|Learn Azure in a Month of Lunches, 2nd Ed|
Page 2 of 3
Part 2 High Availability and Scale
This section opens with a look at Azure’s Resource Manager. As systems grow, keeping track of the various components becomes increasingly difficult. The Resource Manage allows you to manage, group, and secure these components. This can be extended by using inbuilt templates (and custom ones) to automate the process of resource creation and deployment. Some tools to ease the creation of templates are discussed. Various practical work supports the ideas discussed.
Next, the author looks at High Availability (HA) and redundancy, where an application can scale out and be globally distributed. The need for redundancy is discussed (eliminate single point of failure). This is followed with an overview of the various data center components that can reduce the impact of any failure (e.g. backup power supplies). Availability Zones allow applications to be replicated in another data center, providing both scalability and redundancy in-case one data center is compromised. Practical work shows how to create a VM in an availability zone, and the deployment of a HA VM from a template.
The next chapter extends the previous one with a discussion on load-balancing, which allows traffic to be distributed more evenly across all your VMs. Various load-balancer components are examined in a practical manner, including: traffic distribution with load-balancer rules, and directly routing traffic with Network Address Translation rules. Practical exercises show the setting up of the various components of the load-balancer.
The previous chapters are extended with a discussion on scalable resources. Autoscale rules allow VMs to be added or removed automatically depending on demand. Vertical (e.g. more powerful CPUs) and horizontal (e.g. more CPUs) scaling is briefly discussed. Azure provides VM scale sets that allow you to run identical VMs typically behind a load balancer, and this is illustrated with worked examples.
Having set the background, the next chapter looks at Cosmos DB, an autoscaling, highly redundant, globally distributed database platform. Cosmos DB encompasses various types of NoSQL databases. Details on how to create and configure Cosmos DB, and build a web application that runs with it are given.
The author then looks at how to get traffic to your site. There’s a brief look at Domain Name Service (DNS) that translate a human readable web address (e.g. www.manning.com) to an IP address (e.g. 126.96.36.199). The heart of the chapter concentrates on using the Azure Traffic Manager to route customers to your applications based on performance and geolocation.
The section ends with a look at some of the tools available for monitoring and troubleshooting. There’s a useful walkthrough on setting up VM boot diagnostics, which is particularly important when there’s connectivity problems. Similarly, creating alerts for excessive memory, CPU, and disk activity are examined. The importance of taking baseline measurements for future comparisons and capacity planning is highlighted. The chapter ends with a look at Azure Network Watcher, an invaluable tool for investigating any potential network problems.
I feel that sometimes the author assumes too much (e.g. Network layers 7 and 4 are introduced in passing without reference to the seven Open Systems Interconnection layers). Sometimes too much peripheral information is introduced, instead of concentrating on the topic in hand.
Part 3 Secure By default
Security is probably the primary reason why companies opt to keep their systems in-house. This section discusses Azure’s various security features, perhaps to encourage the reader to use cloud-based systems (It should also be noted that in-house systems have security concerns too…)
The section opens with a look at backup, recovery and VM replication between regions – all Azure features that allow business users to focus their efforts on their applications rather than on infrastructure administration. Azure Backup service manages backup scheduling, data retention, backup and restore jobs. Encryption is implemented by default. You define policies to control the frequency of backups, and a walkthrough of this is given. A walkthrough of the restoration of a VM is also provided. Azure Site Recovery allows you to replicate your entire site to another region (e.g. for Disaster Recovery [DR]).
The author then looks at Data Encryption, an important topic since the security of data is often critical – as shown by the impact of security breaches that are regularly reported. Details are provided on how to encrypt data stored in Azure Storage, on managed disks, and the complete VM. Encryption is implemented with encryption keys stored in the Azure Key Vault Service, this service is examined in greater detail, it allows you to manage, control access, and audit your critical resources.
The last chapter in this section focuses on Azure Security Center, which can scan your resources, identify security concerns, and provided recommendations on their resolution – a walkthrough on this is provided. Additionally, Update Management ensures your VMs are automatically updated with the latest security patches.
This section is obviously of vital importance. Azure has a great many tools that increase the security of your applications, however, you too have to play your part in ensuring appropriate security is implemented.
|Last Updated ( Tuesday, 09 March 2021 )|