Module 2 Complete: Azure Architecture and Services

Module 2 Summary
& Review

Comprehensive review of Azure's core architectural components, compute services, networking, storage solutions, identity management, and security features. Master everything for Quiz 19 and AZ-900 certification success.

Global Infrastructure ✓
Compute Services ✓
Networking ✓
Storage ✓
Identity & Security ✓

🎯 Module 2: Azure Architecture and Services (35-40% of AZ-900)

🌍 Global Infrastructure

Regions, Availability Zones, Geographies, Data Residency

Sessions 9-10

💻 Compute Services

VMs, App Service, Functions, Containers

Sessions 11-12

🌐 Networking

VNets, Load Balancers, VPN, ExpressRoute

Sessions 13-14

💾 Storage

Blob, Files, Disks, Tiers, Redundancy

Sessions 15-16

🔐 Identity & Security

Azure AD, RBAC, MFA, Zero Trust

Sessions 17-18

Core Architectural Components

🏗️ Azure Organizational Hierarchy

Azure AD Tenant
↓ Contains
Management Groups
↓ Organize (Max 6 levels)
Subscriptions
↓ Contain
Resource Groups
↓ Logically group
Resources (VMs, Storage, etc.)

🎯 Quiz Key Points:

• Subscriptions: Billing and access boundary
• Resource Groups: Each resource in exactly one group
• Management Groups: Max depth 6 levels
• Resources: Can be in different regions than RG

🌍 Azure Global Infrastructure

Geographies
  • • Discrete markets (US, Europe, Asia)
  • • Preserve data residency
  • • Compliance boundaries
  • • Contain 2+ regions
Regions
  • • Geographic areas with multiple DCs
  • • Low latency (< 2ms between DCs)
  • • Region pairs for DR
  • • Min 300 miles apart
Availability Zones
  • • Physically separate DCs
  • • Within single region
  • • Independent power, cooling, network
  • • Min 3 zones where available

Azure Compute Services

💻 Compute Services Comparison

Virtual Machines

Infrastructure as a Service (IaaS)

  • • Full OS control
  • • Custom configurations
  • • Lift-and-shift migrations
  • • Various VM sizes
Best for: Legacy apps, full control needed

App Service

Platform as a Service (PaaS)

  • • Web apps, APIs
  • • Auto-scaling
  • • Multiple languages
  • • Deployment slots
Best for: Web apps, reduced management

Azure Functions

Serverless Compute

  • • Event-driven
  • • Pay-per-execution
  • • Auto-scaling
  • • Multiple triggers
Best for: Event processing, microservices

Container Services

ACI & AKS

  • • Container orchestration
  • • ACI: Simple containers
  • • AKS: Kubernetes
  • • Microservices
Best for: Modern apps, microservices

🔧 Critical VM Concepts for Quiz 19

VM High Availability
Availability Sets
  • • Protect against hardware failures
  • • Fault domains (rack failures)
  • • Update domains (planned maintenance)
  • • 99.95% SLA
Availability Zones
  • • Protect against datacenter failures
  • • Physically separate locations
  • • Within same region
  • • 99.99% SLA
VM Scaling & Management
VM Scale Sets
  • • Auto-scaling VMs
  • • Identical VM configuration
  • • Scale up to 1000 instances
  • • Load balancer integration
Azure Bastion
  • • Secure RDP/SSH access
  • • No public IP on VMs
  • • Browser-based access
  • • SSL/TLS encrypted

🎯 Quiz Focus: VMs provide the highest level of control (IaaS). Maximum data disk size: 64TB. VM Scale Sets enable auto-scaling.

Azure Networking Services

🌐 Core Networking Components

🏢 Virtual Networks

Isolated network environments

  • • Subnets for segmentation
  • • Private IP ranges
  • • Network Security Groups
  • • Azure-provided DNS

⚖️ Load Balancers

Traffic distribution

  • • Layer 4 (Load Balancer)
  • • Layer 7 (Application Gateway)
  • • Internal & External
  • • Health probes

🔗 VPN Gateway

Secure connections

  • • Site-to-Site VPN
  • • Point-to-Site VPN
  • • IPSec/IKE encryption
  • • Up to 30 connections

🚄 ExpressRoute

Private connectivity

  • • Dedicated connection
  • • 50 Mbps to 10 Gbps
  • • No internet routing
  • • Higher bandwidth & reliability

🏗️ Virtual Network Key Concepts

VNet Fundamentals
📋 Address Spaces
  • • RFC 1918 private ranges
  • • 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
  • • Cannot overlap with on-premises
🔗 Subnets
  • • Minimum /29 (8 addresses)
  • • Azure reserves 5 addresses
  • • Can span availability zones
VNet Connectivity
🔄 VNet Peering
  • • Connect VNets directly
  • • Cross-region supported
  • • No gateways required
  • • Up to 500 peered VNets
🛡️ Network Security
  • • NSGs for traffic filtering
  • • Service endpoints for PaaS
  • • Private Link for private access

Azure Storage Services

💾 Storage Service Types

Blob Storage

Unstructured data

  • • Documents, images, videos
  • • Hot, Cool, Archive tiers
  • • REST API access
  • • Unlimited capacity
Best for: Web content, backups, analytics

Azure Files

Managed file shares

  • • SMB protocol access
  • • Mount as network drive
  • • Cross-platform support
  • • Up to 100 TB per share
Best for: Shared storage, lift-and-shift

Disk Storage

Managed disks

  • • Standard HDD/SSD
  • • Premium SSD
  • • Ultra Disk
  • • Up to 64 TB
Best for: VM storage, databases

Other Services

Specialized storage

  • • Queue Storage (messages)
  • • Table Storage (NoSQL)
  • • Data Lake Storage
  • • Archive Storage
Best for: Apps, big data, archival

🔄 Storage Redundancy Options

Local Redundancy
LRS - Locally Redundant
  • • 3 copies in same datacenter
  • • Protects against drive failures
  • • 99.999999999% (11 9's) durability
  • • Lowest cost option
ZRS - Zone Redundant
  • • 3 copies across availability zones
  • • Protects against datacenter failures
  • • 99.9999999999% (12 9's) durability
  • • Available in select regions
Geographic Redundancy
GRS - Geo Redundant
  • • LRS + copy to paired region
  • • Protects against regional disasters
  • • 99.99999999999999% (16 9's) durability
  • • Read access in secondary region
GZRS - Geo-Zone Redundant
  • • ZRS + copy to paired region
  • • Highest level of redundancy
  • • Best for critical workloads
  • • Premium tier available

🎯 Quiz Focus: GZRS provides highest availability. Archive tier has lowest cost but highest access cost. Blob vs Files: Blob for unstructured data, Files for SMB shares.

Identity and Security

🔐 Azure AD and Security Services

Azure Active Directory

  • • Identity & Access Management
  • • Single Sign-On (SSO)
  • • MFA support
  • • Conditional Access
  • • Free, Basic, Premium tiers

Role-Based Access Control

  • • Owner, Contributor, Reader
  • • Custom roles supported
  • • Inheritance from parent scopes
  • • Principle of least privilege
  • • Applied at multiple scopes

Security Services

  • • Azure Key Vault (secrets)
  • • Defender for Cloud
  • • Azure Sentinel (SIEM)
  • • DDoS Protection
  • • Azure Bastion

🤖 Azure Managed Identities

The Problem
  • • Applications need credentials to access Azure services
  • • Storing secrets in code is insecure
  • • Manual credential rotation is error-prone
  • • Risk of credential exposure
Managed Identity Solution
  • • Azure automatically manages the identity
  • • No credentials in application code
  • • Automatic token acquisition and renewal
  • • Integrates with Azure RBAC
Types of Managed Identity
System-assigned
  • • Tied to resource lifecycle
  • • 1:1 relationship with resource
  • • Deleted when resource is deleted
  • • Cannot be shared
User-assigned
  • • Standalone Azure resource
  • • Can be shared across resources
  • • Independent lifecycle
  • • Managed separately

🎯 Quiz Key Point: Managed Identity eliminates the need to manage credentials in application code - one of the most important security benefits in Azure.

Critical Service Comparisons for Quiz 19

🔗 Connectivity Options

VPN Gateway
  • • Encrypted connection over internet
  • • Site-to-Site and Point-to-Site
  • • Variable bandwidth and latency
  • • Lower cost option
ExpressRoute
  • • Private dedicated connection
  • • Predictable bandwidth (50 Mbps - 10 Gbps)
  • • Higher cost but better performance
  • • Does not traverse internet

⚖️ Load Balancing

Azure Load Balancer
  • • Layer 4 (Transport layer)
  • • TCP/UDP traffic distribution
  • • Internal and external types
  • • Zone redundant options
Application Gateway
  • • Layer 7 (Application layer)
  • • HTTP/HTTPS traffic only
  • • Web Application Firewall (WAF)
  • • URL-based routing, SSL termination

📦 Container Services

Azure Container Instances
  • • Simple container hosting
  • • No orchestration
  • • Pay per second
  • • Good for simple workloads
Azure Kubernetes Service
  • • Managed Kubernetes
  • • Container orchestration
  • • Auto-scaling and healing
  • • Complex microservices

🔄 Disaster Recovery

Azure Backup
  • • Backup and restore service
  • • VMs, files, SQL, SAP HANA
  • • Point-in-time recovery
  • • Long-term retention
Azure Site Recovery
  • • Disaster recovery service
  • • VM replication and failover
  • • Business continuity
  • • On-premises to Azure, Azure to Azure

Important Numbers for AZ-900

🏗️ Architecture Limits

Management Group Levels 6
Regions per Geography 2+
Availability Zones 3+
Min Distance Region Pairs 300mi

💻 Compute Limits

Max VM Data Disk Size 64TB
VMs in Availability Set 200
VMSS Max Instances 1000
Functions Timeout (Consumption) 5min

🌐 Network & Storage

Max Subnets per VNet 3000
Min Subnet Size /29
Azure File Share Size 100TB
Archive Tier Min Duration 180d

🧠 Ready for Quiz 19 - Sample Questions

Test your Module 2 knowledge! These sample questions reflect the actual Quiz 19 format and AZ-900 exam style.

Sample Question 1:

"Which Azure compute service provides the highest level of control over the operating system?"

  • A) Azure Functions
  • B) Azure App Service
  • C) Azure Virtual Machines ✅
  • D) Azure Container Instances

Sample Question 2:

"What is the primary purpose of Azure availability zones?"

  • A) Reduce costs
  • B) Provide fault tolerance within a region ✅
  • C) Improve network performance
  • D) Enable global load balancing

Sample Question 3:

"What is the main benefit of using Azure managed identities?"

  • A) Reduced costs
  • B) No need to manage credentials in code ✅
  • C) Better performance
  • D) Enhanced user experience

Sample Question 4:

"Which storage redundancy option provides protection against regional disasters?"

  • A) LRS
  • B) ZRS
  • C) GRS ✅
  • D) Premium SSD

📝 Quiz 19 covers: Global infrastructure, Compute services, Networking, Storage, Identity & Security, Azure Resource Manager, Service comparisons

Take Quiz 19 - Module 2 Summary

Module 2 Mastery Achievement

🏆 Congratulations! You've Mastered Azure Architecture and Services

🌟 What You've Learned:

  • Global Infrastructure: Regions, availability zones, and data residency concepts
  • Compute Services: VMs, App Service, Functions, and container options
  • Networking: VNets, load balancers, VPN Gateway, and ExpressRoute
  • Storage Solutions: Blob, Files, Disks, and redundancy options
  • Identity & Security: Azure AD, RBAC, MFA, and Zero Trust

🎯 AZ-900 Readiness Status:

Module 2 Coverage 100%
Quiz Readiness Ready!

All key concepts covered and reviewed

🏅 Achievement Unlocked:

Azure Infrastructure Expert ✓ Compute Services Master ✓ Networking Specialist ✓ Storage Solutions Pro ✓ Security & Identity Expert ✓

🚀 Ready for the Next Challenge?

You've completed Module 2 with flying colors! Now it's time to test your knowledge with Quiz 19 and prepare for Module 3: Azure Management and Governance.

Take Quiz 19 Now Start Module 3: Management & Governance