Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Index

A
A record type, 185
AAD. See Azure Active Directory (AAD)
AAD Connect
- about, 49–51
- Connect Health, 51–52
- directory objects, 52
- single sign-on (SSO), 52–53

Access Control (IAM), 85–86
access reviews, as Privileged Identity Management (PIM) feature, 74
ACI. See Azure Container Instances (ACI)
ACID (atomic, consistent, isolated, durable), 364
ACR (Azure Container Registry), 247, 251–254
activation and hosting component (Service Fabric), 331–332
Active Directory (AD), 12–13
Active Directory Federation Service (ADFS), 53
adaptive query processing, 403
ADF (Azure Data Factory), 358, 370
ADLS (Azure Data Lake Storage), 370–371, 434
Advanced Data Security (ADS), 397
Advanced Message Queueing Protocol (AMQP), 484
ADX. See Azure Data Explorer (ADX)
AF (Azure Firewall), 158, 179–180
aggregation, 377
AIP (Azure Information Protection), 476, 479–480
AKS. See Azure Kubernetes Service (AKS)
answers
- assessment test, xlv–xlvii
- to review questions
  - Azure, 682–683
  - cloud development, 688–689
  - compliance, 688
  - Compute (hosting model), 685–687
  - data storage, 687–688
  - deployment, 689–690
  - hybrid solutions, 688
  - messaging, 688
  - migrating, 689–690
  - monitor and recover, 690–691
  - networking, 684
  - security and identity, 683–684

antipatterns, 521–523
API Management, 171, 462
APIM (Azure API Management), 19–20
APIs
- apps, 20, 306
- definitions, 306

App Service, service tags and, 171
App Service Environment (ASE), 16, 296
App Service Plan (ASP), 296, 568
append blobs, 428
Application Gateway/WAF, 92, 98–99, 158, 174–178
Application Insights, 21, 334, 629–631
application layer security, 215
application proxy, 54–56
application security group (ASG), 137–138, 169–173
application-bound identity provider databases, 78
approval, as Privileged Identity Management (PIM) feature, 75
architecture
- cloud
  - about, 512–513
  - design patterns, 234–237, 517–523
  - design principles, 234–237, 515–517
  - styles, 234–237, 513–514
- Service Fabric, 331–332

Archive Storage, 439
ARM. See Azure Resource Manager (ARM)
ASE (App Service Environment), 16, 296
ASG (application security group), 137–138, 169–173
ASP (App Service Plan), 296, 568
ASP.NET, 307–308, 339–342
ASR (Azure Site Recovery), 475, 548–549, 663–668
assessment test
- answers, xlv–xlvii
- questions, xxxix–xliv

Asynchronous Request/Reply pattern, 488–489
ATM (Azure Traffic Manager), 170, 376
atomic, consistent, isolated, durable (ACID), 364
audit history, as Privileged Identity Management (PIM) feature, 74
authentication (AuthN)
- about, 459, 526
- cloud, 525–531
- Privileged Identity Management (PIM), 74–75

authorization (AuthZ), 459, 526
auto scaling, 205–206, 343
auto-heal, 235
automated deployment, 269–270
automatic healing, 515–516
availability sets, 288–295
Availability Zones, 118–119, 286–288
AWS (Azure Web Sites), 5
AZ-303 exam
- components of, 3–4
- objectives of, xxviii–xxxiii
- strategy for passing, 5–9

AZ-304 exam
- components of, 3–4
- objectives of, xxxiv–xxxviii
- strategy for passing, 5–9

Azure
- Azure VNT to resources, 164–168
- categories, 11
- certifications in, 2–3
- dedicated hosts, 270–271
- exam essentials, 33
- key terms, 34
- managed disk storage, 437
- networking limits, 157–158
- networking patterns, 155–157
- review question answers, 682–683
- review questions, 35–38
- Service Fabric, 335–336
- subscription, 80–82

Azure Active Directory (AAD)
- AAD Connect, 13, 49–53
- about, 12–13, 40–44
- adding custom domains, 44–49
- application proxy, 54–56
- Azure AD Domain Services, 76–77
- B2B collaboration, 53–54
- compared with role-based access control (RBAC), 77, 78
- conditional access, 59–66
- Domain Services, 76–77
- exercises, 45–46, 47–49, 58–59, 62–66, 69–73, 301–302
- identity protection, 57–59
- managed identities, 75–76
- multifactor authentication, 66–74
- Privileged Identity Management (PIM), 74–75
- roles, 43
- self-service password, 54
- service level agreement (SLA), 56–57
- service tags and, 171

Azure Administrator Associate, 2
Azure Analysis Services, 371–372
Azure API Apps, 16, 17
Azure API Management (APIM), 19–20
Azure App Service Web App for Containers, 16, 17
Azure App Services
- about, 5–6, 16–17, 298–301
- Azure WebJobs, 309–312
- environments, 308–309
- exercises, 301–302, 303–305, 578–579, 592–593
- migrating, 565–566
- moving, 568–569
- recovery and, 673
- Web Apps, 301–306
- Web Apps for containers (Linux), 306–308

Azure Application Gateway
- about, 201–202
- auto scaling, 205–206
- exercises, 203–205, 208–210
- hosting multiple websites, 206–211
- SSL termination, 202–205
- URL path-based redirection, 206–211

Azure Arc, 607
Azure Automation
- about, 600–604
- configuration management, 605–606
- exercises, 601–603
- process automation, 604
- update management, 606–607

Azure Backup, 439–440, 653–663
Azure Bastion, 32, 261
Azure Batch, 312–317
Azure Blob storage, 26, 27, 426, 427–430
Azure Blueprints, 464, 465
Azure Cache for Redis, 421–422, 492
Azure Confidential Computing, 92, 99–102
Azure Container Instances (ACI)
- about, 239–241
- container groups, 243–256
- containers, 241–243
- exercises, 253
- images, 241–243
- multicontainers, 243–256
- OS virtualization, 241–243

Azure Container Registry (ACR), 247, 251–254
Azure Content Delivery Network (CDN). See Content Delivery Network (CDN)
Azure Cosmos DB
- about, 24–25, 408–412, 443
- API models, 412–413
- Data Migration tool, 564
- exercises, 409–412
- migration options, 416
- querying, 416–417
- service tags and, 171

Azure Data Bricks, 371
Azure Data Explorer (ADX)
- about, 21, 373, 440–442, 631–634
- cluster, 631
- exercises, 440–442, 494–496, 633

Azure Data Factory (ADF), 358, 370
Azure Data Lake, 369, 371
Azure Data Lake Storage (ADLS), 370–371, 434
Azure Data Services, 673–675
Azure Data Share, 450
Azure Data Store, 377–381
Azure Data Subject Request (DSR) Portal, 476
Azure Database for MySQL, 422–423
Azure Database for PostgreSQL, 423
Azure Databox, 564
Azure DevOps Expert, 2
Azure File storage, 26, 27–28
Azure Files, 430
Azure Firewall (AF), 158, 179–180
Azure Front Door
- about, 214–215, 519
- application layer security, 215
- custom domains and certificate management, 215
- multisite hosting, 214–215

