Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Implementing Microsoft Azure Architect Technologies: AZ-303 Exam Prep and Beyond
  • Table Of Contents Toc
  • Feedback & Rating feedback
Implementing Microsoft Azure Architect Technologies: AZ-303 Exam Prep and Beyond

Implementing Microsoft Azure Architect Technologies: AZ-303 Exam Prep and Beyond

By : Sjoukje Zaal, Brett Hargreaves
5 (4)
close
Implementing Microsoft Azure Architect Technologies: AZ-303 Exam Prep and Beyond

Implementing Microsoft Azure Architect Technologies: AZ-303 Exam Prep and Beyond

5 (4)
By: Sjoukje Zaal, Brett Hargreaves

Overview of this book

From designing solutions on Azure to configuring and managing virtual networks, the AZ-303 certification validates your knowledge and skills for all this and much more. Whether you want to take the certification exam or gain hands-on experience in administering, developing, and architecting Azure solutions, this study guide will help you get started. Divided into four modules, this book systematically takes you through the wide range of concepts and features covered in the AZ-303 exam. The first module demonstrates how to implement and monitor infrastructure. You'll develop the skills required to deploy and manage core Azure components such as virtual machines, networking, storage, and Active Directory (AD). As you progress, you'll build on that knowledge and learn how to create resilient and secure applications before moving on to working with web apps, functions, and containers. The final module will get you up to speed with data platforms such as SQL and Cosmos DB, including how to configure the different high availability options. Finally, you'll solve mock tests and assess yourself with the answers provided to get ready to take the exam with confidence. By the end of this book, you'll have learned the concepts and techniques you need to know to prepare for the AZ-303 exam and design effective solutions on Microsoft Azure.
Table of Contents (25 chapters)
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: Implement and Monitor Azure Infrastructure
Section 1: Implement and Monitor Azure Infrastructure
Free Chapter
2
Chapter 1: Implementing Cloud Infrastructure Monitoring
chevron up
Chapter 1: Implementing Cloud Infrastructure Monitoring
Technical requirements
Understanding Azure Monitor
Creating and analyzing metrics and alerts
Creating a baseline for resources
Configuring diagnostic settings on resources
Viewing alerts in Log Analytics
Utilizing log search query functions
Using Network Watcher
Monitoring security
Managing costs
Questions
Further reading
3
Chapter 2: Creating and Configuring Storage Accounts
Chapter 2: Creating and Configuring Storage Accounts
Technical requirements
Understanding Azure Storage accounts
Creating and configuring a storage account
Installing and using Azure Storage Explorer
Configuring network access to the storage account
SAS tokens and access keys
Implementing Azure Storage replication and failover
Summary
Questions
Further reading
4
Chapter 3: Implementing and Managing Virtual Machines
Chapter 3: Implementing and Managing Virtual Machines
Technical requirements
Understanding VMs
Understanding Availability Sets
Understanding how to provision VMs
Understanding VM scale sets
Modifying and deploying ARM templates
Deploying resources with Azure DevOps
Configuring Azure Disk Encryption for VMs
Azure Dedicated Host
Summary
Questions
Further reading
5
Chapter 4: Implementing and Managing Virtual Networking
Chapter 4: Implementing and Managing Virtual Networking
Technical requirements
Understanding Azure VNets
Understanding IP addresses
Configuring VNets and subnets
Configuring private and public IP addresses
User-defined routes
Summary
Questions
Further reading
6
Chapter 5: Creating Connectivity between Virtual Networks
Chapter 5: Creating Connectivity between Virtual Networks
Technical requirements
Understanding VNet peering
Creating and configuring VNet peering
Understanding VNet-to-VNet
Verifying your virtual network's connectivity
VNet peering versus VNet-to-VNet connections
Summary
Questions
Further reading
7
Chapter 6: Managing Azure Active Directory (Azure AD)
Chapter 6: Managing Azure Active Directory (Azure AD)
Understanding Azure AD
Creating and managing users and groups
Configuring a self-service password reset
Understanding Conditional Access policies and security defaults
Working with Azure AD join
Adding custom domains
