IaaS in Azure

Nowadays, where speed and security are key, manual management in Azure is becoming an outdated approach.

The “Azure for DevOps” training is designed to provide participants with the skills and knowledge necessary to effectively use automation in Azure. We will cover key areas of automation, from CI/CD processes to infrastructure management as code (IAc), networks, monitoring, data management and identity security.

The training focuses on practical skills and best practices, enabling participants to create efficiently managed, secure and scalable solutions in Azure.

Key Issues:

• CI/CD process: Understanding and creating CI/CD workflows, code reuse, and agent deployment
• Security in CI/CD: Learning good security practices in CI/CD processes.
• Infrastructure as Code (IAc): Writing and organizing infrastructure management code in Azure.
• Networks in Azure: Ensuring network privacy and security in a cloud environment.
• Monitoring: Azure monitoring techniques and tools to respond quickly to issues.
• Data Management: Solutions for storing and managing binary data in Azure.
• Identity Security: Password-free identity and authorization management methods.

Start, welcome, etc (15 min)

Introduction to Azure (60 min)

A fundamental introduction to Microsoft Azure, preparing participants for a deeper understanding and effective use of cloud services.

We'll start from the ground up by explaining why understanding Azure fundamentals is critical to using the cloud effectively.

Main Issues:

• Capex vs. Opex: Analysis and comparison of capital (Capex) and operating (Opex) cost models in the context of cloud services.
• IaaS, PaaS, FaaS: Introduction to different cloud service models, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Function as a Service (FaaS).
• Identity and Permissions Management - RBAC: Overview of identity and permissions management using Role-Based Access Control (RBAC) in Azure.
• Subscription a Tenant: Explain the differences and relationships between subscriptions and tenants in the Azure ecosystem.

‍

Virtual Machines and Disks (450 min)

This module focuses on virtual machines, which, despite the development of PaaS and SaaS services, continue to play a key role in most cloud systems.

Participants in the module will gain knowledge of different types of virtual machines, disks, methods of ensuring high availability, and techniques for replicating on-prem environments to the cloud.

This module also discusses scaling, configuration, access management, and cost monitoring and optimization in the context of virtual machines in Azure.

Main Issues:

• Types of Virtual Machines: Overview of the different types of virtual machines available in Azure.
• Types of Disks: Understand the differences between disk types and their applications.
• Preserve High Availability - Availability Set: Learn how to configure Availability Sets for greater availability.
• Azure Site Recovery: How to create a copy of on-prem in the cloud with Azure Site Recovery.
• Scaling - Scale Set and Low Priority Scale Sets: Understand and apply various scaling options, including Scale Sets and Low Priority Scale Sets.
• Machine Configuration: Practical tips for configuring virtual machines.
• Access Management: Learn to manage access to virtual machines, both for Windows and Linux (Azure AD Linux Integration).
• Monitoring: Use Azure Monitor and Azure Log Analytics to track performance and health of virtual machines.
• Cost Optimization: Strategies to optimize the costs of using virtual machines in Azure.

‍

Networks in Azure (180 min)

This module provides a comprehensive introduction to Azure Networking by introducing you to basic networking issues and services in an Azure environment.

Participants will learn how to design and configure networks in Azure, adapting them to different business scenarios. The module includes hands-on workshops on network configuration, including Network Security Groups (NSG), User-Defined Routes (UDR), Service Endpoints, and Private Endpoints.

Topics on connecting networks for better performance and scalability, and network security issues will also be addressed. Participants will also learn how to monitor, diagnose, and manage networks in Azure.

Main Issues:

• Basics of Azure Networking: Introduction to key aspects of networking in Azure.
• Examples of Network Architectures: Overview of different network architectures tailored to specific business needs.
• Practical Workshops on Network Configuration: Learn how to configure NSG, UDR, Service Endpoints, and Private Endpoints.
• Networking for Performance and Scalability: Understand peering, VPN, ExpressRoute, remote gateway and gateway transit.
• Network Security: Overview of network security practices in Azure.
• Network Monitoring and Management: Learn how to use network monitoring and diagnosis tools in Azure.

‍

Bastion (60 min)

This module focuses on Bastion in the cloud, which eliminates the need to manage traditional jump boxes (intermediary machines) in the IT infrastructure.

Participants in the module will learn how Bastion can facilitate secure connections to virtual machines without having to expose them directly to the Internet.

This module covers the use of Bastion, its configuration, the connection process, and the analysis of the costs associated with its implementation and use.

Main Issues:

• Application: Explains how and why to use Bastion in the context of secure remote access.
• Configuration: Practical tips for configuring Bastion, including network and security settings.
• Making a Connection: Overview of the process of establishing a secure connection to virtual machines using Bastion.
• Costs: Analysis and considerations of the costs associated with the implementation and operation of Bastion in the cloud infrastructure.

‍

Private Links (60 min)

This module focuses on Private Links, one of the key elements of a secure cloud architecture used to protect public services from unauthorized external access.

