Azure Architecture Explained

Azure Architecture Explained

by David Rendón, Brett Hargreaves
Released September 2023
Publisher(s): Packt Publishing
ISBN: 9781837634811

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Enhance your career as an Azure architect with cutting-edge tools, expert guidance, and resources from industry leaders

Key Features

  • Develop your business case for the cloud with technical guidance from industry experts
  • Address critical business challenges effectively by leveraging proven combinations of Azure services
  • Tackle real-world scenarios by applying practical knowledge of reference architectures
  • Purchase of the print or Kindle book includes a free PDF eBook

Book Description

Azure is a sophisticated technology that requires a detailed understanding to reap its full potential and employ its advanced features. This book provides you with a clear path to designing optimal cloud-based solutions in Azure, by delving into the platform's intricacies.

You’ll begin by understanding the effective and efficient security management and operation techniques in Azure to implement the appropriate configurations in Microsoft Entra ID. Next, you’ll explore how to modernize your applications for the cloud, examining the different computation and storage options, as well as using Azure data solutions to help migrate and monitor workloads. You’ll also find out how to build your solutions, including containers, networking components, security principles, governance, and advanced observability. With practical examples and step-by-step instructions, you’ll be empowered to work on infrastructure-as-code to effectively deploy and manage resources in your environment.

By the end of this book, you’ll be well-equipped to navigate the world of cloud computing confidently.

What you will learn

  • Implement and monitor cloud ecosystem including, computing, storage, networking, and security
  • Recommend optimal services for performance and scale
  • Provide, monitor, and adjust capacity for optimal results
  • Craft custom Azure solution architectures
  • Design computation, networking, storage, and security aspects in Azure
  • Implement and maintain Azure resources effectively

Who this book is for

This book is an indispensable resource for Azure architects looking to develop cloud-based services along with deploying and managing applications within the Microsoft Azure ecosystem. It caters to professionals responsible for crucial IT operations, encompassing budgeting, business continuity, governance, identity management, networking, security, and automation. If you have prior experience in operating systems, virtualization, infrastructure, storage structures, or networking, and aspire to master the implementation of best practices in the Azure cloud, then this book will become your go-to guide.