Azure Functions
- about, 18–19, 317–318
- bindings, 320–325
- exercises, 324–325
- hosting plans, 319–320
- runtime versions, 326
- supported programming languages, 326–327
- triggers, 320–325

Azure Hybrid Benefit, 546–547, 556–557
Azure Information Protection (AIP), 476, 479–480
Azure Key Vault
- about, 103–104, 444–446
- exercises, 104, 444–445, 535–536
- service tags and, 171

Azure Kubernetes Service (AKS)
- about, 336
- clusters, 338
- compared with Kubernetes, 336–338
- development and deployment, 338–342
- exercises, 339–342
- Kubernetes compared with, 336–338
- maintaining, 342–344
- nodes, 338
- pods, 338
- scaling, 342–344

Azure Load Balancer
- about, 134–135, 158, 211–212
- health probes, 213–214
- internal load balancer (ILB), 213
- outbound connections, 214
- public, 212–213
- service tags and, 171

Azure Marketplace, 260
Azure Migrate, 549–561
Azure Mobile Apps, 16, 17
Azure Monitor
- about, 20–21, 465, 621–627
- Application Insights, 629–631
- Azure Data Explorer (ADX), 631–634
- exercises, 621–625
- Log Analytics, 627–629

Azure NetApp Files, 434
Azure Network Security, 92, 98
Azure Policy, 466–470, 476
Azure Portal, 596
Azure PowerShell, 466–467
Azure Queue Storage, 26, 28, 430–432, 524–525
Azure Recovery Services
- about, 651–652
- Azure Backup, 653–663
- Azure Resource Graph, 652–653
- Vault, 573

Azure Relay/Hybrid Connection Manager, 218–220
Azure Reserved Virtual Machine Instances, 314, 546–547, 557–558
Azure Resource Graph, 652–653
Azure Resource Manager (ARM)
- about, 87
- deploying with templates, 580–594
- exercises, 592–593

Azure Sentinel, 459
Azure Service Health, 619–620
Azure Site Recovery (ASR), 475, 548–549, 663–668
Azure Solutions Architect Expert, 2, 3–5
Azure SQL Database
- about, 22–24, 165, 382, 443
- Azure Cosmos DB
  - about, 408–412
  - API models, 412–413
  - migration options, 416
- configuration and security, 392–397
- containers, 413–415
- Cosmos.py code, 415–416
- data partitioning, 404
- databases, 413–415
- exercises, 383–384, 399–402, 406–408
- global replication concepts, 417–419
- items, 413–415
- migrating data, 397–403
- monitoring, 403–404
- partition keys, 413–415
- pricing models and limits, 388–392
- querying Azure Cosmos DB, 416–417
- selecting, 382–388
- service endpoints, 404–408
- SQL Managed Instance, 408
- SQL VM, 408

Azure Status, 465
Azure Storage, 25–27, 424–434
Azure Storage Explorer, 373
Azure Storage Queue, 498–499
Azure Storage Security, 446–447
Azure Synapse Analytics, 368–370
Azure Table Storage, 26, 28, 420–421, 432–433
Azure Traffic Manager (ATM), 170, 376
Azure Virtual Datacenter (VDC), 477
Azure Virtual Machine (VM)
- about, 15–16, 256–258
- creating, 259–271
- exercises, 140–141, 165, 187, 260, 261–263, 273–274, 279–280, 283–284, 291, 293, 296–297, 552–554, 570–572, 575–576, 656, 664–666
- extensions, 268–269
- managing, 271–297
- migrating
  - about, 286–288, 551
  - Azure Hybrid Benefit, 556–557
  - Azure Reserved VM Instances, 557–558
  - containers, 558
  - Hyper-V, 551–555
  - Linux, 555–556
  - VMWare, 551–555
  - Windows Server, 555–556
- moving, 569–576
- recovery and, 671–673
- scale sets, 288–295
- securing, 295–297

Azure VMWare Solutions, 554
Azure VNet
- to Azure resources, 164–168
- connecting with other, 134
- dedicated DNS Server in, 188–190
- exercises, 121–124, 132
- integrating, 158–163
- integration of, 460–461
- to Internet, 168
- key features and capabilities, 127–129
- Service Endpoints, 23
- subnets and, 142–154

Azure VPN gateways, 195–197
Azure Web Apps, 16, 166–167, 309–312
Azure Web Sites (AWS), 5
Azure WebJobs, 16, 309–312

B
B2B collaboration, 53–54
backing up data and software, 284–285
batch jobs, 309
BCDR. See business continuity and disaster recovery (BCDR) strategy
BCP (Border Gateway Protocol), 190–191
best practices
- Compute (hosting model), 237–239
- Service Fabric, 332–334

beta testing, 8
bidirectional communication, 491
Big Compute style, 514
Big Data, 358–359, 513
Binary Large Object (BLOB) storage, 363
bindings, 320–325
blessed images, 267
block blob, 428
Blue Screen of Death (BSOD), 235
Border Gateway Protocol (BCP), 190–191
botnet threats, 97
bring-your-own-device (BYOD), 59
brute force threats, 97
business continuity and disaster recovery (BCDR) strategy, 30, 285, 475
- about, 650
- business continuity, 650–651
- disaster recovery, 651

C
C#, 326–327
CaaS (container as a service), 230
caching, 217
Cassandra API, 24
CentOS, 267
certificate authority (CA), 527–528
certificates
- authenticating, 527–528
- managing, 215

certifications
- in Azure, 2–3
- obtaining, 3–5

checkpointing, 493
CI/CD (continuous integration/continuous deployment), 534
Circuit Breaker design pattern, 520–521
circuits (ExpressRoute), 190
CiS (cloud-integrated storage), 440
Classless Inter-Domain Routing (CIDR), 117, 139–140
Clear Linux OS, 266, 267, 268
CLI (command-line interface), 247
client (Docker), 247
client affinity, 516
cloud
- about, xxi–xxii
- service models, 229–231
- speed of, 241

cloud bursting, 312–313, 462
cloud development
- about, 512
- architecture
  - about, 512–513
  - design patterns, 517–523
  - design principles, 515–517
  - styles, 513–514
- coding
  - about, 523
  - authentication, 525–531
  - Azure Queue Storage SDK, 524–525
  - connecting to regional/global database instances, 524
  - reading encrypted data from databases, 531–532
  - triggering background jobs, 523–524
- exam essentials, 539
- implementing security, 534–538
- integrated development environments (IDEs), 533–534
- key terms, 539
- review question answers, 688–689
- review questions, 540–541
- source code repositories, 533–534

Cloud Services, 344–345
cloud-integrated storage (CiS), 440
CLRs (common language runtimes), 307
Cluster autoscale, 344
clusters, 330–331, 338
CNAME record type, 185
coding
- cloud
  - about, 523
  - authentication, 525–531
  - Azure Queue Storage SDK, 524–525
  - connecting to regional/global database instances, 524
  - reading encrypted data from databases, 531–532
  - triggering background jobs, 523–524
- deploying, 576–600