Participants will learn why Private Links are important, how to set them up, manage their DNS, and the costs associated with them.

This module is particularly relevant for understanding the protection of cloud services and maintaining data security in a cloud environment.

Main Issues:

• Why Private Links?: Understand the importance of Private Links in the context of cloud architecture security.
• Configuration: Practical tips for setting up Private Links to effectively protect public services.
• DNS Assignment: Learn to manage DNS settings for Private Links to enable secure and private connections.
• Costs: Analysis of the costs associated with the implementation and maintenance of Private Links in a cloud environment.

‍

Azure Monitor (90 min)

Azure Monitor brings together all the monitoring services in Azure.

‍

Log Analytics (90 min)

One of the huge advantages of using the cloud is the built-in monitoring at a wide range of levels - from the virtual machine itself to the application. All this data flows into one place - Log Analytics.

At first, it may seem strange and unintuitive with its query language which is very different in usability from, for example, Elastic Search. However, this otherness gives very large and interesting opportunities. You just have to be able to use them:)

Topics covered:

• Architecture and operation
• Access Models
• Data sources
• Data collection
• Submitting Enquiries
• Data sources
• Basic Inquiries
• Aggregation
• functions
• Grupos de computador
• Queries in service logs
• Query Optimization
• Visualization
• Alerts
• Cost Optimization

‍

Key Vault and Managed Identity (60 min)

This module focuses on Azure Key Vault and Managed Identity, which are key elements of a secure architecture in Azure.

Participants will learn how to effectively use these services to secure data, manage secrets, keys, and certificates, and manage access and authentication. This module will provide you with the practical skills and knowledge necessary to secure applications and services in Azure.

Main Issues:

• Service Levels (SKUs): Understand the different service levels available in Azure Key Vault.
• Secrets, Keys and Certificates: Learn how to manage secrets, keys, and certificates using Azure Key Vault.
• Access Management — Access Policies vs RBAC: Comparison and application of access policies and Role-Based Access Control (RBAC) in the context of access management.
• Access to Values and Authentication: The use of various access and authentication methods, including access from code, through environment variables and identities with on-prem.
• Integration with Services on the Example of App Services: Practical examples of Key Vault integration with other Azure services, such as App Services.
• Integration with CA: Understand the process of integrating Azure Key Vault with certification services.
• Manual Identity Retrieval and Request Authentication: Learn advanced authentication and identity management techniques.

‍

Storage Account (120 min)

This module focuses on Storage Account, one of Azure's core services, which is often mistakenly seen only as a place to store files.

Participants will learn about a wide range of Storage Account capabilities, including Azure Blob Storage, Azure Queue Storage, and Azure Table Storage.

This module will provide you with knowledge of architecture, performance, data replication, entitlement management, and cost optimization, as well as teach you how to deal with concurrency issues.

Main Issues:

Azure Blob Storage:

• Architecture and Performance: Understand the architecture and performance capabilities of Blob Storage.
• Data Replication and Soft Delete: Overview of replication options and the Soft Delete mechanism.
• Access and Permissions: Manage access and permissions, including Access Keys and SAS tokens.
• Object Lifecycle Management: Learning about the life cycle of objects and their management.
• Concurrency Problems: Optimistic and pessimistic locking techniques.
• Costs: Cost optimization strategies.

Azure Queue Storage:

• Architecture and Constraints: Fundamentals of Queue Storage Architecture and Constraints.
• Application and Good Practices: Practical use of Queue Storage and best practices.
• Cost Optimization: How to manage costs effectively when using Queue Storage.

Azure Table Storage:

• Architecture and Constraints: Understand the architecture and constraints of Table Storage.
• Data Modeling: Learning how to model data in wide-column databases.
• Transactions, Atomicity and ETG: An Overview of Atomicity Transactions and Guarantees.
• Application: Practical applications of Table Storage.
• Cost Optimization: Cost reduction techniques when using Table Storage.

‍

Cost Optimization (30 min)

This module focuses on cost optimization in the cloud, showing you how to effectively manage and control expenses in Azure, both on a small and large scale.

Participants will learn how to use tools such as Azure Advisor and Azure Automation to understand, control and reduce their costs.

This module also covers topics related to budgeting, cost analysis and platform design for easy billing.

Main Issues:

• Azure Advisor: Use Azure Advisor to receive cost optimization recommendations.
• Budgets: Set and manage budgets in Azure to control expenses.
• Breakdown of Costs by Dimensions: Analysis and understanding of costs according to different dimensions, such as services, departments or projects.
• Designing a Platform for Easy Billing: Learning to design infrastructure and services in such a way that billing is transparent and easy to understand.
• Azure Automation: Leverage Azure Automation to manage resources and optimize costs.
• Good Practices: An overview of best practices for optimizing costs in the cloud.

‍

Conclusion, survey, etc (15 min)