Azure for Administrators

The training is a three-day intensive program aimed at system administrators who want to deepen their knowledge of the key aspects of infrastructure management in the Azure cloud.

It focuses on equipping participants with the practical knowledge and skills necessary to effectively and securely manage various aspects of Azure infrastructure.

Topics related to computing infrastructure, data storage, security, automation, cost control, log collection and platform monitoring will be covered.

Key Issues:

• Azure Computing Infrastructure: Learning to manage computing infrastructure, including virtual machines, containers, and App Service services.
• Data Storage in the Cloud: Understand various data storage services, including Azure Blob Storage, File Storage, Queue Storage, and Table Storage.
• Security in Azure: Learn best practices for securing infrastructure, applications, and data in Azure.
• Automation in Azure: Leverage tools such as Azure Resource Manager, Terraform, and Bicep to automate infrastructure management.
• Cost Control in the Cloud: Understand the optimization of costs associated with cloud infrastructure, including service cost management and expense monitoring.
• Log Collection and Monitoring: Learn how to use tools like Azure Monitor, Log Analytics, and Application Insights to collect logs and monitor the platform.

Start, welcome etc (15 min)

Key Vault and Managed Identity (60 min)

This module focuses on Azure Key Vault and Managed Identity, which are key elements of a secure architecture in Azure.

Participants will learn how to effectively use these services to secure data, manage secrets, keys, and certificates, and manage access and authentication. This module will provide you with the practical skills and knowledge necessary to secure applications and services in Azure.

Main Issues:

• Service Levels (SKUs): Understand the different service levels available in Azure Key Vault.
• Secrets, Keys and Certificates: Learn how to manage secrets, keys, and certificates using Azure Key Vault.
• Access Management — Access Policies vs RBAC: Comparison and application of access policies and Role-Based Access Control (RBAC) in the context of access management.
• Access to Values and Authentication: The use of various access and authentication methods, including access from code, through environment variables and identities with on-prem.
• Integration with Services on the Example of App Services: Practical examples of Key Vault integration with other Azure services, such as App Services.
• Integration with CA: Understand the process of integrating Azure Key Vault with certification services.
• Manual Identity Retrieval and Request Authentication: Learn advanced authentication and identity management techniques.

‍

Azure Container Registry (30 min)

This module focuses on the Azure Container Registry (ACR), a key component in managing Docker images in the Azure cloud.

Participants will learn how to effectively publish and manage Docker images using ACR, which is essential before running them in a production environment. This module emphasizes that ACR is more than just a Docker registry, offering a number of advanced features and capabilities.

Main Issues:

• Service Levels (SKUs): Understand the different service levels available in ACR and their applications.
• Login and Security: Overview of security and login aspects in the context of container image management.
• Integration with Local Docker: Learn how to integrate ACR with an on-premises Docker environment for easy image management.
• Remote Builds and Other Tasks: Overview of remote builds and other tasks that can be accomplished with ACR.
• Secure Image Download: Techniques for secure download and management of containerized images.
• Cost Optimization: Strategies to minimize costs while maximizing efficiency and security in Docker image management.

‍

Storage Account (120 min)

This module focuses on Storage Account, one of Azure's core services, which is often mistakenly seen only as a place to store files.

Participants will learn about a wide range of Storage Account capabilities, including Azure Blob Storage, Azure Queue Storage, and Azure Table Storage.

This module will provide you with knowledge of architecture, performance, data replication, entitlement management, and cost optimization, as well as teach you how to deal with concurrency issues.

Main Issues:

Azure Blob Storage:

• Architecture and Performance: Understand the architecture and performance capabilities of Blob Storage.
• Data Replication and Soft Delete: Overview of replication options and the Soft Delete mechanism.
• Access and Permissions: Manage access and permissions, including Access Keys and SAS tokens.
• Object Lifecycle Management: Learning about the life cycle of objects and their management.
• Concurrency Problems: Optimistic and pessimistic locking techniques.
• Costs: Cost optimization strategies.