Command and Query Responsibility Segregation (CQRS), 518
command-line interface (CLI), 247
common language runtimes (CLRs), 307
communication component (Service Fabric), 332
Competing Consumers pattern, 490–491
compliance
- about, 458, 463
- Azure Blueprints, 465
- Azure Policy, 466–470
- exam essentials, 506
- exercises, 466–467, 468–469, 480–481
- governance and, 464–465
- key terms, 506–507
- Microsoft Cloud App Security (MCAS), 483
- monitoring, 648
- privacy, 475–477
- regulatory boundaries, 477–478
- reliability, 474–475
- resiliency, 474–475
- review question answers, 688
- review questions, 508–509
- security, 472–474
- Security Center, 478–482
- tags, 470–472

compression on the fly, 217
Compute (hosting model)
- about, 228–229
- architectural styles, principles, and patterns, 234–237
- Azure App Services
  - about, 298–301
  - Azure WebJobs, 309–312
  - environments, 308–309
  - Web Apps, 301–306
  - Web Apps for containers (Linux), 306–308
- Azure Batch, 312–317
- Azure Container Instances (ACI)
  - about, 239–241
  - container groups, 243–256
  - containers, 241–243
  - images, 241–243
  - multicontainers, 243–256
  - OS virtualization, 241–243
- Azure Functions
  - about, 317–318
  - bindings, 320–325
  - hosting plans, 319–320
  - runtime versions, 326
  - supported programming languages, 326–327
  - triggers, 320–325
- Azure Kubernetes Services
  - about, 336
  - clusters, 338
  - development and deployment, 338–342
  - Kubernetes compared with, 336–338
  - maintaining, 342–344
  - nodes, 338
  - pods, 338
  - scaling, 342–344
- Azure Virtual Machines
  - about, 256–258
  - creating, 259–271
  - managing, 271–297
- best practices, 237–239
- choosing hosting models, 231–234
- cloud service models, 229–231
- Cloud Services, 344–345
- exam essentials, 348–349
- exercises, 244–246, 249–250, 251–252, 253, 260, 261–263
- HPC, 312–317
- key terms, 347–348
- monitoring, 640–642
- review question answers, 685–687
- review questions, 350–353
- Service Fabric
  - about, 328–330
  - architecture, 331–332
  - Azure integration, 335–336
  - best practice scenarios, 332–334
  - clusters, 330–331
  - nodes, 330–331
- Windows Virtual Desktop, 345–346

Compute & Apps blade (Security Center), 481–482
Compute category, products in, 11
conditional access, 59–66
configuration
- Azure SQL Database, 392–397
- managing, 605–606
- networking and, 14

Connect Health, 51–52
connected services, 446
Consumption hosting plan, 319–320
container as a service (CaaS), 230
container entities (Azure Cosmos DB), 25
container groups (Azure Container Instances (ACI)), 243–256
Container Linux by CoreOS, 266, 267
containers
- about, 16
- Azure Container Instances (ACI), 241–243
- Azure SQL Database, 413–415
- migrating, 558
- products in, 11
- Web App for Containers (Linux), 306–308

Content Delivery Network (CDN)
- about, 125, 215–216
- CDN caching rules, 217
- dynamic site acceleration, 217
- file compression, 217
- geofiltering, 217

content deployment, 585
continuous integration/continuous deployment (CI/CD), 534
continuous WebJobs, 309–312
Contributor RBAC role, 78
Core OS, 268
CORS (cross-origin resource sharing), 306
Cosmos.py code, 415–416
costs
- Azure resources, 140
- Azure Virtual Machine, 277–281
- networking and, 13–14

CQRS (Command and Query Responsibility Segregation), 518
create, insert, update, delete (CRUD), 330
credential leaking, 75
cross-origin resource sharing (CORS), 306
curl tool, 152

D
DaaS (database as a service), 22, 378
DaaS (desktop as a service), 378
daemon (Docker), 247
data
- analysis of, 366
- monitoring, 642–646
- at rest, 100
- in transit, 100
- in use, 101

data analytics/data warehouse, 365–373
data backup, migration, and retention, 437–443
Data Distribution Service (DDS), 484
Data Migration Assistant (DMA), 23, 439
Data Migration Service (DMS), 23
data partitioning, 379, 404
data storage
- about, 356–357
- Azure Batch, 316
- Big Data, 358–359
- choosing solutions for
  - about, 359–360
  - Azure Cache for Redis, 421–422
  - Azure Data Store, 377–381
  - Azure Database for MySQL, 422–423
  - Azure Database for PostgreSQL, 423
  - Azure SQL Database, 382–419
  - Azure Storage, 424–434
  - Azure Table Storage, 420–421
  - data analytics/data warehouse, 365–373
  - data backup, migration, and retention, 437–443
  - document databases, 360–361
  - graph databases, 362–363
  - key/value pairs, 361–362
  - Marketplace options, 424
  - object storage, 363
  - Oracle options, 424
  - relational database management system (RDBMS), 363–365
  - search engine databases, 365
  - securing Azure data, 443–450
  - shared files, 373–377
  - zone replication, 434–437
- exam essentials, 451–452
- exercises, 374–376, 383–384, 399–402, 406–408, 409–412, 426, 440–442, 444–445
- extract, transform, load (ETL), 357–358
- key terms, 452–453
- NoSQL, 358–359
- online analytical processing (OLAP), 357–358
- online transaction processing (OLTP), 357–358
- products in, 11
- relational database management system (RDBMS), 357–358
- review question answers, 687–688
- review questions, 454–455
- Security Center, 479–481
- service tags and, 171

data warehouse, 366, 369
Database Access Migration toolkit, 565
database administrator (DBA), 364
database as a service (DaaS), 22, 378
Database Experimentation Assistant (DEA), 564–565
Database Management Assistant (DMA), 559–560
database management system (DBMS), 258
Database Migration Service (DMS), 381, 439, 560–564
database throughput unit (DTU), 388–392
database transaction unit (DTU), 22
databases
- application-bound identity provider, 78
- Azure SQL Database, 413–415
- migrating
  - about, 558–559
  - Azure Data Migration Service, 560–564
  - Azure Databox, 564
  - Cosmos DB Data Migration tool, 564
  - Database Access Migration toolkit, 565
  - Database Experimentation Assistant (DEA), 564–565
  - Database Management Assistant (DMA), 559–560
  - SQL Server Migration Assistant, 560
- products in, 11

