Search icon Close icon
Search icon CANCEL
Subscription
0
Cart icon
Cart
Close icon
You have no products in your basket yet
Save more on your purchases!
Savings automatically calculated. No voucher code required
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond

You're reading from  Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond

Product type Book
Published in Jul 2021
Publisher Packt
ISBN-13 9781800566934
Pages 520 pages
Edition 1st Edition
Languages
Concepts
Author (1):
Brett Hargreaves Brett Hargreaves
Profile icon Brett Hargreaves
LinkedIn
Brett Hargreaves is a principal Azure consultant for Iridium Consulting, who has worked with some of the world's biggest companies, helping them design and build cutting-edge solutions. With a career spanning infrastructure, development, consulting, and architecture, he's been involved in projects covering the entire solution stack using Microsoft technologies. He loves passing on his knowledge to others through books, blogging, and his online training courses.
Read more
See other products by Brett Hargreaves
Toc

Table of Contents (30) Chapters close

Preface 1. Section 1: Exploring Modern Architecture
2. Chapter 1: Architecture for the Cloud 3. Chapter 2: Principles of Modern Architecture 4. Section 2: Identity and Security
5. Chapter 3: Understanding User Authentication 6. Chapter 4: Managing User Authorization 7. Chapter 5: Ensuring Platform Governance 8. Chapter 6: Building Application Security 9. Section 3: Infrastructure and Storage Components
10. Chapter 7: Designing Compute Solutions 11. Chapter 8: Network Connectivity and Security 12. Chapter 9: Exploring Storage Solutions 13. Chapter 10: Migrating Workloads to Azure 14. Section 4: Applications and Databases
15. Chapter 11: Comparing Application Components 16. Chapter 12: Creating Scalable and Secure Databases 17. Chapter 13: Options for Data Integration 18. Chapter 14: High Availability and Redundancy Concepts 19. Section 5: Operations and Monitoring
20. Chapter 15: Designing for Logging and Monitoring 21. Chapter 16: Developing Business Continuity 22. Chapter 17: Scripted Deployments and DevOps Automation 23. Section 6: Beyond the Exam
24. Chapter 18: Engaging with Real-World Customers 25. Chapter 19: Enterprise Design Considerations 26. Mock Exam
27. Mock Answers
28. Assessments 29. Other Books You May Enjoy

Understanding infrastructure and platform services

One of the big differences between IaaS and PaaS is about how the responsibility of components shifts.

The simplest examples of this are with websites and Structured Query Language (SQL) databases. Before we look at IaaS, let's consider an on-premise implementation.

When hosted in your own data center, you might have a server running IIS, upon which your website is hosted, and a database server running SQL. In this traditional scenario, you own full responsibility for the hardware, Basic Input/Output System (BIOS) updates, operating system (OS) patching, security updates, resilience, inbound and outbound traffic—often via a centralized firewall—and all physical security.

IaaS

The first step in migrating to cloud might be via a lift-and-shift approach using virtual networks (VNETs) and VMs—again, running IIS and SQL. Because you are running in Microsoft's data centers, you no longer need to worry about the physical aspects of the underlying hardware.

Microsoft ensures their data centers have all the necessary physical security systems, including personnel, monitoring, and access processes. They also worry about hardware maintenance and BIOS updates, as well as the resilience of the underlying hypervisor layer that all the VMs run on.

You must still, however, maintain the software and operating systems of those VMs. You need to ensure they are patched regularly with the latest security and improvement updates. You must architect your solution to provide application-level resilience, perhaps by building your SQL database as a failover cluster over multiple VMs; similarly, your web application may be load-balanced across a farm of IIS servers.

Microsoft maintains network access in general, through its networking and firewall hardware. However, you are still responsible for configuring certain aspects to ensure only the correct ports are open to valid sources and destinations.

A typical example of this split in responsibility is around access to an application. Microsoft ensures protection around the general Azure infrastructure, but it provides the relevant tools and options to allow you to set which ports are exposed from your platform. Through the use of network security groups (NSGs) and firewall appliances, you define source and destination firewall rules just as you would with a physical firewall device in your data center. If you misconfigure a rule, you're still open to attack—and that's your responsibility.

PaaS

As we move toward PaaS, accountability shifts again. With Azure SQL databases and Azure web apps, Microsoft takes full responsibility for ensuring all OS-level patches are applied; it ensures the platforms that run Azure SQL databases and Azure web apps are resilient against hardware failure.