Table of contents

  1. Azure Architecture Explained
  2. Foreword
  3. Contributors
  4. About the authors
  5. About the reviewers
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the example code files
    5. Conventions used
    6. Get in touch
    7. Share Your Thoughts
    8. Download a free PDF copy of this book
  7. Part 1 – Effective and Efficient Security Management and Operations in Azure
  8. Chapter 1: Identity Foundations with Azure Active Directory and Microsoft Entra
    1. Protecting users’ identities and securing the value chain – the importance of IAM in decentralized organizations
    2. Authentication and authorization in Azure
    3. Engaging and collaborating with employees, partners, and customers
    4. The significance of digital identities in the modern IT landscape
      1. Modernizing your IAM with Microsoft Azure AD
      2. Life cycle management
      3. Leveraging the Microsoft Cloud Adoption Framework
      4. Azure AD terminology, explained
      5. Securing applications with the Microsoft identity platform
    5. Securing cloud-based workloads with Microsoft Entra’s identity-based access control
      1. Azure AD
      2. Microsoft Entra Permissions Management
      3. Microsoft Entra Verified ID
      4. Microsoft Entra workload identities
      5. Microsoft Entra Identity Governance
      6. Microsoft Entra admin center
    6. Summary
  9. Chapter 2: Managing Access to Resources Using Azure Active Directory
    1. Understanding the need for IAM
    2. Understanding Azure AD (now Microsoft Entra ID)
      1. Exploring the Microsoft Entra ID editions
      2. Microsoft Entra ID Premium P2
    3. Understanding the capabilities of Microsoft Entra ID
      1. Task 1 – creating a new Azure AD tenant using the Azure portal
      2. Task 2 – creating and configuring Azure AD users
      3. Task 3 – creating an Azure AD group with dynamic membership
    4. Hybrid identity – integrating your on-premises directories (Azure AD Connect sync and cloud sync)
      1. Azure AD Connect sync
      2. Azure AD Connect cloud sync
      3. Azure AD Application Proxy
      4. Azure AD Conditional Access
      5. Azure AD PIM
      6. Assigning roles in PIM
    5. Summary
  10. Chapter 3: Using Microsoft Sentinel to Mitigate Lateral Movement Paths
    1. Understanding the Zero Trust strategy
    2. Understanding lateral movement
    3. Leveraging Microsoft Sentinel to improve your security posture
      1. Collecting data
      2. Detecting threats
      3. Investigating anomalies
      4. Responding to incidents
    4. Enabling Microsoft Sentinel
      1. Global prerequisites
      2. Enabling Microsoft Sentinel using the Bicep language
      3. Enabling Microsoft Sentinel using the Azure portal
      4. Setting up data connectors
    5. Mitigating lateral movements
      1. An Office 365 impersonation following a suspicious Azure AD sign-in
      2. Suspicious inbox manipulation rules set following suspicious Azure AD sign-in
    6. Summary
  11. Part 2 – Architecting Compute and Network Solutions
  12. Chapter 4: Understanding Azure Data Solutions
    1. Technical requirements
    2. Understanding Azure storage types
      1. Structured data
      2. Unstructured data
      3. Semi-structured data
      4. Azure storage accounts
    3. Understanding Azure database options
      1. Azure SQL
      2. Azure Cosmos DB
      3. Creating a Cosmos DB account
    4. Summary
  13. Chapter 5: Migrating to the Cloud
    1. Technical requirements
    2. Understanding migration options
    3. Managing servers
      1. Update management
      2. VM backups
    4. Modernizing applications
      1. Scale sets
      2. Azure App Service/Web Apps
      3. Further modernization
    5. Migrating data
    6. Summary
  14. Chapter 6: End-to-End Observability in Your Cloud and Hybrid Environments
    1. Understanding the importance of a monitoring strategy
    2. Working on an effective monitoring strategy
    3. Azure Monitor – a comprehensive solution for observability and efficiency
      1. Components
      2. Data sources
      3. Consumption
    4. Summary
  15. Chapter 7: Working with Containers in Azure
    1. Understanding cloud-native applications
    2. Understanding the difference between virtual machines and containers
      1. Terminology
    3. Azure Container Instances
    4. Working with Azure Container Instances
      1. Creating the Azure Container Registry instance
      2. Pushing a container image to ACR
      3. Creating an Azure Container Instance
      4. Deploying Azure Container Instance for web app
    5. Creating Azure Container Apps
    6. Summary
    7. Further reading
  16. Chapter 8: Understanding Networking in Azure
    1. Connectivity in Azure
      1. Design considerations for VNets
      2. Exercise 1 – design and implement a virtual network in Azure
      3. Enabling cross-virtual-network connectivity
      4. Using service chaining to direct traffic to a gateway
      5. The hub-spoke network topology in Azure
      6. Azure virtual NAT
    2. Hybrid networking
      1. Azure VPN Gateway
      2. Site-to-site VPN connections
      3. Point-to-site VPN connections
      4. Azure Virtual WAN
      5. ExpressRoute
      6. Decision tree on network topology
    3. Load balancing
      1. Load balancing non-HTTP(S) traffic
      2. Load balancing HTTP(S) traffic
    4. Network security
      1. Azure DDoS protection
      2. Azure Firewall
      3. Exercise 2 – Azure Firewall – implement secure network access using the Bicep language
      4. Azure WAF
    5. Summary
  17. Chapter 9: Securing Access to Your Applications
    1. Technical requirements
    2. Designing for security
    3. Securing traffic
      1. SQL database firewalls
      2. Web application VNet integration
      3. Azure Firewall
      4. Application Gateway
      5. Azure Front Door
      6. What to use and when?
      7. Configuring network-level security
      8. Testing and securing the app
      9. Creating an Azure application gateway
    4. Securing keys and secrets
    5. Using managed identities
    6. Summary
  18. Part 3 – Making the Most of Infrastructure-as-Code for Azure
  19. Chapter 10: Governance in Azure – Components and Services
    1. Planning a comprehensive cloud governance strategy
    2. Understanding Azure governance
    3. Azure governance – components and services
      1. Management groups
      2. Azure Policy
      3. Azure Blueprints
      4. Azure Resource Graph
    4. Microsoft Cost Management
      1. Microsoft Cost Management components
    5. Summary
  20. Chapter 11: Building Solutions in Azure Using the Bicep Language
    1. Unlocking the benefits of IaC with Azure Resource Manager
    2. Authoring Bicep files
    3. Bicep file structure
      1. Working with parameters
      2. Parameter data types
      3. Bicep modules
      4. Previewing Azure deployment changes using what-if
    4. Summary
  21. Chapter 12: Using Azure Pipelines to Build Your Infrastructure in Azure
    1. Understanding the relationship between continuous integration, continuous delivery, and pipelines
    2. Understanding Azure Pipelines
    3. Configuring Azure DevOps
    4. Configuring Azure Repos
      1. Importing a repository into Azure Repos
    5. Configuring a build pipeline in Azure DevOps using the Classic Editor
    6. Configuring a release pipeline in Azure DevOps using the Classic Editor
    7. Configuring Azure Pipelines with YAML
    8. Summary
  22. Chapter 13: Continuous Integration and Deployment in Azure DevOps
    1. DevOps transformation – achieving reliable and efficient software development through CI and CD practices
    2. CI in Azure DevOps using the Classic Editor
    3. CD in Azure DevOps
    4. CI/CD baseline architecture using Azure Pipelines
    5. Building a multistage YAML pipeline
      1. Configuring a new project in Azure DevOps
      2. Configuring CI/CD pipelines with YAML
    6. Summary
  23. Chapter 14: Tips from the Field
    1. Azure governance
    2. Azure monitoring
    3. Identity management and protection
    4. Azure networking
    5. Azure containers
    6. Summary
  24. Index
    1. Why subscribe?
  25. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts
    3. Download a free PDF copy of this book

Product information

  • Title: Azure Architecture Explained
  • Author(s): David Rendón, Brett Hargreaves
  • Release date: September 2023
  • Publisher(s): Packt Publishing
  • ISBN: 9781837634811