-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path303
135 lines (100 loc) · 4.73 KB
/
303
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
>> Implement cloud infrastructure monitoring
monitor cost
o monitor spend
o report on spend
*************************************************************************
>>> Implement storage accounts
select storage account options based on a use case
configure Azure Files and blob storage
configure network access to the storage account
implement Shared Access Signatures and access policies
implement Azure AD authentication for storage
manage access keys
implement Azure storage replication
implement Azure storage account failover
****************************************************************************
>>>Implement VMs for Windows and Linux (DONE)
configure High Availability
configure storage for VMs
select virtual machine size
implement Azure Dedicated Hosts
deploy and configure scale sets
configure Azure Disk Encryption
Exercise - Create a virtual machine
Exercise - Sizing VMs
Exercise - Deploy a scale set in the Azure portal
(Deploy - az vmss create )
(Configure - az network lb probe create)
(Configure - az network lb rule create (to configure the load balancer to route HTTP traffic to the instances in the scale set))
Custom Script Extension - (az vmss extension set)
Exercise - Create a Windows virtual machine
Exercise - Deploy VMs to dedicated hosts using the portal
(Create "Host Groups" -> Create "Dedicated Hosts" -> Craete VM)
(New-AzHostGroup `-> New-AzHost -> New-AzVM)
Excercise - Move the VM to a dedicated host (VM -> Stop -> Configuration -> Choose Host group & Host --> Save)
Connect-AzAccount
Excercise - Create an availability Set
(You can create availability sets through the Azure portal in the disaster recovery section)
New-AzKeyVault,
az keyvault create
Set-AzKeyVaultAccessPolicy
az keyvault
Set-AzVmDiskEncryptionExtension
az vm encryption enable
Disable-AzVMDiskEncryption
az vm encryption disable
New-AzResourceGroup, New-AzVm, Get-AzVM, Get-AzVmDiskEncryptionStatus, New-AzKeyVault, New-AzSnapshot,Set-AzVmDiskEncryptionExtension (to encrypt VM disks)
Get-AzVmDiskEncryptionStatus, New-AzAvailabilitySet,New-AzVmss
Exercise - Encrypt the VM disks with Azure Disk Encryption:
(Create Key Vault -> Update Key Vault to support Disk Encryption --> Encrypt VM using key stored in Key Vault)
Exercise - Resource Manager Deployment
(Create a Resource --> Template Deployment)
New-AzResourceGroupDeployment
azure group deployment create
****************************************************************************
>>> Implement virtual networking
implement VNet to VNet connections
Site to Site(Azure VPN Gateway/Express Route), VNet to VNet(Azure VPN Gateway), Vnet Peering
implement VNet peering
Create VNet
az network vnet create \
az vm create
Configure Azure Network Peering
az network vnet peering create \
****************************************************************************
Implement Azure Active Directory
add custom domains
configure Azure AD Identity Protection
implement self-service password reset
implement Conditional Access including MFA
configure user accounts for MFA
configure fraud alerts
configure bypass options
configure Trusted IPs
configure verification methods
implement and manage guest accounts
manage multiple directories
**************************************************************************
Implement and manage hybrid identities
install and configure Azure AD Connect
identity synchronization options
configure and manage password sync and password writeback
configure single sign-on
use Azure AD Connect Health
***************************************************************************
>>> Implement and Manage Data Platforms (10-15%)
*********************************************************
Implement NoSQL databases (DONE)
configure storage account tables
select appropriate CosmosDB APIs
set up replicas in CosmosDB
Azure Cosmos DB account, Database, Container, Request Unit (RU/s), Partition Key, Multi Master Support,
Conflict Resolution(Last-Writer-Wins (LWW),Custom - User-defined function, Custom - Async), Muti Region writes, Manual/Automatic failover
Consistency Level
LAB: Creating an Azure Cosmos DB account
LAB: Creating your database and container (Cosmos DB Account --> Data Explorer --> New Container)
LAB: Replicate data in multiple regions (Cosmos DB Account --> Replicate Data Globally)
LAB: Automatic/Manual Failover (Cosmos DB Account --> Replicate Data Globally --> Automatic/Manual failover)
LAB: Insert and query data in your Azure Cosmos DB database (Cosmos DB Account --> Data Explorer)
LAB: Create an Azure Storage table in the Azure portal (Create Storage Account --> Create Table)
**********************************************************