Tohuwabohu excorcism

User Tools

Site Tools

Trace: azure
cloud:azure

Table of Contents

Azure

Login on Console

To execute console commands do 


# login
az login

az account set --subscription a1a96cc4-4aa4-4c58-a53d-808b88bb4fb4

az account tenant list
az account show


# logout
az account clear

Azure Messaging services

Intro https://learn.microsoft.com/en-us/azure/architecture/aws-professional/messaging

AWS service Azure service
Simple Queue Service (SQS) QUEUE
Simple Notification Service (SNS) Service Bus
Amazon EventBridge Event Grid
Amazon Kinesis Event Hubs
Amazon MQ Service Bus

Azure physical infrastructure

https://learn.microsoft.com/en-us/training/modules/describe-core-architectural-components-of-azure/5-describe-azure-physical-infrastructure

Availability Zones

Region pairs
  • Planned Azure updates are rolled out to paired regions one region at a time to minimize downtime and risk of application outage.

Azure management infrastructure

6-describe-azure-management-infrastructure

Azure resources and resource groups
  • Resource groups are simply groupings of resources.
  • When you create a resource, you’re required to place it into a resource group.
  • There aren’t hard rules about how you use resource groups, so consider how to set up your resource groups to maximize their usefulness for you

Azure subscriptions
  • Billing boundary: This subscription type determines how an Azure account is billed for using Azure. You can create multiple subscriptions for different types of billing requirements. Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs.
  • Access control boundary: Azure applies access-management policies at the subscription level, and you can create separate subscriptions to reflect different organizational structures. An example is that within a business, you have different departments to which you apply distinct Azure subscription policies. This billing model allows you to manage and control access to the resources that users provision with specific subscriptions.

Azure management groups
  • You organize subscriptions into containers called management groups and apply governance conditions to the management groups.
  • All subscriptions within a management group automatically inherit the conditions applied to the management group,
    • the same way that resource groups inherit settings from subscriptions and
    • resources inherit from resource groups.

  • E.g. You could limit VM locations to the US West Region in a group called Production.

ESXi

Bare Metal Hypervisor

https://www.parallels.com/blogs/ras/vmware-esxi/

Virtual SAN (vSAN)

VMware vSAN ist eine Storage-Virtualisierungssoftware für Unternehmen, die Hyper-Converged Infrastructure (HCI) unterstützt.

VMware vSAN fasst lokale und direkt angeschlossene Datenspeichergeräte in einem VMware vSphere-Cluster zusammen, um einen einzigen Datenspeicher zu erstellen, den alle Hosts in einem vSAN-Cluster gemeinsam nutzen. VMware vSAN ist in den VMware-Hypervisor, ESXi, integriert.

vSphere

Der vCenter Server dient der Verwaltung einer vSphere-Infrastruktur. Er umfasst Funktionen zum Erzeugen, Löschen oder Ändern von virtuellen Data Centern

Azure API Management

Policies

Evaluation order

Policies are executed sequentially based on their placement within the policy configuration.

Network

public / private subnets

Comparison of AWS public / private subnets with Azure: https://devblogs.microsoft.com/premier-developer/differentiating-between-azure-virtual-network-vnet-and-aws-virtual-private-cloud-vpc/

see Default outbound access in Azure https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/default-outbound-access

https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

Azure Data Ops

Data Management Landing Zone:

Source: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/cloud-scale-analytics/architectures/data-management-landing-zone

2) Data Landing Zone:

Source: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/cloud-scale-analytics/architectures/data-landing-zone

IAM and Role Based Access Control

see https://learn.microsoft.com/en-us/training/modules/describe-azure-identity-access-security/6-role-based-access-control

Azure Custom Roles:

IAM and Role Based Access Control 

{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for send access to Azure Service Bus resources.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
  "name": "69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
  "permissions": [
    {
      "actions": [
        "Microsoft.ServiceBus/*/queues/read",
        "Microsoft.ServiceBus/*/topics/read",
        "Microsoft.ServiceBus/*/topics/subscriptions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ServiceBus/*/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Service Bus Data Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Custom role, which allows to assign roles to Azure API Managers. 

{
  "Name": "APIM Role Assignment Manager",
  "IsCustom": true,
  "Description": "Allows managing role assignments for Azure API Management",
  "Actions": [
    "Microsoft.Authorization/*/write",
    "Microsoft.Authorization/*/delete"
  ],
  "NotActions": [],
  "DataActions": [],
  "NotDataActions": [],
  "AssignableScopes": [
    "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.ApiManagement/service/<apim-service-name>"
  ]
}

cloud/azure.txt · Last modified: 2024/07/22 20:15 by skipidar