DBA (database administrator), 364
DBMS (database management system), 258
DDoS (distributed denial-of-service), 92, 97, 99
DDS (Data Distribution Service), 484
DEA (Database Experimentation Assistant), 564–565
dead-letter queue (DLQ), 498
Debian, 266, 267
decoupling, 516–517
Dedicated hosting plan, 319–320
dedicated hosts, 270–271
dedicated mode, 297
DeleteMessage() method, 524–525
demilitarized zone (DMZ) network pattern, 155, 156, 172
deployment
- about, 544, 576–577
- with ARM templates, 580–594
- automated, 269–270
- Azure Kubernetes Services, 338–342
- content, 585
- DevOps, 594–600
- exam essentials, 608–609
- exercises, 578–579, 592–593, 596–598
- key terms, 609
- review question answers, 689–690
- review questions, 610–611
- with Visual Studio, 578–580

deployment logs, 648–649
deployment slots, 596
design for self-healing, 235
design patterns
- about, 517–518
- antipatterns, 521–523
- Circuit Breaker, 520–521
- cloud, 517–523
- Gatekeeper, 519–520
- in messaging, 487–492
- Retry, 518–519
- Sharding, 520
- Throttling, 520

design principles
- about, 515
- automatic healing, 515–516
- cloud, 515–517
- decoupling, 516–517
- designing for change, 517
- infrastructure as a service (IaaS), 517
- platform as a service (PaaS), 517
- redundancy, 515
- reliance, 515
- resiliency, 515
- scaling, 516–517
- self-healing, 515–516
- software as a service (SaaS), 517

Desired State Configuration (DSC), 605
desktop as a service (DaaS), 378
destination network address translation (DNAT), 147, 179
device platforms, conditional access policies and, 60
DevOps
- exercises, 596–598
- working with, 594–600

DIPRs (Dynamic IP Restrictions), 180–181, 520
directory name, 41
directory objects, 52
disaster recovery (DR), 285, 474, 651
disaster recovery as a service (DRaaS), 475
distributed denial-of-service (DDoS), 92, 97, 99
DLQ (dead-letter queue), 498
DMA (Data Migration Assistant), 23, 439
DMA (Database Management Assistant), 559–560
DMS (Data Migration Service), 23
DMS (Database Migration Service), 381, 439, 560–564
DMZ (demilitarized zone) network pattern, 155, 156
DNAT (destination network address translation), 147, 179
DNS. See Domain Name System (DNS)
Docker
- components of, 247–250
- images, 249–250

document databases, 360–361, 415
Document DB Data Migration Tool, 416
Domain Name System (DNS)
- about, 184–186
- Azure private, 188
- Azure public, 188
- Azure-provided, 187–188
- dedicated Server in VNet, 188–190
- exercises, 187
- specifying servers, 193–194

domains
- adding custom to Azure Active Directory, 45–47
- custom, 215
- exercises, 44–46

dot-decimal notation, 143
DPM (System Center Data Protection Manager), 655
DR (disaster recovery), 285, 474, 651
DRaaS (disaster recovery as a service), 475
DSC (Desired State Configuration), 605
DSR (Azure Data Subject Request) Portal, 476
DTU (database throughput unit), 388–392
DTU (database transaction unit), 22
duplication detection, 496
Dynamic IP Restrictions (DIPRs), 180–181, 520
dynamic mode, 18
dynamic site acceleration, 217

E
Easy Auth, 105–106, 537
EDW (enterprise data warehouse), 365–366
elastic database throughput unit (eDTU), 388–392
elastic pool, 22
Electronic Data Interchange (EDI), 237–238
enclave, 101
encryption
- about, 99–102
- data, 444–446
- reading encrypted data from databases, 531–532

endorsed distributions, 267
engine (Docker), 247
enterprise data warehouse (EDW), 365–366
environments (Azure App Services), 308–309
ephemeral disk, 282
ephemeral ports, 146, 147
Etcd API, 24
ETL (extract, transform, load), 357–358
Event Grid, 499–503
Event Hubs, 492–496
Event-driven style, 514
events, compared with messaging, 485
exam essentials
- Azure, 33
- cloud development, 539
- compliance, 506
- Compute (hosting model), 348–349
- data storage, 451–452
- deployment, 608–609
- hybrid solutions, 506
- messaging, 506
- migrating, 608–609
- monitoring, 678
- networking, 222–223
- recovery, 678
- security and identity, 106–107

exercises
- adding identity protection, 58–59
- Application Gateway/WAF, 176–178
- ASP.NET Core web applications, 339–342
- availability sets, 291
- Azure Active Directory (AAD), 45–46, 47–49, 58–59, 62–66, 69–73, 301–302
- Azure App Services, 301–302, 303–305, 578–579, 592–593
- Azure Application Gateway, 203–205, 208–210
- Azure Automation, 601–603
- Azure Backup, 656
- Azure Batch, 314
- Azure Blob storage, 426
- Azure Container Instances (ACI), 253
- Azure Container Registry (ACR), 251–252
- Azure Cosmos DB, 409–412
- Azure Data Explorer (ADX), 440–442, 494–496, 633
- Azure Data Migration Service (DMS), 561–562
- Azure DNS, 187
- Azure Functions, 324–325
- Azure Key Vault, 104, 444–445, 535–536
- Azure Kubernetes Services, 339–342
- Azure Monitor, 621–625
- Azure Policy, 466–467, 468–469
- Azure PowerShell, 466–467
- Azure Resource Manager (ARM), 592–593
- Azure Site Recovery (ASR), 664–666
- Azure SQL, 165
- Azure SQL DB, 383–384, 399–402, 406–408
- Azure subscription, 80–82
- Azure Virtual Machine, 140–141, 165, 187, 260, 261–263, 273–274, 279–280, 283–284, 291, 293, 296–297, 552–554, 570–572, 575–576, 656, 664–666
- Azure Virtual Networking, 121–124, 132
- Azure VPN gateways, 195–197
- Azure Web App, 166–167
- compliance, 466–467, 468–469, 480–481
- Compute (hosting model), 244–246, 249–250, 251–252, 253, 260, 261–263
- conditional access, 62–66
- content delivery network (CDN), 216
- creating AAD users, 46–47
- creating Azure files, 374–376
- custom roles, 88–91
- data storage, 374–376, 383–384, 399–402, 406–408, 409–412, 426, 440–442, 444–445
- deployment, 578–579, 592–593, 596–598
- DevOps, 596–598
- Docker images, 244–246, 249–250
- domains, 44–46
- Easy Auth, 537
- Event Grid, 499–501
- Event Hubs, 493
- global VNet peering, 159–162
- High Performance Computing (HPC), 303–305
- managed disks, 296–297
- Managed Identities (MI), 535–536
- management groups, 83
- messaging, 493, 494–496, 499–501
- migrating, 552–554, 561–562
- monitoring, 621–625, 633
- multifactor authentication (MFA), 69–73
- network security group (NSG), 171–172
- Network Watcher, 152–154
- recovery, 656, 664–666
- role-based access control (RBAC), 80–82, 83, 88–91
- scale sets, 293
- service endpoints, 406–408
- SSL termination, 203–205
- subnets, 150–154
- URL routing, 208–210
- VMWare, 552–554

ExpressRoute, 136, 158, 190–192, 460
extensions (Azure Virtual Machine), 268–269
extract, transform, load (ETL), 357–358

F
F#, 326–327
fault domains, 288
features, 9–32, 127
federation component (Service Fabric), 332
file compression, 217
File Integrity Monitoring (FIM), 96
file share, 27
File Transfer Protocol (FTP), 546
firewalls, 450
first in, first out (FIFO), 430–432
five nines, 616
forced tunneling, 172, 199–201
forms, authenticating, 526
fully qualified domain names (FQDNs), 179
functionalities, 9–11
Functions app, 20
functions as a service (FaaS), 231

G
GA (Global Availability), 326
Gatekeeper design pattern, 519–520
Gateway Manager, service tags and, 171
Gateway Subnet, 194–195
geofiltering, 217
geography, 125
geo-redundant storage (GRS), 435, 436
geo-replication, 252
geo-zone-redundant storage (GZRS), 435, 437
GetMessage() method, 524–525
GitHub change notification types, 7
Global Availability (GA), 326
global replication concepts, Azure SQL Database, 417–419
global shard-map manager database, 404
global VNet peering, 134, 158–162
globally redundant storage (GRS), 125
governance, compliance and, 464–465
graph databases, 362–363
graphical processing units (GPUs), Azure Batch and, 312
graphical user interface (GUI), API Apps and, 306
Gremlin API, 24
GRS (geo-redundant storage), 435, 436
GRS (globally redundant storage), 125
GZRS (geo-zone-redundant storage), 435, 437

H
hardware and network security
- about, 92–93
- Application Gateway/WAF, 98–99
- Azure confidential computing, 99–102
- Azure DDoS protection, 99
- Azure Network Security, 98
- Microsoft Trust Center, 93
- Security Center, 93–98

HCM (Hybrid Connection Manager), 54, 136, 190, 462
health probes, 213–214
High Performance Computing (HPC), 233–234, 303–305, 312–317
hop, 138
Horizontal Pod Autoscale (HPA), 343
horizontal scale, 377
host identifier, 144
hosting models
- choosing, 231–234
- defined, 229

hosting plans, 319–320
HPC (High Performance Computing), 233–234, 303–305, 312–317
HTTP (Hypertext Transfer Protocol), 100
hub and spoke network pattern, 155, 157
hybrid Azure networking
- about, 190
- configuring VPN devices, 198
- creating Gateway Subnets, 194–195
- creating local network gateways, 197
- creating virtual networks, 193
- creating VPN connection, 198–199
- creating VPN gateway, 195–197
- ExpressRoute, 190–192
- forced tunneling, 199–201
- site-to-site VNP gateway, 192–193
- specifying DNS Servers, 193–194

Hybrid Connection Manager (HCM), 54, 136, 190, 462
hybrid network pattern, 155
hybrid solutions
- about, 458–459
- computing, 462–463
- data solutions, 463
- exam essentials, 506
- key terms, 506–507
- networking
  - about, 460
  - API management, 462
  - Express Route, 460
  - Hybrid Connection Manager (HCM), 462
  - Network Watcher, 461
  - Traffic Manager, 462
  - VNet integration, 460–461
  - VPN Gateway, 460
- review question answers, 688
- review questions, 508–509
- security, 459

hyperscale, 235
Hypertext Transfer Protocol (HTTP), 100
Hyper-V, 286, 551–555

I
IaaS (infrastructure as a service), 229, 517
IANA (Internet Assigned Number Authority), 145
IDE (Integrated Drive Electronics), 281
identity as a service (AAD), 12–13
identity protection, 57–59
IDEs (integrated development environments), 533–534
IIS (Internet Information Services), 180
ILB (internal load balancer), 213, 308
ILPIP (instance-level public IP), 135
images
- Azure Container Instances (ACI), 241–243
- defined, 239–240
- using, 261–263

Import/Export, 442, 566
Improperly Instantiating Objects antipattern, 521–523
infrastructure as a service (IaaS), 229, 517
input/output operations per second (IOPS), 258
instance-level public IP (ILPIP), 135
integrated development environments (IDEs), 533–534
Integrated Drive Electronics (IDE), 281
Integrated Windows Authentication (IWA), 12, 528–529
integration and testing (I&T), 470
intellectual property (IP), 59
internal load balancer (ILB), 213, 308
Internet
- Azure VNet to, 168
- connecting with the, 134–136
- service tags and, 171

Internet Assigned Number Authority (IANA), 145
Internet Information Services (IIS), 180
IOPS (input/output operations per second), 258
IP (intellectual property), 59
IP addresses, whitelisting, 24
IP masquerading, 146
IP restrictions, 180–184
IP Security, 180
IPv4, 139–140
IPv6, 145
isolated network pattern, 155
I&T (integration and testing), 470
item entities, Azure Cosmos DB, 25
items, Azure SQL Database, 413–415
IWA (Integrated Windows Authentication), 12, 528–529

J
Java, 307–308
JavaScript, 326–327
justification, as Privileged Identity Management (PIM) feature, 74
just-in-time, as Privileged Identity Management (PIM) feature, 75

K
kernel, accessing, 242
key performance indicators (KPIs), 618
key terms
- Azure, 34
- cloud development, 539
- compliance, 506–507
- Compute (hosting model), 347–348
- data storage, 452–453
- deployment, 609
- hybrid solutions, 506–507
- messaging, 506–507
- migrating, 609
- networking, 220–221

key/value pairs, 361–362
KPIs (key performance indicators), 618
KQL (Kusto Query Language), 631–632
Kubernetes, compared with Azure Kubernetes Service, 336–338
KUSTO cluster, 631
Kusto Query Language (KQL), 631–632

L
labels, 649
Language Understanding Intelligent Service (LUIS), 365
Linux
- Azure Virtual Machine and, 266–268
- Web App for Containers, 306–308
- Windows Backup compared with, 661–663
- workloads, 555–556

local network gateways, 197
locally redundant storage (LRS), 395, 434–436
locations, conditional access policies and, 60
Log Analytics, 21, 334, 627–629
Logic Apps, 20, 503–505
logical load metrics, 331
long-term retention (LTR), 396, 438
LRS (locally redundant storage), 395, 434–436
LUIS (Language Understanding Intelligent Service), 365

M
MaaS (messaging as a service), 484
MABS (Microsoft Azure Backup Server), 655
machine learning (ML) model, 102
main() method, 320–321
maintenance
- Azure Kubernetes Services, 342–344
- Azure Virtual Machines and, 272–281

malicious software threats, 97
managed disk storage, 281–285
managed disks, 294–295, 296–297
Managed Identities (MI)
- about, 75–76, 103
- authenticating, 530
- exercises, 535–536

managed instance, 22
Managed Service Identity (MSI), 75–76
management component (Service Fabric), 332
management group, 83
manual scaling, 343
Marketplace
- Azure Batch, 316–317
- options for data and storage, 424