Azure Queue Storage:

• Architecture and Constraints: Fundamentals of Queue Storage Architecture and Constraints.
• Application and Good Practices: Practical use of Queue Storage and best practices.
• Cost Optimization: How to manage costs effectively when using Queue Storage.

Azure Table Storage:

• Architecture and Constraints: Understand the architecture and constraints of Table Storage.
• Data Modeling: Learning how to model data in wide-column databases.
• Transactions, Atomicity and ETG: An Overview of Atomicity Transactions and Guarantees.
• Application: Practical applications of Table Storage.
• Cost Optimization: Cost reduction techniques when using Table Storage.

‍

Infrastructure as Code (IAc) - Biceps/Terraform (180 min)

This module focuses on managing Azure cloud infrastructure with code, using tools such as Terraform or Biceps.

Participants will learn why manual infrastructure management through user interfaces is becoming obsolete and how code management can minimize cost, knowledge transfer and security risks.

This module will provide you with practical skills in the operation of the selected tool, syntax, looping and conditional actions, as well as best practices in IAc.

Main Issues:

• Why Manage Infrastructure With Code: Understanding the benefits of IAc and why it is the preferred approach.
• Operation Tools: Introduction to how Terraform/Biceps work and their role in Azure infrastructure management.
• Syntax: Learning the basic syntax used in Terraform/Biceps.
• Loops and Conditional Actions: Implementation of loops and conditional actions in infrastructure code.
• Passing and Returning Variables: Managing variables and passing them between modules.
• Modules: Learning how to create and use modules for effective infrastructure management.
• Good Practices: Presentation of best practices in the field of IAc.
• Integration in CI/CD: Use of IaC as part of Continuous Integration/Continuous Deployment processes.

‍

Fundamentals of GitHub Actions/Azure DevOps pipelines (180 min)

This module focuses on GitHub Actions, one of the leading tools in automating Continuous Integration and Continuous Deployment (CI/CD) processes.

Participants in the module will gain practical knowledge of the architecture and operation of GitHub Actions, learning how to effectively use this tool to implement a variety of scenarios in the context of CI/CD.

The module also covers topics such as the use of ready-made actions, workflow configuration, variable management, conditional executions, secret variable management, deployment strategies, and artifact management.

Main Issues:

• GitHub Actions Architecture and Operation: Introduction to GitHub Actions and its role in CI/CD processes.
• Use of Finished Shares: Learn how to use ready-made actions available in GitHub Actions.
• Workflow structure (Stepy and Joby): Understand the workflow structure, including steps and jobs.
• Triggers: Overview of the different types of triggers that initiate a workflow.
• Variables, Expression Evaluation, and Variable Passing: Management of variables, their transmission and evaluation.
• Conditional Executions: Implementation of conditional execution in workflow.
• Secret Variables: Management of secret variables at the repository and organization level.
• Context: Understanding context and its application in GitHub Actions.
• Strategie: Overview of deployment strategies and their configuration.
• Artifacts: Managing and using artifacts in a workflow.

‍

Networks in Azure (180 min)

This module provides a comprehensive introduction to Azure Networking by introducing you to basic networking issues and services in an Azure environment.

Participants will learn how to design and configure networks in Azure, adapting them to different business scenarios. The module includes hands-on workshops on network configuration, including Network Security Groups (NSG), User-Defined Routes (UDR), Service Endpoints, and Private Endpoints.

Topics on connecting networks for better performance and scalability, and network security issues will also be addressed. Participants will also learn how to monitor, diagnose, and manage networks in Azure.

Main Issues:

• Basics of Azure Networking: Introduction to key aspects of networking in Azure.
• Examples of Network Architectures: Overview of different network architectures tailored to specific business needs.
• Practical Workshops on Network Configuration: Learn how to configure NSG, UDR, Service Endpoints, and Private Endpoints.
• Networking for Performance and Scalability: Understand peering, VPN, ExpressRoute, remote gateway and gateway transit.
• Network Security: Overview of network security practices in Azure.
• Network Monitoring and Management: Learn how to use network monitoring and diagnosis tools in Azure.

‍

Private Links (60 min)

This module focuses on Private Links, one of the key elements of a secure cloud architecture used to protect public services from unauthorized external access.

