What do we want? The Azure Fundamentals Cert by February!
When do we want it? By Feb! Just said it, pay attention!
A very helpful guide by Daniel Baker (AzureDan).
You need a subscription (or trial) to make a resource group. But you can make a Markdown without it!
Here is my Resource Group;
I poked around in the Policy section for a time.
Other things we're going to fill out here include:
- Networking & Gateways
- Authentication and Identity
- DevTest Labs
- Backup Solutions
Virtual Network(ing and Gateways) in Azure
Enter your resource group, hit 'Add', search what you want (Here, a Virtual Network), fill out the information, and there you go. Also helps to go back into the resource to the deployment, and pin it to the dashboard.
Let's make some Subnets!
The Gateway Subnet routes things through the Azure Cloud.
You'll need to go into the Marketplace and get 'Virtual Machine Gateway' app. Remember to check the region you're working in!
There are certificates made an installed. I wonder if that process could be automated somehow. Would it be safe?
In making a template, there is a script given, that outlines the template rules, parameters (names, network), variables (with values), and resources (objects to deploy).
When the template is made, it can be deployed.
As I can't seem to find a Visual Studio Community 2017 Version, let's hit a random thing and roll with it.
See, it's in our Development subnet in our 31vNet Virtual Network.
Here it is, and all the stats:
And here's the Networking page, that shows our public and private IPv4 addresses.
It takes some time to be enabled. When it's ready, you can see where we're failing at security wise. Meanwhile, I had to troubleshoot the actual Update Agent.
It's like when Task Manager is not responding.
I can at least walk through scheduling an update deployment. We can schedule a time, and what updates are to be included (None here).
The Metrics options tracks the performance of a VM and lists the results in a very GUI, chart-happy kind of way.
The Adviser tab offers us a (probably AI) guide to offer suggestions to improve performance on our resources and be reasonable with our spending.
Resource health watches your resource and tells you if it's running as expected.
A very cool option iunder Support + troubleshooting is Boot diagnostics, to see if there are any potential issues with booting up the VM, and the option to reset the password to the built-in admin account. Snazzy! You can also redploy your VM to a new Azure host.
Next, let's deploy a CentOS system through the command Line
I'm tossing in this video as well: While it has no affiliation with the one at the top of the page...I was prepared to make another post about this until I remembered "Oh yes, already did some AzAD stuff!"
Directory Services & Domain Controllers.
Select Azure Active Directory from the Services group.
A new user is made; If we had a group, we could put her there, but let's not let that stop us!
Paola Zallegortio is not a real person. To my knowledge.
We can go to the groups section and make an Accounting group for Ms. Zallegortio to join.
I can create or invite a user to join, and stick them in the made group;
See the box? The group itself doesn't show, but he's in the Accounting group with Paola. You could probably put a user in more than one group, but then you get caught up in thorny stuff, like permissions creep.
We can establish single sign-on for a user. Let's try with Twitter -
Default Directory > Enterprise applications - all applications > Categories > add an application > Twitter. When Twitter is installed (click 'add'), this is what you get;
Select single sign-on, hit password based (or whatever makes sense for you,) and hit save at the resulting screen. When you go to Users and Groups, you can now add a user to the Twitter, SSO group.
Visit a resource in the Resource Groups tab, 'new', and install DevTest Labs from the Marketplace after searching.
You can add VMs to your testing labs - There's a lot of options.
Also includes Ubuntu in Kubernetes Containers.
I've also allowed the sizes for VMs that our developers can work with under Configurations and Policies > Allowed Virtual Machine Sizes.
I set the sizes, now time for the actual amount of VMs that are allowed to be spun up; I'll go with 2.
Under Configurations and Policies - Virtual Network, our test enviroment has already been set up in our dtlbacaid-devtestlab network, though we could go back to the Virtual Network pane and make a new one for it to inhabit if we wish. In fact, I think I will.
I don't know why the name doesn't show up in the 'Your deployment is complete' panel.
Marketplace images are "Hey, what .isos should your devs be allowed to download?" I selected Cent OS and Server 2012 R2. When you go to 'Formulas (reuseable base), those are the only options):
A while back, I made a comment that Azure had a lot less silly names than AWS, so one didn't have to Google (or Bing, as the case may be) to find out what they were working with.
I take that back; In order to have programs pre-installed on a base you spin up, you have to add them on...and they're called Artifacts.
These are just plans, blueprints, so you don't waste time finangling around a GUI trying to get things set up. Nice idea. Odd name.
Under your virtual machine, look to the left. Operations > Disaster Recovery. Make sure it's in the correct region.
You see a cache storage account setting, it's used before a source VM is replicated to the target. It will be made when this is deployed.
You can only set protections in one region;
The virtual machine 'kearosan' couldn't be protected to the region 'West US' as it is already protected to the region 'East US 2'.
If you click the 'Failed' Hyperlink, that's the error that pops up, along with possible causes, recommendations, and Error ID.
Something did get backed up:
"Success - Task Failed."
As a reminder, here is our Dashboard now;
I made a new resource group and pulled up the Web App service in the Marketplace to install.
Of interesting note is the Application Monitoring selection of my apps, network, and infrastructure. It's not available with my plan.
It took some time to deploy it because it simply did not like the settings in the region I was trying to put it in. It worked in West Europe but not West US. Interesting.
I think I took a different turn somewhere. But I can at least show you something in this App Service:
Here are some application settings: Set rule for when data can be moved. With this set up, data will be stored and moved while encrypted.
Security and Monitoring Your Azure Cloud
"Is the cloud safe?"
Let's be honest, attacks are growing more sophisticated, and end users just want things to work, and aren't concerned about security. Nothing personal - You have other things to do. Leave it to a cloud service to have multiple security options in place to protect your data they have stored. After all, it's Microsoft. They've been at this for quite a while. I think they know how to store data.
Onto the final lesson.
It's a little scant looking.
Clicking Recommendations give a page with suggestions about how to have more secure resources. There's even an option to include your own custom policies. With AI, it probably knows what your policies intend to do, and know how to warn against things that may break them. Very neat.
Let's look at the suggestion for Compute:
'Web application should only be accessible from over HTTPS!'
'Quick Fix' takes us to another screen, where you essentially scroll down and hit it again.
Another window pops up, explaining why this is beneficial. I appreciate the lesson, but let's actually implement it.
With the final click, the remediation is successful, and it will take a few minutes to update to a Healthy Resource in our Security Center.
There's far more to do with Azure (And in Security Center that I did not outline), and this is a little beyond the scope of AZ-900, but it was great to get a comprehensive, hands-on look at the service.
If you have any AZ-900 resources, feel free to comment.
FOR EMPLOYERS: It's learning.