Introduction xxi
Assessment Test xxxix
Chapter 1 Gaining the Azure Solutions Architect Expert Certification 1
The Journey to Certification 3
A Strategy to Pass the Azure Exams 5
Use Azure Daily 5
Read Azure Articles, Keeping Yourself Current 6
Recognize Azure Product Names, Features, and Functionalities 9
Strive for a Deep Knowledge of a Few, Some Knowledge of Many, and a Basic Knowledge of All 10
An Introduction to Must-Know Azure Features 12
Azure Active Directory and Security 12
Networking 13
Azure Virtual Machines 15
Azure App Service 16
Azure Functions 18
API Management 19
Azure Monitor 20
Azure SQL 22
Azure Cosmos DB 24
Azure Storage 25
Service Bus 28
Site Recovery 30
Azure Bastion 32
Summary 32
Exam Essentials 33
Key Terms 34
Review Questions 35
Chapter 2 Security and Identity 39
Azure Active Directory 40
Add a Custom Domain to Azure Active Directory 44
AAD Connect 49
Connect Health 51
Directory Objects 52
Single Sign-On 52
B2B Collaboration 53
Self-Service Password 54
Application Proxy 54
Service Level Agreement 56
Identity Protection 57
Conditional Access 59
Multifactor Authentication 66
Privileged Identity Management 74
Managed Identities 75
Azure AD Domain Services 76
Role-Based Access Control 78
How to Control Who or What Has Access 84
How to Provide Permissions to Resources 85
How Are the Permissions to Resources Controlled? 87
Custom Roles 87
Hardware and Network Security 92
Microsoft Trust Center 93
Security Center 93
Azure Network Security 98
Application Gateway/WAF 98
Azure DDoS Protection 99
Azure Confidential Computing 99
Azure Security Products and Techniques 102
Shared Access Signature 102
Azure Key Vault 103
Easy Auth 105
Summary 106
Exam Essentials 106
Review Questions 108
Chapter 3 Networking 111
Microsofts Global Network 112
Overview of Hybrid Networks 114
Azure Virtual Network 115
Azure Virtual Networking 117
Regions 117
Key Features and Capabilities 127
Network Security 168
Traffic Filtering with NSG, ASG, and NVA 169
Application Gateway/WAF 174
IP Restrictions 180
Network Map and Topology 183
Using Azure DNS 184
Azure-Provided DNS 187
Hybrid Azure Networking 190
ExpressRoute 190
Site-to-Site VPN Gateway 192
Additional Azure Networking Products 201
Application Gateway 202
Hosting Multiple Websites 206
Azure Load Balancer 211
Azure Front Door 214
Azure Content Delivery Network 215
Traffic Manager 217
Azure Relay/Hybrid Connection Manager 218
Key Terms 220
Summary 221
Exam Essentials 222
Review Questions 224
Chapter 4 Compute 227
An Overview of Compute (Hosting Model) 229
Cloud Service Models 229
How to Choose the Right Hosting Model 231
Architectural Styles, Principles, and Patterns 234
Azure Compute Best Practices 237
Azure Container Instances 239
OS Virtualization, Containers, and Images 241
Container Groups and Multicontainers 243
Azure Virtual Machines 256
Creating Azure Virtual Machines 259
Managing Azure Virtual Machines 271
Azure App Services 298
Web Apps 301
Web App for Containers (Linux) 306
App Service Environments 308
Azure WebJobs 309
Azure Batch and HPC 312
Storage 316
Marketplace 316
Azure Functions 317
Hosting Plans 319
Triggers and Bindings 320
Runtime Versions 326
Supported Programming Languages 326
Service Fabric 328
Clusters and Nodes 330
Architecture 331
Best-Practice Scenarios 332
Azure Integration 335
Azure Kubernetes Service 336
Kubernetes vs. AKS 336
Clusters, Nodes, and Pods 338
Development and Deployment 338
Maintaining and Scaling 342
Cloud Services 344
Windows Virtual Desktop 345
Summary 346
Key Terms 347
Exam Essentials 348
Review Questions 350
Chapter 5 Data and Storage 355
RDBMS, OLTP, OLAP, and ETL 357
Big Data/NoSQL 358
Choosing the Right Data Storage Solution 359
Document Databases 360
Key/Value Pairs 361
Graph Databases 362
Object Storage 363
Relational Database Management System 363
Search Engine Databases 365
Data Analytics/Data Warehouse 365
Shared Files 373
Azure Data Store 377
Azure SQL Database 382
Other Azure Data Stores 420
Azure Storage 424
Zone Replication 434
Data Backup, Migration, and Retention 437
Securing Azure Data 443
Summary 451
Exam Essentials 451
Key Terms 452
Review Questions 454
Chapter 6 Hybrid, Compliance, and Messaging 457
Hybrid Solutions 458
Hybrid Security 459
Hybrid Networking 460
Hybrid Computing 462
Hybrid Data Solutions 463
Azure Cloud Compliance Techniques 463
Compliance and Governance 464
Security 472
Resiliency and Reliability 474
Privacy 475
Security Center 478
Microsoft Cloud App Security 483
Azure Messaging Services 484
Event vs. Messaging 485
How to Choose the Right Messaging Service 485
Messaging Patterns 487
Event Hubs 492
Service Bus 496
Azure Storage Queue 498
Event Grid 499
Logic Apps 503
Notification Hubs 505
Summary 505
Exam Essentials 506
Key Terms 506
Review Questions 508
Chapter 7 Developing for the Cloud 511
Architectural Styles, Principles, and Patterns 512
Architectural Styles 513
Design Principles 515
Cloud Design Patterns 517
An Introduction to Coding for the Cloud 523
Triggering a Background Job 523
Connecting to Regional/Global Database Instances 524
Working with the Azure Queue Storage SDK 524
Forms, Certificate, Windows, MFA, Open
Standard, Managed Identities, and Service
Principle Authentication 525
Reading Encrypted Data from a Database 531
IDEs and Source Code Repositories 533
Implementing Security 534
Summary 538
Exam Essentials 539
Key Terms 539
Review Questions 540
Chapter 8 Migrate and Deploy 543
Migrating to Azure 544
Azure Site Recovery 548
Azure Migrate 549
Migrating Azure Virtual Machines 551
Database Migration 558
Migrating Azure App Services 565
Import/Export 566
Moving Resources in Azure 567
Moving Azure App Services 568
Moving Azure Virtual Machines 569
Deploying Application Code and Azure Resources 576
Deploying with Visual Studio 578
Deploying with ARM Templates 580
Working with DevOps 594
Learning Azure Automation 600
Process Automation 604
Configuration Management 605
Update Management 606
Other Automation Resources 607
Summary 608
Exam Essentials 608
Key Terms 609
Review Questions 610
Chapter 9 Monitor and Recover 613
Monitoring Azure Resources 615
Azure Service Health 619
Azure Monitor 621
Azure Monitoring by Component 634
Additional Monitoring Topics 648
Recover Azure Resources 649
What is BCDR? 650
Azure Recovery Services 651
Azure Recovery by Product Type 668
Summary 677
Exam Essentials 678
Review Questions 679
Appendix Answers to Review Questions 681
Chapter 1: Gaining the Azure Solutions Architect Certification 682
Chapter 2: Security and Identity 683
Chapter 3: Networking 684
Chapter 4: Compute 685
Chapter 5: Data and Storage 687
Chapter 6: Hybrid, Compliance, and Messaging 688
Chapter 7: Developing for the Cloud 688
Chapter 8: Migrate and Deploy 689
Chapter 9: Monitor and Recover 690
Index 693