Participants will learn why Private Links are important, how to set them up, manage their DNS, and the costs associated with them.

This module is particularly relevant for understanding the protection of cloud services and maintaining data security in a cloud environment.

Main Issues:

• Why Private Links?: Understand the importance of Private Links in the context of cloud architecture security.
• Configuration: Practical tips for setting up Private Links to effectively protect public services.
• DNS Assignment: Learn to manage DNS settings for Private Links to enable secure and private connections.
• Costs: Analysis of the costs associated with the implementation and maintenance of Private Links in a cloud environment.

‍

Bastion (60 min)

This module focuses on Bastion in the cloud, which eliminates the need to manage traditional jump boxes (intermediary machines) in the IT infrastructure.

Participants in the module will learn how Bastion can facilitate secure connections to virtual machines without having to expose them directly to the Internet.

This module covers the use of Bastion, its configuration, the connection process, and the analysis of the costs associated with its implementation and use.

Main Issues:

• Application: Explains how and why to use Bastion in the context of secure remote access.
• Configuration: Practical tips for configuring Bastion, including network and security settings.
• Making a Connection: Overview of the process of establishing a secure connection to virtual machines using Bastion.
• Costs: Analysis and considerations of the costs associated with the implementation and operation of Bastion in the cloud infrastructure.

‍

Log Analytics (90 min)

One of the huge advantages of using the cloud is the built-in monitoring at a wide range of levels - from the virtual machine itself to the application. All this data flows into one place - Log Analytics.

At first, it may seem strange and unintuitive with its query language which is very different in usability from, for example, Elastic Search. However, this otherness gives very large and interesting opportunities. You just have to be able to use them:)

Topics covered:

• Architecture and operation
• Access Models
• Data sources
• Data collection
• Submitting Enquiries
• Data sources
• Basic Inquiries
• Aggregation
• functions
• Grupos de computador
• Queries in service logs
• Query Optimization
• Visualization
• Alerts
• Cost Optimization

‍

Azure Monitor (90 min)

Azure Monitor brings together all the monitoring services in Azure.

‍

Azure Monitor for Containers (60 min)

Using Kubernetes without proper monitoring is on the one hand asking for problems and on the other a waste of potential as this service offers.

Azure Container Insights offers much more than simple AKS cluster monitoring, but provides a full suite of services for securely hosting a container-based environment.

Topics covered:

• Possibilities
• Monitoring operation with AKS
• Scanning images in Container Registry (ACR)

‍

Application Insight (60 min)

There are few services in Microsoft Azure that give such a huge return on inclusion as Application Insights. About 30 minutes to turn on and configure and we get a thorough insight into the inside of the application or the entire microservice ecosystem.

However, it is also one of the less described services so using and learning this knowledge is unfortunately not easy. It doesn't take much time to get to know this service.

Topics covered:

• Arquitectura
• Action Models - Open Telemetry vs Classic
• What is Open Telemetry

- Classic:

• Mappa applicazione
• Smart Alerts
• Testkirina hebûna
• Metrics en vivo
• Performace
• Faults
• Uso
• Sessioni
• Evenementen
• Funnels
• Cohorts
• Cost Optimization
• Sampling

‍

Cost Optimization (30 min)

This module focuses on cost optimization in the cloud, showing you how to effectively manage and control expenses in Azure, both on a small and large scale.

Participants will learn how to use tools such as Azure Advisor and Azure Automation to understand, control and reduce their costs.

This module also covers topics related to budgeting, cost analysis and platform design for easy billing.

Main Issues:

• Azure Advisor: Use Azure Advisor to receive cost optimization recommendations.
• Budgets: Set and manage budgets in Azure to control expenses.
• Breakdown of Costs by Dimensions: Analysis and understanding of costs according to different dimensions, such as services, departments or projects.
• Designing a Platform for Easy Billing: Learning to design infrastructure and services in such a way that billing is transparent and easy to understand.
• Azure Automation: Leverage Azure Automation to manage resources and optimize costs.
• Good Practices: An overview of best practices for optimizing costs in the cloud.

‍

Conclusion, survey, etc (15 min)