This blog post covers a brief overview of the topics covered and some common questions asked on Day 1 Live Interactive training on Azure Administrator Certification[AZ-104].
This post will help you to learn Administration and Azure Virtual Networking and prepare you for these certifications and get a better-paid job in the field of Azure administrator.
On our Day 1 Live Session, we have covered Cloud Concepts, Cloud Service Models, Azure Overview, Azure Region, IP Addressing, basics of Networking, RBAC Overview and also performed hands-on, where we have created Resource Groups and configured Virtual Networks, Virtual Machines, Subnets and many more.
>Azure Administration
An Azure Administrator is responsible for implementing, monitoring, and maintaining Microsoft Azure solutions, including major services related to Compute (Virtual machine, Containers), Storage (Blob Storage, Azure Files), Networking (Load Balancer, DNS, etc.), Database (Azure SQL, MySQL, Cosmos DB, etc) and Security (Key Vault, Azure Security Centre, etc.).
>Cloud Services Model
Cloud computing offers different services based on three delivery models. They follow the order of SaaS (Software as a Service), PaaS (Platform as a Service), and IaaS (Infrastructure as a service).
There are three main types of cloud computing services, sometimes called the cloud computing stack because they build on top of one another.
Q1. Virtual Machine is PaaS or IaaS service model?
Ans. Virtual Machines is an IaaS (Infrastructure as a service) because on a VM you can manage what operation system runs and what software is installed. You are just renting a virtual machine then picking up the OS to run, application frameworks, and storage. So you own more responsibilities compared to PaaS, whereas in PaaS (Platform as a Service) underlying infrastructure is hidden, so you don’t manage the OS,patching, updates, and even scaling and elasticity. That becomes the responsibility of the provider, you just subscribe and use.
On a PaaS, you only manage the software or application that runs in the cloud. (Like Web app services)
>Cloud Deployment Models
The cloud deployments models represent a specific type of cloud environment, primarily distinguished by ownership, size, and access, and also describes the nature and purpose of the cloud. Cloud deployment models are categorized as public clouds, private clouds, and hybrid clouds.
The public cloud is open to all to store and access information via the Internet using the pay-per-usage method. In the public cloud, computing resources are managed and operated by the Cloud Service Provider (CSP).
Several Public Cloud Providers are Microsoft Azure, Amazon elastic compute cloud (EC2), IBM SmartCloud Enterprise, Google App Engine.
>Private Cloud
A private cloud is well known as an internal cloud or corporate cloud. It is offered to selected users over the internet or a private internal network It provides greater security controls. It can be deployed using Opensource tools such as Openstack and Eucalyptus.
Based on the location and management, the National Institute of Standards and Technology (NIST) divide private cloud into the following two parts-
On-premise private cloud
Outsourced private cloud
>Hybrid Cloud
Hybrid Cloud is an example of both public and private cloud. It shares securities responsibilities. It helps to maintain the strongest controls over sensitive data and processes.
Example- Azure stack hub is an extension of Azure that provides a way to run apps in an on-premise environment and deliver services on your data center.
Q.2 What are the benefits of a hybrid cloud?
Ans. Hybrid cloud provides flexible resources because of the public cloud and security because critical activities are performed by the private cloud. It costs less than the private cloud and also helps organizations to save costs for infrastructure and application support, and provides an excellent way for companies to manage the risk.
>Accounts and Subscriptions
An Azure account is a globally unique entity that gets you access to Azure and your Azure subscriptions. You can create multiple subscriptions in your Azure account to create separation. For example – for billing and management purposes.
Q3. Can we delete a free subscription?
Ans. If you have a free trial subscription, you don’t have to wait 30 days for the subscription to automatically delete. You can delete your subscription three days after you cancel it. The Delete subscription option will not be available after three days you cancel your subscription.
Ans. Tenant is nothing but a subscription for the organization. It’s an instance of Azure AD created when an organization signs up for a Microsoft Cloud service subscription.
>Resource Groups
A resource group is a logical container that holds related resources for an Azure solution. It helps in managing all the resources in a group. It helps us to allocate resources to a resource group and generally, add resources that share the same lifecycle to the same resources group so you can easily deploy, update, and delete them as a group.
Q5. Who has the right to delete the resource groups or virtual machines, the owner or the administrators?