Your focus now moves toward the configuration of these appliances. Again, for many services, this includes setting the appropriate firewalls. However, depending on your corporate governance rules, this needs to be well planned.

By default, communications from a web app to a backend Azure SQL database are over the public network. Although it is, of course, contained within Microsoft's network, it is technically open. To provide more secure connectivity, Azure provides the option to use service connections—direct communication over its internal backbone—but this needs specifically configuring at the web app, the SQL service, and the VNET level.

As the methods of those who wish to circumvent these systems become increasingly sophisticated, further controls are required. For web applications, the use of Web Application Firewall (WAF) is an essential part of this—as the architect, you must ensure they are included in your designs and configured correctly; they are not included by default.

Important note

Even though Microsoft spends billions of dollars a year on securing the Azure platform, unless you carefully architect your solutions, you are still vulnerable to attack. Making an incorrect assumption about where your responsibility lies leads to designing systems that are exposed—remember, many cloud platforms' networking is open by default; it has to be, and you need to ensure you fully understand where the lines are drawn.

Throughout this chapter, we have covered how changing technologies have significantly impacted how we design and build solutions; however, so far, the discussion has been around the technical implementation.

As software and infrastructure become closely aligned, teams implementing solutions have started to utilize the same tools as developers, which has changed the way projects are managed.

This doesn't just affect the day-to-day life of an architect; it has yet another impact on the way we design those solutions as well.

arrow left Previous Section
Section 5 of 7
Next Section arrow right
You have been reading a chapter from
Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond
Published in: Jul 2021 Publisher: Packt ISBN-13: 9781800566934
© 2021 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Authors (1)

Left arrow icon
Profile icon Brett Hargreaves
LinkedIn
Brett Hargreaves is a principal Azure consultant for Iridium Consulting, who has worked with some of the world's biggest companies, helping them design and build cutting-edge solutions. With a career spanning infrastructure, development, consulting, and architecture, he's been involved in projects covering the entire solution stack using Microsoft technologies. He loves passing on his knowledge to others through books, blogging, and his online training courses.
Read more
See other products by Brett Hargreaves
Right arrow icon