MARS (Microsoft Azure Recovery Services), 655
MCAS (Microsoft Cloud App Security), 483
messaging
- about, 458, 484
- Azure Storage Queue, 498–499
- choosing a service for, 485–487
- Event Grid, 499–503
- Event Hubs, 492–496
- events compared with, 485
- exam essentials, 506
- exercises, 493, 494–496, 499–501
- key terms, 506–507
- Logic Apps, 503–505
- monitoring, 646–647
- Notification Hub, 505
- patterns in
  - about, 487–488
  - Asynchronous Request/Reply pattern, 488–489
  - Azure Cache for Redis, 492
  - Competing Consumers pattern, 490–491
  - Publisher/Subscriber pattern, 488
  - Queue-Based Load Leveling pattern, 489
  - Sequential Convoy pattern, 489–490
- recovery and, 675–677
- review question answers, 688
- review questions, 508–509
- Service Bus, 496–498

messaging as a service (MaaS), 484
MFA. See multifactor authentication (MFA)
MI. See Managed Identities (MI)
microservices, 329, 338
Microservices style, 514
Microsoft Authenticator app, as authentication method, 68
Microsoft Azure Backup Server (MABS), 655
Microsoft Azure Recovery Services (MARS), 655
Microsoft Cloud App Security (MCAS), 483
Microsoft Distributed Transaction Coordinator (MSDTC), 247
Microsoft Enterprise edge (MSEE) routers, 190–191
Microsoft Message Queuing (MSMQ), 247, 484
Microsoft Trust Center (MTC), 92, 93, 464
migrating
- about, 544
- to Azure
  - about, 544–548
  - Azure Migrate, 549–551
  - Azure Site Recovery, 548–549
- Azure App Services, 565–566
- Azure SQL Database, 397–403
- Azure Virtual Machines
  - about, 286–288, 551
  - Azure Hybrid Benefit, 556–557
  - Azure Reserved VM Instances, 557–558
  - containers, 558
  - Hyper-V, 551–555
  - Linux, 555–556
  - VMWare, 551–555
  - Windows Server, 555–556
- databases
  - about, 558–559
  - Azure Data Migration Service, 560–564
  - Azure Databox, 564
  - Cosmos DB Data Migration tool, 564
  - Database Access Migration toolkit, 565
  - Database Experimentation Assistant (DEA), 564–565
  - Database Management Assistant (DMA), 559–560
  - SQL Server Migration Assistant, 560
- exam essentials, 608–609
- exercises, 552–554, 561–562
- Import/Export, 566
- key terms, 609
- review question answers, 689–690
- review questions, 610–611

ML (machine learning) model, 102
mobile apps, 306
Mobile category, products in, 11
Model-View-Controller (MVC), 345
Mongo API, 24
MongoDB API, 24
monitoring
- about, 614–615, 615–619
- Azure Monitor, 621–634
- Azure Service Health, 619–620
- Azure SQL Database, 403–404
- by component
  - about, 634–635
  - compliance, 648
  - compute, 640–642
  - data, 642–646
  - messaging, 646–647
  - network, 638–640
  - security, 635–638
- deployment logs, 648–649
- exam essentials, 678
- exercises, 621–625, 633
- labels, 649
- review question answers, 690–691
- review questions, 679–680
- tags, 649

Monolithic Persistence antipattern, 521–523
MSDTC (Microsoft Distributed Transaction Coordinator), 247
MSEE (Microsoft Enterprise edge) routers, 190–191
MSI (Managed Service Identity), 75–76
MSMQ (Microsoft Message Queuing), 247, 484
MTC (Microsoft Trust Center), 92, 93, 464
multicontainers, 243–256
multifactor authentication (MFA)
- about, 66–69, 529
- enabling, 69–74
- exercises, 69–73
- implementation of, 60
- as Privileged Identity Management (PIM) feature, 74
- types of, 67–68

multisite hosting, 214–215
multitiered style, 513
MVC (Model-View-Controller), 345
MX record type, 185

N
nameresolver tool, 152
NAT (network address translation), 146
.NET Core, 307–308
netstat tool, 147
network address translation (NAT), 146
network identifier, 144
Network Logger, 120
network map, 183–184
network security groups (NSGs)
- about, 98, 128–129, 137–138, 271–272
- exercises, 171–172
- traffic filtering with, 169–173

network traffic filtering, 137–138
network traffic routing, 138–142
network virtual appliance (NVA), 155, 169–173
Network Watcher, 120, 152–154, 461
networking. See also hybrid solutions, networking
- about, 13–14, 112
- advanced concepts and tools, 143–154
- Azure Virtual Machines and, 271–272
- Azure virtual networking
  - about, 117
  - Azure networking limits, 157–158
  - Azure networking patterns, 155–157
  - Azure VNet, 127–129
  - connecting with Azure resources, 129–134
  - connecting with Azure VNets, 134
  - connecting with Internet, 134–136
  - connecting with on-premise resources, 136–137
  - key features and capabilities, 127–168
  - network traffic filtering, 137–138
  - network traffic routing, 138–142
  - regions, 117–127
  - site-to-site overview, 163–164
  - VNet to Azure resources, 164–168
  - VNet to Internet, 168
  - Vnet to VNet integration, 158–163
  - VNets and subnets, 142–154
- exam essentials, 222–223
- hybrid
  - about, 114–115, 190, 460
  - API management, 462
  - Azure Virtual Network, 115–117
  - configuring VPN devices, 198
  - creating Gateway Subnets, 194–195
  - creating local network gateways, 197
  - creating virtual networks, 193
  - creating VPN connection, 198–199
  - Express Route, 460
  - ExpressRoute, 190–192
  - forced tunneling, 199–201
  - Hybrid Connection Manager (HCM), 462
  - Network Watcher, 461
  - site-to-site VNP gateway, 192–193
  - specifying DNS Servers, 193–194
  - Traffic Manager, 462
  - VNet integration, 460–461
  - VPN Gateway, 195–197, 460
- key terms, 220–221
- Microsoft global network, 112–114
- monitoring networks, 638–640
- products in, 11
- recovery and, 669–670
- review question answers, 684
- review questions, 224–225
- security
  - about, 92–93
  - Application Gateway/WAF, 98–99
  - Azure confidential computing, 99–102
  - Azure DDoS protection, 99
  - Azure Network Security, 98
  - Microsoft Trust Center, 93
  - Security Center, 93–98
- tools, 152

nodes
- about, 307–308, 338
- defined, 138
- Service Fabric, 330–331
- virtual, 344

noisy neighbor, 158
NoSQL, 358–359
Not Caching antipattern, 521–523
Notification Hub, 505
notifications, as Privileged Identity Management (PIM) feature, 74
NS record type, 185
NSGs. See network security groups (NSGs)
NVA (network virtual appliance), 155, 169–173

O
OAuth, 529–530
objects
- Docker, 248
- storage of, 363

ODBC Driver 17 SQL utility, 164
offsets, 493
127.0.0.1 IPv4 address, 144
online analytical processing (OLAP), 357–358
online transaction processing (OLTP), 357–358
on-premise
- connecting with resources, 136–137
- migrating from, 286

open source, 307, 377
open standards, authentication and, 529–530
OpenAPI, 20
OpenID, 529–530
openSUSE, 267
operating systems, 234
Oracle, 424
Oracle Linux, 267
orchestration, 234, 254–256
OSI layers, 208
OS-level virtualization, 241–243
outbound connections, 214
Owner RBAC role, 78