Ans. An administrator has login access to the platform and as an administrator can add and delete resource groups and virtual machines. An administrator can only delete A particular resource group and virtual machine based on their user role. And the owner cannot delete the resource group and virtual machines due to the particular role assigned to the various administrators and the administrators can only handle their role.
Q6. What is the best practice to Audit or Govern the Root Permission?
Ans. The best practice for Governance is that there should be a minimum of 2 Owners and the rest can be given according to their job roles in the organization. For Audit, you can enable RBAC Policy. Also, this topic will be covered in Module 10 Manage identities and governance of this training.
>Regions in Azure
An Azure region is a set of data centers deployed within a defined perimeter and interconnected through a dedicated regional low-latency network that is located around the globe. Azure region assigns and controls the resources within each region to ensure workloads are balanced in an appropriate manner. This gives you the flexibility to bring applications closer to your users no matter which region they belong to.
Q7. Does every azure region have multiple data centers?
Ans. Yes, we can have multiple data centers in a region, there are up to 3 Availability Zones that are unique physical locations within an Azure region. Each zone is made up of one or more data centers equipped with independent power, cooling, and networking. To ensure resiliency, there’s a minimum of three separate zones in all enabled regions.
Q8. High Availability (second VM) can be created in other regions?
Ans. Yes, we can ensure the high availability of a VM in another region by deploying the second VM behind a “Traffic Manager”.
A multi-region architecture can provide higher availability than deploying to a single region. If a regional outage affects the primary region, you can use Traffic Manager to failover to the secondary region. This architecture can also help if an individual subsystem of the application fails.
Azure Virtual Networking (VNet) is the fundamental building block for your private network in Azure.
VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks.
Virtual Machine is no different than any other physical computer like a laptop, smartphone, or server.
An Internet Protocol Address is a numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. An IP Address serves two main functions: host or network interface identification and local addressing.
>Public IP and Private IP
Public IP addresses allow internet resources to communicate inbound to Azure resources. Public IP addresses enable Azure resources to communicate to internal and public-facing Azure services. The address is dedicated to the resource until it’s unassigned by you. Azure dynamically assigns an available IP address that isn’t dedicated to the resource.
Private IP addresses used for communication within a Virtual Network, your on-premises network, and the Internet. You must assign at least one private IP address to a virtual machine. Helps a private network to connect securely to other devices within that same network.
>Subnets
A subnet is a range of IP addresses in the virtual network. You can divide a virtual network into multiple subnets for organization and security. Each Network interface card connected in a virtual machine is connected to one subnet only.
Q9. Can we change VM from subnet 2 to subnet 1?
Ans. We first need to understand how a Virtual Machine is integrated with a subnet. To be more specific Virtual Machines are not directly connected with a Subnet. Virtual Machines are connected with Network Interface Card and in turn, those NICs are connected to the Subnets. So, technically, it is not possible to change the Subnet of a Virtual Machine as they are really not connected with the Subnet.
So, in order to change the Subnet associated with a Network Interface Card, navigate to the NIC to which the Virtual Machine is connected by clicking on the NIC associated with the Virtual Machine.
Q10: Why would there be a need to reserve public IP?
Ans.There are a few reasons why you need a Reserved IP address
Easy A-Record DNS: Because you maintain the same public IP after delete and shutdown VMs, you can avoid having to reprogram DNS or other applications depending upon the IP to the newly assigned IP when you restart.
On-Premise Connectivity Security: You can now provide access to your Azure Services from your enterprise network, leveraging the public IP but controlling and access through your proxy/firewall on-premises. You now don’t need to worry about re-programming that each time you start and stop your VM.
Q11. Can you please talk about the pre-requisites and technology/programming background one must have to become a successful azure admin? What is the domain knowledge one must have to undergo this training session completely?
Ans. There is no Prerequisite to learn this Training and become a Certified Azure Administrator. There is no particular domain knowledge you need to have before attending or undergoing this Training, we will cover all the required services here in this program itself.
Begin your journey towards becoming a Microsoft Azure Administrator [AZ-104] by joining our FREE Class. We strongly recommend gaining knowledge from AZ-104 to be an effective Azure Administrator. Our course covers the AZ 104 certification.
Click on the below image to register for the Free ClassNOW!