Other recommended products

Related to this chapter
Left arrow icon
Implementing Microsoft Azure Architect Technologies: AZ-303 Exam Prep and Beyond
Implementing Microsoft Azure Architect Technologies: AZ-303 Exam Prep and Beyond
Read more
Microsoft Azure Architect - Exam Guide AZ-303 is a complete guide to mastering topics related to Azure Architect practices. With detailed coverage of concepts and techniques, you’ll gain the knowledge and skills required to take and pass the AZ-303 exam and become a Microsoft Azure Architect expert.
Read more
Dec 2020 18 hours 16 minutes
Microsoft Azure Architect Technologies: Exam Guide AZ-300
Microsoft Azure Architect Technologies: Exam Guide AZ-300
Read more
Microsoft Azure Architect Technologies: Exam Guide AZ-300 is a complete guide that will help you master topics related to Azure architect practices. Using this guide, you will have all the information required to take the AZ-300 exam and become a Microsoft Azure Architect expert.
Read more
Jan 2020 18 hours 0 minutes
Microsoft Azure Administrator – Exam Guide AZ-103
Microsoft Azure Administrator – Exam Guide AZ-103
Read more
Microsoft Azure Administrator- Exam Guide AZ-103 is a complete guide that will help you master topics related to Azure administrator practices. Using this guide, you will have all the information required to ace the AZ-103 exam and become a Microsoft Azure administrator expert.
Read more
May 2019 15 hours 4 minutes
Mastering Azure Security
Mastering Azure Security
Read more
Mastering Azure Security enables you to implement top-level security in your Azure tenant. With a focus on cloud security, this book will look at the architectural approach on how to design your Azure solutions to keep and enforce resources secure.
Read more
May 2020 8 hours 44 minutes
Implementing DevOps with Microsoft Azure
Implementing DevOps with Microsoft Azure
Read more
This book will walk you through all the concepts and tools that Microsoft Azure has to offer and how these can be used in the DevOps environment. You will be introduced to use and management of Visual Studio Team Services (VSTS), so that you can understand the structure of the application that we will use as a sample throughout the book. You will understand the nitty gritty of Continuous Integration and Continuous Development with Microsoft Azure Apps. You will not only learn how to create App Service Environment (ASE) but also how you can provide detailed comparison on Azure Web Apps and ASE to enhance security.
Read more
Apr 2017 14 hours 4 minutes
Microsoft 365 Security Administration: MS-500 Exam Guide
Microsoft 365 Security Administration: MS-500 Exam Guide
Read more
MS-500: Microsoft 365 Security Administration offers complete, up-to-date coverage of the MS-500 exam so you can take it with confidence, fully equipped to pass the first time.
Read more
Jun 2020 22 hours 24 minutes
Learning Microsoft Azure Storage
Learning Microsoft Azure Storage
Read more
Microsoft Azure Storage is the bedrock of Microsoft's core storage solution offering in Azure. No matter what solution you are building for the cloud, you'll find a compelling use for Azure Storage. This book will help you get up-to-speed quickly on Microsoft Azure Storage by teaching you how to use the different storage services. You will be able to leverage secure design patterns based on real-world scenarios and develop a strong storage foundation for Azure virtual machines.
Read more
Nov 2017 9 hours 12 minutes
Learn Microsoft Azure
Learn Microsoft Azure
Read more
Microsoft Azure is a cloud computing platform that helps you build, deploy, and manage applications to overcome your business challenges. This book covers the commonly used Azure services and also explains how you effectively integrate and utilize them.
Read more
Dec 2018 11 hours 48 minutes
Implementing Microsoft Azure Infrastructure Solutions: Exam Guide 70-533
Implementing Microsoft Azure Infrastructure Solutions: Exam Guide 70-533
Read more
This book focuses on skills and knowledge for provisioning and managing services in Microsoft Azure. This includes implementing infrastructure components such as virtual networks, virtual machines, containers, web and mobile apps, storage, planning and managing Azure AD and configuring Azure AD integration with on-premises Active Directory domains.
Read more
Aug 2018 17 hours 12 minutes
Implementing Hybrid Cloud with Azure Arc
Implementing Hybrid Cloud with Azure Arc
Read more
Azure Arc helps in simplifying the governance and monitoring of your infrastructure and gives you a single pane view across hybrid architectures deployed over multiple clouds or on-premises. If you are new to multi-cloud or cloud with Edge infrastructure, this book will provide a comprehensive introduction and get you up-to-speed in no time.
Read more
Jul 2021 8 hours 4 minutes
Hands-On Networking with Azure
Hands-On Networking with Azure
Read more
Customizing networks and controlling the traffic flow is becoming a must for all the modern solutions, even if these solutions exist on Azure, on-premises or a combination of both. In this book, you will learn all Azure networking solutions and spanning them across Azure and On-premises, and how to build a highly available environment by them.
Read more
Mar 2018 9 hours 12 minutes
Professional Azure SQL Managed Database Administration
Professional Azure SQL Managed Database Administration
Read more
Whether it is learning different techniques to monitor and tune an Azure SQL database or improving performance using in-memory technology, this book will enable you to make the most out of Azure SQL database features and functionality for data management solutions.
Read more
Mar 2021 24 hours 8 minutes
Right arrow icon

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
Designing and Implementing Microsoft Azure Networking Solutions
Designing and Implementing Microsoft Azure Networking Solutions
Read more
Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.
Read more
Aug 2023 17 hours 28 minutes
Microsoft 365 Security, Compliance, and Identity Administration
Microsoft 365 Security, Compliance, and Identity Administration
Read more
The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.
Read more
Aug 2023 21 hours 0 minutes
Zero Trust Overview and Playbook Introduction
Zero Trust Overview and Playbook Introduction
Read more
Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.
Read more
Oct 2023 8 hours 0 minutes
The Self-Taught Cloud Computing Engineer
The Self-Taught Cloud Computing Engineer
Read more
This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.
Read more
Sep 2023 15 hours 44 minutes
Technology Operating Models for Cloud and Edge
Technology Operating Models for Cloud and Edge
Read more
This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.
Read more
Aug 2023 7 hours 36 minutes
Azure Architecture Explained
Azure Architecture Explained
Read more
Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.
Read more
Sep 2023 14 hours 52 minutes
Pentesting Active Directory and Windows-based Infrastructure
Pentesting Active Directory and Windows-based Infrastructure
Read more
This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.
Read more
Nov 2023 12 hours 0 minutes
Practical Ansible
Practical Ansible
Read more
In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.
Read more
Sep 2023 14 hours 0 minutes
Windows 11 for Enterprise Administrators
Windows 11 for Enterprise Administrators
Read more
Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.
Read more
Oct 2023 9 hours 32 minutes
The Linux DevOps Handbook
The Linux DevOps Handbook
Read more
This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.
Read more
Nov 2023 14 hours 16 minutes
Right arrow icon