Summary
Questions
Further reading
8
Chapter 7: Implementing Multi-Factor Authentication (MFA)
Chapter 7: Implementing Multi-Factor Authentication (MFA)
Understanding Azure MFA
Configuring user accounts for MFA
Configuring verification methods
Configuring trusted IPs
Configuring fraud alerts
Configuring bypass options
Summary
Questions
Further reading
9
Chapter 8: Implementing and Managing Hybrid Identities
Chapter 8: Implementing and Managing Hybrid Identities
Understanding Azure AD Connect
Installing Azure AD Connect
Managing Azure AD Connect
Managing password synchronization and password writeback
Using Azure AD Connect Health
Summary
Questions
Further reading
10
Section 2: Implement Management and Security Solutions
Section 2: Implement Management and Security Solutions
11
Chapter 9: Managing Workloads in Azure
Chapter 9: Managing Workloads in Azure
Understanding Azure Migrate
Selecting Azure Migrate tools
Migrating on-premises servers to Azure
Using Azure Update Management
Protecting VMs with Azure Backup
Implementing disaster recovery
Summary
Questions
Further reading
12
Chapter 10: Implementing Load Balancing and Networking Security
Chapter 10: Implementing Load Balancing and Networking Security
Technical requirements
Understanding load balancing options
Implementing Azure Load Balancer
Implementing Azure Traffic Manager
Understanding Azure Application Gateway
Understanding Azure Front Door
Choosing the right options
Implementing network security and application security groups
Understanding Azure Firewall
Using Azure Bastion
Summary
Questions
Further reading
13
Chapter 11: Implementing Azure Governance Solutions
Chapter 11: Implementing Azure Governance Solutions
Technical requirements
Understanding governance and compliance
Understanding RBAC
Configuring access to Azure resources by assigning roles
Configuring management access to Azure
Creating a custom role
Azure Policy
Implementing and configuring Azure Blueprints
Using hierarchical management
Summary
Questions
Further reading
14
Section 3: Implement Solutions for Apps
Section 3: Implement Solutions for Apps
15
Chapter 12: Creating Web Apps Using PaaS and Serverless
Chapter 12: Creating Web Apps Using PaaS and Serverless
Technical requirements
Understanding App Service
Understanding App Service plans
Using deployment slots
Setting up automatic scaling
Understanding WebJobs
Understanding diagnostic logging
Using Azure Functions
Building Azure Logic Apps
Summary
Questions
Further reading
16
Chapter 13: Designing and Developing Apps for Containers
Chapter 13: Designing and Developing Apps for Containers
Technical requirements
Understanding ACI
Understanding Web App for Containers
Understanding AKS
Summary
Questions
Further reading
17
Chapter 14: Implementing Authentication
Chapter 14: Implementing Authentication
Technical requirements
Understanding Azure App Service authentication
Implementing Active Directory authentication
Implementing authentication using certificates
Understanding and implementing OAuth2 authentication in Azure AD
Understanding and implementing managed identities
Summary
Questions
Further reading
18
Section 4: Implement and Manage Data Platforms
Section 4: Implement and Manage Data Platforms
19
Chapter 15: Developing Solutions that Use Cosmos DB Storage
Chapter 15: Developing Solutions that Use Cosmos DB Storage
Technical requirements
Understanding the differences between NoSQL and SQL
Understanding Cosmos DB
Creating, reading, updating, and deleting data using the appropriate APIs
Understanding partitioning schemes
Setting the appropriate consistency level for operations
Creating replicas
Summary
Questions
Further reading
20
Chapter 16: Developing Solutions that Use a Relational Database
Chapter 16: Developing Solutions that Use a Relational Database
Technical requirements
Understanding Azure SQL Database
Provisioning and configuring an Azure SQL database
Creating, reading, updating, and deleting data tables using code
Configuring elastic pools for Azure SQL Database
Configuring high availability
Implementing Azure SQL Database managed instances
Publishing a SQL database
Summary
Questions
Further reading
21
Chapter 17: Mock Exam Questions
Chapter 17: Mock Exam Questions
22
Chapter 18: Mock Exam Answers
Chapter 18: Mock Exam Answers
23
Assessments
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Chapter 15
Chapter 16
24
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Using Network Watcher

