 management groups, with a hierarchy limit of six levels.
How does the hierarchy of resource groups, subscriptions, and management groups work in Azure ?
In Azure, the hierarchy starts with management groups at the top, followed by subscriptions, and then resource groups. The Tenant Root Group is the default management group. Each Azure resource must be created within a resource group, which is inside a subscription.
What are the restrictions for moving subscriptions and management groups?
In Azure, subscriptions and management groups can be moved around within the hierarchy. However, a management group or subscription cannot have multiple parents, and there are limitations to how many levels deep a management group hierarchy can be.
How does Azure handle resource groups and their creation?
In Azure, each resource must be created within a resource group, which is a container within a subscription. Unlike management groups, there is no default resource group; each must be explicitly created within the user’s subscription.
What is Azure Compute ?
Azure Compute refers to cloud services that consume resources like CPU and memory, categorized as compute services. This includes virtual machines, container instances, and Functions
What are Azure Container Instances (ACI) ?
Azure Container Instances allow running containerized applications on a virtual machine without directly allocating a VM. It’s used for applications that need to move between different environments.
What is a container in Azure ?
A container in Azure is a zipped version of an application, including everything it needs to run, like a database engine or web server. It operates in an isolated environment with its own network and storage.
What is the significance of Docker in Azure containers?
Docker is a popular container runtime in Azure, responsible for running applications in containers and ensuring a secure environment.
Can Docker images built for Linux run on Windows hosts?
No, Docker images built for Linux cannot run on Windows hosts and vice versa due to operating system compatibility.
How does ACI differ from traditional VMs in terms of cost?
ACI is generally more cost-effective than traditional VMs as you pay only for the memory and CPU used by the container, leading to lower costs for less frequent usage.
What are the limitations of Azure Container Instances (ACI)?
ACI is suitable for simple applications and not ideal for heavily used applications requiring scaling. For such needs, Azure Kubernetes Service (AKS) is a better choice.
How does Azure Kubernetes Service (AKS) differ from ACI?
AKS is better suited for scalable, containerized environments for running full workloads, unlike ACI, which is designed for simpler, less resource-intensive applications.
What is required to make an ACI instance internet-accessible?
To make an ACI instance accessible on the internet, you need to set the DNS name label for the instance during its creation.
Can the DNS Name Label or image of an ACI instance be changed after creation?
No, the DNS Name Label and the image of an ACI instance cannot be changed after creation. If changes are needed, the instance must be deleted and recreated.
What is the importance of planning ahead when creating an ACI instance?
Planning ahead is crucial as changing settings like the DNS Name Label or the image requires recreating the instance, which might result in losing the public IP address.
What are the options for Azure virtual machines?
Options for Azure virtual machines include various configurations of CPU, memory, and storage, tailored to different workload requirements.
What resources are required for virtual machines in Azure?
Virtual machines in Azure require resources like CPU, memory, storage, and network connectivity, which can be scaled based on the application needs.
What are the application hosting options in Azure?
Azure offers various application hosting options, including virtual machines, container instances, and managed services like Azure Kubernetes Service.
What is virtual networking in Azure?
Virtual networking in Azure refers to the creation of a virtual network infrastructure, including subnets, IPs, and DNS, to support and connect cloud resources.
What is an Azure Function ?
Azure Function is a service that runs on Azure App Service and is well-designed to accomodate a microservices architecture.
How does Azure bill for VMs?
Azure charges for VMs as long as they are running, and billing stops when the VM is in a stopped state.
What happens to the VM’s IP address upon restart if not reserved?
The VM’s IP address may change unless the IP address is reserved.
How can stopping a VM within the guest OS affect billing?
Stopping a VM from the guest OS may still incur charges as the VM continues to use Azure resources.
What are the types of maintenance and downtime events for Azure VMs?
Azure VMs can experience planned maintenance, unplanned maintenance, and unexpected downtime.
What are Availability Sets in Azure?
Availability Sets are used to ensure VMs remain available during maintenance events and hardware failures.
What are Fault Domains in Azure Availability Sets?
Fault Domains are logical groupings of VMs on separate physical racks to protect from hardware failures.
How do Update Domains work in Azure Availability Sets?
Update Domains are used to manage VM reboots during planned maintenance, minimizing downtime.
What is the configuration of VMs in an Availability Set?
VMs are assigned to fault and update domains to balance maintenance impact and ensure availability.
What are the disadvantages of using Azure Availability Sets?
Availability Sets require manual VM creation and configuration, and can increase costs due to over-provisioning.
What are Azure Scale Sets?
Azure Scale Sets allow automatic scaling of VMs based on demand, up to 1000 VMs, with easy setup.
How do Scale Sets compare with Availability Sets in terms of deployment?
Scale Sets are deployed in Availability Sets, offering both fault and update domain benefits.
What is Azure’s autoscale feature in Scale Sets?
Autoscale automatically adjusts the number of VM instances based on defined rules like CPU and network usage.
What is the Service Level Agreement (SLA) for Azure multi-VM deployments?
Microsoft guarantees a 99.95% SLA for multi-VM deployment scenarios in Azure.
What SLA does Microsoft offer for single-instance VMs with premium storage?
A 99.9% SLA is provided for single-instance VMs using premium storage in Azure.
What is Azure Virtual Desktop (AVD)?
AVD is a Platform as a Service offering that provides desktop virtualization managed by Microsoft.
How is Azure Virtual Desktop configured?
AVD is configured by creating a tenant, host pools, session hosts, and app groups for user access.
What resources are automatically created with an Azure VM?
Resources like virtual network, public IP address, network security group, and disk are auto-created with a VM.
What additional resources are required for a VM in Azure?
A management group, an Azure subscription, and a resource group are also required.
What are Update domains in Azure, and how many are created by default?
Update domains in Azure are used during maintenance to reboot VMs systematically, with five domains created by default.
What is the role of a load balancer in an Azure Availability Set?
A load balancer distributes traffic among VMs in an Availability Set, ensuring efficient resource utilization and availability.
How do Availability Zones enhance the functionality of Azure VMs in Scale Sets?
Availability Zones offer additional protection by distributing VMs across different data centers, enhancing reliability and availability.
How do Fault Domains help in improving VM availability?
Fault Domains separate VMs physically within a data center, so if one physical server or rack fails, only the VMs on that server or rack are affected, not the entire Availability Set.
Can you explain how Update Domains function in Azure?
Update Domains are logical groups in an Availability Set that help in sequential rebooting of VMs during planned maintenance, ensuring that not all VMs are rebooted at once.
How many Fault Domains are assigned by default in Azure, and can this number be changed?
By default, Azure assigns 2 Fault Domains to an Availability Set, and this number can be adjusted based on the specific needs of the deployment.
What are the typical configurations for Update Domains in Azure Availability Sets?
Azure creates five Update Domains by default in an Availability Set to manage maintenance processes.
How do Scale Sets differ from Availability Sets in Azure?
Scale Sets provide automatic scaling of VMs to meet demand, whereas Availability Sets are focused on ensuring availability during maintenance and failures.
Can Scale Sets be used in conjunction with Availability Sets?
Yes, Scale Sets are deployed in Availability Sets automatically, benefiting from the high availability features of Fault and Update Domains.
How do Scale Sets interact with Availability Zones?
Unlike VMs in an availability set, however, VMs in a scale set are also compatible with availability zones, so you are protected from problems in an Azure data center.
What role do Update Domains play in Scale Sets?
In Scale Sets, Update Domains ensure that VM instances are not all updated or rebooted simultaneously, maintaining service availability.
How do Availability Sets protect against unplanned maintenance?
Availability Sets protect against unplanned maintenance by distributing VMs across Fault Domains, ensuring not all VMs are affected by a single hardware failure.
Can you have more than two Fault Domains in an Azure Availability Set?
Yes, while the default is two, Azure allows the creation of more Fault Domains for enhanced fault tolerance.
How does Azure ensure the distribution of VMs across Update Domains in Scale Sets?
Azure automatically distributes VM instances in Scale Sets across different Update Domains, balancing the load and minimizing the impact of updates.
What is Azure App Service?
Azure App Service is a Platform as a Service (PaaS) offering in Azure for hosting web apps in the cloud.