P
P2S (Point-to-Site) connection, 136
PaaS (platform as a service), 230–231, 517
page blobs, 428–429
partition keys, 413–415
Pass-Through Authentication, 53
password
- as authentication method, 68
- self-service, 54

Password Hash Synchronization, 53
PAT (port address translation), 135, 146
PeekMessage() method, 524–525
Perf View, 21
permissions
- controlling for resources, 87
- providing to resources, 85–86
- role-based access control (RBAC), 78–81

PHP, 307–308
physical partitions, 415
PIM (Privileged Identity Management), 74–75
platform as a service (PaaS), 230–231, 517
pods, 338
point-of-presence (POP), 216
point-time restore (PITR), 438
Point-to-Site (P2S) connection, 136
poison messages, 491
port address translation (PAT), 135, 146
PostgreSQL, Azure Database for, 423
PowerShell, 200–201, 326–327
pricing models and limits, Azure SQL Database, 388–392
primary key, 364
privacy, compliance, 475–477
Privileged Identity Management (PIM), 74–75
process automation, 604
product names, 9–11
products, 127
programming languages, supported in Azure Functions, 326–327
psping tool, 152
public IP addresses, 134–135, 157
public load balancer, 212–213
Publisher/Subscriber pattern, 488
Python, 307–308, 326–327

Q
questions
- assessment test, xxxix–xliv
- review
  - Azure, 35–38
  - cloud development, 540–541
  - compliance, 508–509
  - Compute (hosting model), 350–353
  - data storage, 454–455
  - deployment, 610–611
  - hybrid solutions, 508–509
  - messaging, 508–509
  - migrating, 610–611
  - monitoring, 679–680
  - networking, 224–225
  - recovery, 679–680
  - security and identity, 108–109

Queue-Based Load Leveling pattern, 489

R
RBAC. See role-based access control (RBAC)
RCA (root-cause analysis), 620
RDBMS (relational database management system), 22, 357–358, 363–365
RDMA (Remote Directory Memory Access), 312–313
RDP (Remote Desktop Protocol), 546
read-access geo-redundant storage (RA-GRS), 396, 435, 436
read-access geo-zone-redundant storage (RA-GZRS), 435, 437
Reader RBAC role, 78
recovery
- about, 614–615, 649–650
- Azure Recovery Services, 651–668
- business continuity and disaster recovery (BCDR), 650–651
- exam essentials, 678
- exercises, 656, 664–666
- by product type
  - about, 668–669
  - Azure App Services, 673
  - Azure Data Services, 673–675
  - Azure Messaging Services, 675–677
  - Azure Virtual Machines, 671–673
  - networking, 669–670
- review question answers, 690–691
- review questions, 679–680

recovery point objective (RPO), 667
recovery time object (RTO), 667
Red Hat Enterprise, 266, 267, 268
Redeploy, 285
redundancy, in design principles, 515
regional dependencies, 552
regional global database instances, 524
regions
- in Azure Virtual Networking, 117–127
- changing, 286–288

registry, Docker, 247
regulatory boundaries, 477–478
relational database management system (RDBMS), 22, 357–358, 363–365
reliability
- compliance, 474–475
- design principles, 515

reliability component (Service Fabric), 332
Remote Desktop Protocol (RDP), 546
Remote Directory Memory Access (RDMA), 312–313
Representational State Transfer (REST) API, 237
request unit (RU), 414–415
resiliency
- compliance, 474–475
- design principles, 515

resource groups, 84, 286–288
resource locks, 273–277
resource providers, 91, 586–591
resources
- about, 127
- connecting with other Azure, 129–134
- controlling permissions for, 87
- deploying, 576–600
- moving in Azure
  - about, 567–568
  - Azure App Services, 568–569
  - Azure Virtual Machines, 569–576
- on-premise, 136–137
- providing permissions to, 85–86

rest, data at, 100
Retry design pattern, 235–236, 518–519
review questions
- answers to
  - Azure, 682–683
  - cloud development, 688–689
  - compliance, 688
  - Compute (hosting model), 685–687
  - data storage, 687–688
  - deployment, 689–690
  - hybrid solutions, 688
  - messaging, 688
  - migrating, 689–690
  - monitoring, 690–691
  - networking, 684
  - recovery, 690–691
  - security and identity, 683–684
- Azure, 35–38
- cloud development, 540–541
- compliance, 508–509
- Compute (hosting model), 350–353
- data storage, 454–455
- deployment, 610–611
- hybrid solutions, 508–509
- messaging, 508–509
- migrating, 610–611
- monitoring, 679–680
- networking, 224–225
- recovery, 679–680
- security and identity, 108–109

role-based access control (RBAC)
- about, 49, 78–84
- compared with Azure Active Directory (AAD), 77, 78
- controlling access, 84–85
- controlling permissions to resources, 87
- custom roles, 87–91
- exercises, 80–82, 83, 88–91
- permissions, 78–81, 85–87
- providing permissions to resources, 85–86
- roles, 78–79

roles
- Azure Active Directory (AAD), 43
- custom, 87–91
- defined, 78
- exercises, 88–91

root-cause analysis (RCA), 620
router, 146–147
routing table, 139
RPO (recovery point objective), 667
RTO (recovery time object), 667
RU (request unit), 414–415
Ruby, 307–308
run from package, 318
run() method, 321–323
runtime, 239–240
runtime versions, 326

S
S2S (Site-to-Site) connection, 136, 163–164, 192–193
SaaS (software as a service), 41, 517
SAS (Shared Access Signatures), 102–103, 434, 447–449
SAS signature, 449
scale sets, 288–295
scaling
- Azure Kubernetes Services, 342–344
- design principles and, 516–517

SCSI (Small Computer System Interface), 281
SDKs (software development kits), 238, 621
SDLC (software development life cycle), 594
SDM (semantic data model), 371–372
search engine databases, 365
search engine optimization (SEO), 365
Secure Sockets Layer (SSL), 202
security and identity
- about, 40
- Azure Active Directory (AAD)
  - AAD Connect, 49–53
  - about, 40–44
  - adding custom domains, 44–49
  - application proxy, 54–56
  - Azure AD Domain Services, 76–77
  - B2B collaboration, 53–54
  - conditional access, 59–66
  - identity protection, 57–59
  - managed identities, 75–76
  - multifactor authentication, 66–74
  - Privileged Identity Management (PIM), 74–75
  - self-service password, 54
  - service level agreement (SLA), 56–57
- Azure data, 443–450
- Azure SQL Database, 392–397
- Azure Virtual Machine, 295–297
- cloud, 534–538
- compliance, 472–474
- exam essentials, 106–107
- hardware and network security
  - about, 92–93
  - Application Gateway/WAF, 98–99
  - Azure confidential computing, 99–102
  - Azure DDoS protection, 99
  - Azure Network Security, 98
  - Microsoft Trust Center, 93
  - Security Center, 93–98
- hybrid solutions, 459
- monitoring, 635–638
- products in, 11
- review question answers, 683–684
- review questions, 108–109
- role-based access control (RBAC)
  - about, 78–84
  - controlling access, 84–85
  - controlling permissions to resources, 87
  - custom roles, 87–91
  - providing permissions to resources, 85–86
- security products and techniques, 102–106

Security Center
- about, 92, 93–94, 478–479
- advanced cloud defense, 96
- Compute & Apps blade, 481–482
- data storage, 479–481
- policy and compliance capabilities, 94–95
- resource security hygiene, 95–96
- Threat Protection, 96–98
- tier differences, 94

security information and event management (SIEM), 638
security principals, 84
security rules, 137
self-healing, 235, 515–516
self-service password, 54
semantic data model (SDM), 371–372
SEO (search engine optimization), 365
Sequential Convoy pattern, 489–490
Server Integration Services (SSIS), 398
Server Message Block (SMB), 27, 100, 374
serverless computing. See functions as a service (FaaS)
Serverless computing style, 514
Service Bus, 28–30, 496–498
service endpoints
- about, 450
- Azure SQL Databases, 404–408
- exercises, 406–408

Service Fabric
- about, 328–330
- architecture, 331–332
- Azure integration, 335–336
- best practice scenarios, 332–334
- clusters, 330–331
- nodes, 330–331

service level agreement (SLA), 56–57, 615
Service Management Automation, 607
service principals, 85, 103, 531
service tag, 170–171
Service Trust Center, 464
service-oriented architecture (SOA), 185, 328
sharding, 415
Sharding design pattern, 520
Shared Access Signatures (SAS), 102–103, 434, 447–449
shared files, 373–377
SIEM (security information and event management), 638
sign-in risk, conditional access policies and, 60–62
Simple Object Application Protocol (SOAP), 237–238
single database, 22
single sign-on (SSO), 52–53, 459
Site Recovery, 30–32
Site Recovery Deployment Planner (SRDP), 32
Site-to-Site (S2S) connection, 136, 163–164, 192–193
site-to-site VNP gateway, 192–193
size, Azure Virtual Machine, 277–281
SKU types, 196–197
SLA (service level agreement), 56–57, 615
slot swap, 300
Small Computer System Interface (SCSI), 281
SMB (Server Message Block), 27, 100, 374
SMS, as authentication method, 68
SNAT (source network address translation), 135, 146
SOA (service-oriented architecture), 185, 328
SOA (start of authority), 188
SOAP (Simple Object Application Protocol), 237–238
socket, 147
software as a service (SaaS), 41, 517
software development kits (SDKs), 238, 621
software development life cycle (SDLC), 594
software-driven wide area network (SWAN), 318
source code repositories, 533–534
source network address translation (SNAT), 135, 146
SQL. See Structured Query Language (SQL)
SQL Information Protection, 480
SQL Managed Instance, 408
SQL Server, 22–23
SQL Server Migration Assistant (SSMA), 439, 560
SQLCMD utility, 164
SRDP (Site Recovery Deployment Planner), 32
SSE (Storage Service Encryption), 446
SSIS (Server Integration Services), 398
SSL (Secure Sockets Layer), 202
SSL offloading, 202–205
SSL Termination, 202–205
SSMA (SQL Server Migration Assistant), 439, 560
SSO (single sign-on), 52–53, 459
start of authority (SOA), 188
sticky sessions, 516
storage. See data storage
Storage Explorer, 433
Storage Service Encryption (SSE), 446
StorSimple, 440
Structured Query Language (SQL)
- about, 22
- service tags and, 171
- VM, 408

styles, 513–514
subnets
- Azure VNet and, 142–154
- exercises, 150–154

subscriptions
- changing, 286–288
- defined, 498

Superfluous Fetching antipattern, 521–523
SUSE Linux Enterprise, 266, 267, 268
SWAN (software-driven wide area network), 318
Synchronous I/O antipattern, 521–523
System Center Data Protection Manager (DPM), 655
System Center Orchestrator, 607

T
tags, 470–472, 649
TCP, 149
tcpping tool, 152
Team Foundation Services (TFS), 534
TEEs (trusted execution environments), 101
templates, ARM, 580–594
tenant (AD), 12–13, 41
testing component (Service Fabric), 332
Threat protection, 96–98
Throttling design pattern, 520
time-bound, as Privileged Identity Management (PIM) feature, 74
time-to-live (TTL), 186
TLS (Transport Layer Security), 202
tokens, 105–106
tools, networking, 152
topology, 183–184
traffic filtering, with NSG, ASG, and NVA, 169–173
Traffic Manager
- about, 125, 217–218, 462
- networking limits, 158

transient event, 238
transit, data in, 100
transport component (Service Fabric), 332
Transport Layer Security (TLS), 202
triggered WebJobs, 309–312
triggers
- Azure Functions, 320–325
- for background jobs, 523–524

trusted execution environments (TEEs), 101
TTL (time-to-live), 186
2017 C++ redistributable utility, 164
TXT record type, 185
TypeScript, 326–327

U
Ubuntu, 267, 268
Ubuntu Server, 266
UDP, 149
update domains, 288
update management, 606–607
URL path-based redirection, 206–211
user acceptance testing (UAT), 470
user-defined functions (UDF), 415
user-defined route (UDR), 172
users (Azure Active Directory), 47–49

V
VDC (Azure Virtual Datacenter), 477
vertical scale, 377
virtual, 345
virtual hard disk (VHD), 15, 264
Virtual Machine. See Azure Virtual Machine (VM)
virtual machine scale set (VMSS), 263
Virtual Network Appliances (VNA), 363
virtual networks
- about, 98
- creating, 193
- private address space, 133
- service endpoints, 131

virtual nodes, 344
virtualization-based security, 101
Visual Studio, deploying with, 578–580
VMSS (virtual machine scale set), 263
VMWare, 286, 551–555
VNA (Virtual Network Appliances), 363
voice call, as authentication method, 68
Volume Shadow Copy Service (VSS), 662
VPN connection, 198–199
VPN devices, 198
VPN Gateway, 195–197, 460

W
WASL, 20
WCF (Windows Communication Foundation) framework, 237–238
Web API, 233
Web Application Firewall (WAF), 99, 174, 450
Web applications, 233, 514
Web Apps
- about, 301–306
- for containers (Linux), 306–308

Web category products, 11
web farm, 202
Web-queue-worker style, 514
websites, hosting multiple, 206–211
whitelisting IP addresses, 24
Windows Authentication, 528–529
Windows Azure Guest Agent, 573
Windows Backup, Linux compared with, 661–663
Windows Communication Foundation (WCF) framework, 237–238
Windows Server operating system, 263–266, 555–556
Windows Subsystem for Linux (WSL), 242
Windows Virtual Desktop, 345–346
Wireshark, 120
Workflow management style, 514
WSDL, 20

Y
YAML file, 338

Z
0.0.0.0/0 address prefix, 141
zone replication, 434–437
zone-redundant storage (ZRS), 434–435, 436
zones, changing, 286–288

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Index

Create new playlist

Sign In

Sign Up

Table of Contents for
Index