Azure provides the Network Watcher tool for monitoring and investigating problems between devices on a Virtual Network (VNET), including the following:

  • Connection Monitoring
  • Performance Monitoring
  • Diagnostics
  • Network Security Group flow logs

    Important note

    A VNET is a private network you can create in your Azure subscription. VNETs are defined with set IP ranges, which in turn can be sub-divided into subnets. Some Azure services, such as VMs, must be connected to a VNET. Other services, such as App Services and Azure SQL, can optionally use VNETs to ensure traffic between them is direct and secure.

You can also see a topology map of devices to understand better the various components involved in the communication flow.

The first step in setting up the Network Watcher capabilities is to ensure it has been enabled for the region(s) you are using by following these steps:

  1. Navigate to the Azure portal by opening https://portal.azure.com.
  2. In the left-hand menu, select or search for Network Monitor:
    Figure 1.15 – Enabling Network Watcher per Region

    Figure 1.15 – Enabling Network Watcher per Region

  3. If the region that contains the resources you wish to monitor is set to Disabled, click the ellipses at the right and select Enable network watcher.
  4. On the left-hand menu, select the Topology, then select a resource group that contains resources you wish to view. In the following screenshot, I am choosing a group that includes a simple VM:
Figure 1.16 – Network Monitor Topology view

Figure 1.16 – Network Monitor Topology view

Once Network Watcher has been enabled for your region, we can now start to use the different tools, such as Connection Monitor, to troubleshoot and fix common communication problems.

Connection Monitor

When services are running, you may want to be alerted to issues with connectivity. An example might be a web server that needs to maintain a connection to a backend database server. However, the destination can be another VM, a URI, or an IP address. The URI or IP address can be either an internal resource in your Azure subscription or an external resource.

Connection Monitor allows us to set up continual monitors that can trigger alerts when communications are interrupted:

  1. Still in Network Watcher, on the left-hand menu, select Connection Monitor.
  2. Click Add to create a Connection Monitor.
  3. Complete the details to define a source, target, and port. For this example, instead of monitoring connection to another server, we will monitor connections to the internet, specifically to the Packt Publishing website:

    a) Name: InternetConnection

    b) Virtual Machine: Source VM you wish to monitor

    c) Destination:

    --Specify Manually

    --URI: www.packtpub.com

    d) Port: 443

  4. Click Add:
Figure 1.17 – Connection Monitor setup example

Figure 1.17 – Connection Monitor setup example

Once set up, you can select the Connection Monitor you have just created, and it will show basic details of the status and flow of traffic from source to destination. You can also set the time period to see data from the past hour up to the past 30 days as shown in the following screenshot:

Figure 1.18 – Connection Monitor example

Figure 1.18 – Connection Monitor example

Connection Monitor is great for initial investigations and for setting up alerts; for more complex issues we use advanced options such as the Diagnostics tooling.

Diagnostics

When you encounter connectivity issues, Network Watcher diagnostics offers a range of tools to help pinpoint the problem.

The first step in troubleshooting connectivity issues is to confirm that traffic is flowing.

IP Flow Verify

IP Flow Verify allows you to confirm the flow of traffic from a source to a destination is working. Set up a typical test by performing the following steps:

  1. From the Network Watcher blade, select IP flow verify from the left-hand menu.
  2. Select your VM and network interface you wish to test.
  3. Select the desired protocol (TCP or UDP).
  4. Select the direction of traffic you want to check.
  5. Confirm the local (source) IP address and port your traffic flows on.
  6. Enter the remote (destination) IP address and port.

The following figure shows an example request. When the Check button is clicked, we can see a status response returned. In the example, we can see the request has failed, but importantly we see it failed because of the DenyAllOutbound Network Security Group rule:

Figure 1.19 – IP flow verify example

Figure 1.19 – IP flow verify example

IP flow verify helps to confirm that end-to-end communication is functioning, but if you do find problems you can use other Network Watcher tools to continue your investigations.

Next Hop

The subsequent step in identifying communications issues could be to understand the route traffic takes from point a to point b, and the Next Hop service helps with this:

  1. Still in Network Watcher, in the left-hand menu, click Next Hop.
  2. Define the source VM you wish to check connectivity from.
  3. Enter the IP address of the service you are attempting to reach and click the Next Hop button.

The example in the following screenshot shows the next hop to the IP address (one of the Bing.com addresses) is the Azure Internet egress appliance, and the route to it has been defined in the system route table (route tables will be covered in Chapter 4, Implementing and Managing Virtual Networking):

Figure 1.20 – Next Hop configuration example

Figure 1.20 – Next Hop configuration example

Depending on the results from the IP flow verify and Next Hop tools, the next step in your troubleshooting process may be to look at access issues.

Viewing effective security rules

A common cause of issues is a misconfiguration of Network Security Groups (NSG) between devices. We cover NSGs in Chapter 10, Implementing Load Balancing and Network Security. In brief, they allow you to define firewall rules on VNETs or devices.

Restrictions on allowed IP addresses and ports can be set in multiple layers, and as such, can become complex and challenging to manage. For this reason, you can use the effective security rules option:

  1. Still in Network Watcher, in the left-hand menu, click Effective security rules.
  2. Select the Subscription, Resource group, and Virtual machine you wish to check. The following screenshot shows an example:
    Figure 1.21 – Configuring the effective security rules option

    Figure 1.21 – Configuring the effective security rules option

  3. Once your VM has been selected, the effective rules will be listed, separated by NSG, Inbound rules, and Outbound rules. The following screenshot shows a typical result:
Figure 1.22 – Example of effective NSG rules in action

Figure 1.22 – Example of effective NSG rules in action

We will now have a look at using Packet Capture to examine the data.

Packet Capture

When everything looks OK but you are still experiencing issues, you may need to look in detail at the actual traffic being sent and received. Specialist tools are available for analyzing packet information, and through the Network Watcher, you can set up Packet Capture to collect data for a specific amount of time and then examine that traffic:

  1. Still in Network Watcher, in the left-hand menu, click Packet Capture.
  2. Select your VM.
  3. Choose whether to store the Packet Capture data in a storage account (we cover storage accounts and how to create them in Chapter 2, Creating and Configuring Storage Accounts), in the VM itself, or both.
  4. Optionally set the maximum and minimum bytes per capture or a time limit.

    The following screenshot shows an example of what this looks like:

    Figure 1.23 – Example packet capture setup

    Figure 1.23 – Example packet capture setup

  5. Optionally click +Add Filter to enter more precise details of the source and destination for which you want to capture data, as in the following screenshot:
    Figure 1.24 – Packet capture filters

    Figure 1.24 – Packet capture filters

  6. Click Save.
  7. The capture session will automatically start; let it run for a few minutes.
  8. Stop the capture by clicking the ellipsis at the right of the session you created and click Stop.
  9. Click on the session, and the file link will be presented in the lower pane.
  10. Click on the capture link to download it.

    The following screenshot shows an example of how this might look:

Figure 1.25 – Example Packet Capture

Figure 1.25 – Example Packet Capture

The Packet Capture can then be opened in a viewing tool for a detailed examination of the traffic. The following screenshot shows an example of how this might look:

Figure 1.26 – Example traffic details from a Packet Capture

Figure 1.26 – Example traffic details from a Packet Capture

As we have seen, Network Watcher is a robust set of tools to help identify issues with connectivity and to provide a detailed analysis of the flow of traffic. Also, it is important for monitoring traffic and events for security purposes.

End of Section 9
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete