Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond

Book description

Master the Microsoft Azure platform and prepare for the AZ-304 certification exam by learning the key concepts needed to identify key stakeholder requirements and translate these into robust solutions

Key Features

  • Build secure and scalable solutions on the Microsoft Azure platform
  • Learn how to design solutions that are compliant with customer requirements
  • Work with real-world scenarios to become a successful Azure architect, and prepare for the AZ-304 exam

Book Description

The AZ-304 exam tests an architect's ability to design scalable, reliable, and secure solutions in Azure based on customer requirements. Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond offers complete, up-to-date coverage of the AZ-304 exam content to help you prepare for it confidently, pass the exam first time, and get ready for real-world challenges.

This book will help you to investigate the need for good architectural practices and discover how they address common concerns for cloud-based solutions. You will work through the CloudStack, from identity and access through to infrastructure (IaaS), data, applications, and serverless (PaaS). As you make progress, you will delve into operations including monitoring, resilience, scalability, and disaster recovery. Finally, you'll gain a clear understanding of how these operations fit into the real world with the help of full scenario-based examples throughout the book.

By the end of this Azure book, you'll have covered everything you need to pass the AZ-304 certification exam and have a handy desktop reference guide.

What you will learn

  • Understand the role of architecture in the cloud
  • Ensure security through identity, authorization, and governance
  • Find out how to use infrastructure components such as compute, containerization, networking, and storage accounts
  • Design scalable applications and databases using web apps, functions, messaging, SQL, and Cosmos DB
  • Maintain operational health through monitoring, alerting, and backups
  • Discover how to create repeatable and reliable automated deployments
  • Understand customer requirements and respond to their changing needs

Who this book is for

This book is for Azure Solution Architects who advise stakeholders and help translate business requirements into secure, scalable, and reliable solutions. Junior architects looking to advance their skills in the Cloud will also benefit from this book. Experience with the Azure platform is expected, and a general understanding of development patterns will be advantageous.

Publisher resources

Download Example Code

Table of contents

  1. Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond
  2. Contributors
  3. About the author
  4. About the reviewers
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the example code files
    5. Download the color images
    6. Conventions used
    7. Get in touch
    8. Reviews
  6. Section 1: Exploring Modern Architecture
  7. Chapter 1: Architecture for the Cloud
    1. Introducing architecture
    2. Exploring the transition from monolithic to microservices
      1. Mainframe computing
      2. Personal computing
      3. Virtualization
      4. Web apps, mobile apps, and APIs
      5. Cloud computing
    3. Migrating to the cloud from on-premises
    4. Understanding infrastructure and platform services
      1. IaaS
      2. PaaS
    5. Moving from Waterfall to Agile projects
      1. Waterfall
      2. Agile
      3. IaC
    6. Summary
  8. Chapter 2: Principles of Modern Architecture
    1. Architecting for security
      1. Knowing the enemy
      2. How do they hack?
      3. Defining your strategy
      4. Networking and firewalls
      5. Identity management
      6. Patching
      7. Application code
      8. Data encryption
      9. Defense-in-Depth
      10. User education
    2. Architecting for resilience and business continuity
      1. Defining requirements
      2. Using architectural best practices
      3. Testing and disaster recovery plans
    3. Architecting for performance
    4. Architecting for deployment
    5. Architecting for monitoring and operations
      1. Monitoring for security
      2. Monitoring for resilience
      3. Monitoring for performance
      4. Network monitoring
      5. Monitoring for DevOps and applications
    6. Summary
    7. Further reading
  9. Section 2: Identity and Security
  10. Chapter 3: Understanding User Authentication
    1. Differentiating authentication from authorization
    2. Introducing Azure AD
      1. Why AD?
      2. Azure AD versus AD DS
      3. Azure tenants
      4. Azure AD editions
    3. Integrating AD
      1. Cloud native
      2. Azure AD Connect
      3. Password Hash Synchronization
      4. Azure AD PTA
      5. Password Writeback
      6. Seamless SSO
      7. Federated authentication
      8. Azure AD Connect Health
    4. Understanding conditional access, MFA and security defaults
      1. MFA
      2. Security Defaults
      3. Understanding and setting up CA
    5. Using external identities
      1. Multi-tenancy
      2. Consumer applications – B2C
      3. External user collaboration – B2B
    6. Summary
    7. Exam scenario
  11. Chapter 4: Managing User Authorization
    1. Technical requirements
    2. Understanding Azure roles
      1. Classic roles
      2. Azure roles
      3. Azure AD roles
    3. Managing users with hierarchies
      1. Management groups, subscriptions, and resource groups
    4. Controlling access with PIM
      1. Activating PIM
      2. Just-In-Time elevated access
    5. Managing risk with Identity Protection
      1. User risk
      2. Sign-in risk
    6. Summary
    7. Exam solution
  12. Chapter 5: Ensuring Platform Governance
    1. Technical requirements
    2. Applying tagging
      1. Adding tags manually
      2. Managing tags through Azure PowerShell
      3. Managing tags in ARM templates
      4. Using tags
    3. Understanding Azure policies
      1. Using policies and initiatives
      2. Policy structure
      3. Creating a policy and initiative definition
      4. Assigning an initiative
      5. Viewing the compliance dashboard
      6. Creating a remediation task
      7. Using virtual machine guest configurations
      8. Best practices
    4. Using Azure Blueprints
      1. Creating a blueprint definition
      2. Publishing and assigning a blueprint
    5. Summary
    6. Exam scenario
    7. Further reading
  13. Chapter 6: Building Application Security
    1. Technical requirements
    2. Introducing Azure Key Vault
      1. Creating a key vault
      2. Managing Key Vault secrets
      3. Using Key Vault keys
      4. Using Key Vault certificates
      5. Access policies
    3. Working with security principals
      1. Creating the service principal
      2. Setting the access policy
      3. Creating the web app
      4. Integrating applications into Azure Active Directory
      5. Deploying a web app
      6. Enabling AD integration
    4. Using managed identities
      1. Assigning a managed identity
      2. Using managed identities in web apps
    5. Summary
    6. Exam Scenario
    7. Further reading
  14. Section 3: Infrastructure and Storage Components
  15. Chapter 7: Designing Compute Solutions
    1. Technical requirements
    2. Understanding different types of compute
      1. Comparing compute options
    3. Automating virtual machine management
    4. Architecting for containerization and Kubernetes
      1. Containerization
      2. Azure Kubernetes Service
      3. Pods
    5. Summary
    6. Exam scenario
    7. Further reading
  16. Chapter 8: Network Connectivity and Security
    1. Technical requirements
    2. Understanding Azure networking options
    3. Understanding IP addressing and DNS in Azure
      1. Understanding subnets and subnet masks
      2. Public IP addresses
      3. Private IP addresses
      4. Azure DNS
      5. Azure private DNS zones
      6. Azure public DNS zones
    4. Implementing network security
      1. Network Security Groups
      2. Application Security Groups
      3. Azure Firewall
      4. Service endpoints
      5. Private endpoint connections
    5. Connectivity
      1. VNET peering
      2. VPN gateways
      3. ExpressRoute
      4. Routing
    6. Load balancing and advanced traffic routing
      1. Azure Load Balancer
      2. Azure Traffic Manager
      3. Application Gateway
      4. Azure Front Door
      5. Choosing the right options
    7. Summary
    8. Exam scenario
    9. Further reading
  17. Chapter 9: Exploring Storage Solutions
    1. Technical requirements
    2. Understanding storage types
      1. Azure Storage accounts
      2. Data classification
      3. Operational decisions
      4. VM disks
    3. Designing storage security
      1. Network protection
      2. Authorization
      3. Encryption
      4. Auditing
    4. Using storage management tools
      1. Azure Storage REST APIs
      2. AzCopy
      3. Azure Storage Explorer
    5. Summary
    6. Exam scenario
    7. Further reading
  18. Chapter 10: Migrating Workloads to Azure
    1. Technical requirements
    2. Assessing on-premises systems
      1. The discovery phase
    3. Understanding migration options
    4. Migrating virtual machines and databases
      1. Migrating virtual machines
      2. Migrating databases
    5. Monitoring and optimizing your migration
      1. Azure Monitor
      2. Azure Cost Management
      3. Azure Advisor
    6. Summary
    7. Exam scenario
  19. Section 4: Applications and Databases
  20. Chapter 11: Comparing Application Components
    1. Technical requirements
    2. Working with web applications
      1. Using deployment slots
      2. App services VNet Integration
    3. Managing APIs with Azure API Gateway
      1. Using API policies
      2. Securing your APIs with subscription keys
      3. Client certificates
      4. OAuth 2.0 and OpenID Connect
    4. Understanding microservices
    5. Using messaging and events
      1. Azure Event Grid
      2. Event Hubs
      3. Storage queues
      4. Azure Service Bus
    6. Summary
    7. Exam scenario
    8. Further reading
  21. Chapter 12: Creating Scalable and Secure Databases
    1. Technical requirements
    2. Selecting a database platform
      1. Understanding SQL databases
      2. NoSQL databases
    3. Understanding database service tiers
      1. SQL Database tiers
    4. Designing scalable databases
      1. Using read replicas
      2. Using database sharding
    5. Securing databases with encryption
    6. Summary
    7. Exam scenario
    8. Further reading
  22. Chapter 13: Options for Data Integration
    1. Technical requirements
    2. Understanding data flows
    3. Comparing integration tools
      1. ADLS Gen2
      2. Azure Data Factory
    4. Exploring data analytics
      1. Azure Databricks
      2. Azure Synapse Analytics
      3. Putting it all together
    5. Summary
    6. Exam scenario
    7. Further reading
  23. Chapter 14: High Availability and Redundancy Concepts
    1. Technical requirements
    2. Understanding virtual machine availability
      1. Fault domains and update domains
      2. Availability Zones
      3. Azure virtual machine scale sets
    3. Understanding Azure storage resiliency options
    4. Understanding SQL database availability
    5. Understanding Cosmos DB availability
      1. Consistency levels
    6. Summary
    7. Exam scenario
    8. Further reading
  24. Section 5: Operations and Monitoring
  25. Chapter 15: Designing for Logging and Monitoring
    1. Technical requirements
    2. Understanding logs and storage options
      1. Understanding data types and sources
      2. Understanding log use cases
      3. VM logging and monitoring
      4. Understanding deployment options
    3. Exploring monitoring tools
      1. Activity logs
      2. Azure Metrics
      3. Azure alerts
      4. Log Analytics workspaces
    4. Understanding security and compliance
      1. Azure Security Center
      2. Azure Defender
      3. Azure Sentinel
    5. Using cost management and reporting
    6. Summary
    7. Exam scenario
    8. Further reading
  26. Chapter 16: Developing Business Continuity
    1. Technical requirements
    2. Understanding recovery solutions
      1. Understanding the Recovery Time Objective (RTO)
      2. Understanding the Recovery Point Objective (RPO)
      3. Understanding Azure Backup options
    3. Planning for Azure Backup
      1. Understanding backup policies
    4. Planning for Site Recovery
      1. Understanding recovery plans
    5. Planning for database backups
      1. Understanding Azure SQL backups
      2. Understanding Cosmos DB backups
    6. Understanding the data archiving options
    7. Summary
    8. Exam scenario
    9. Further reading
  27. Chapter 17: Scripted Deployments and DevOps Automation
    1. Technical requirements
    2. Exploring provisioning options
    3. Looking at the Azure REST API
    4. Choosing between PowerShell and the Azure CLI
      1. Signing in to Azure
      2. Selecting a subscription
      3. Listing resource groups
    5. Understanding ARM templates
    6. Looking at Azure DevOps
      1. Azure Repos
      2. Azure Pipelines
      3. Azure Artifacts
    7. Summary
    8. Exam scenario
    9. Further reading
  28. Section 6: Beyond the Exam
  29. Chapter 18: Engaging with Real-World Customers
    1. Working with customers
      1. Who are my stakeholders?
      2. Gathering requirements
    2. Exploring common goals
      1. Understanding costs
      2. Understanding operational requirements
      3. Understanding performance requirements
      4. Understanding reliability requirements
      5. Understanding security requirements
    3. Mapping requirements
    4. Getting feedback
    5. Summary
    6. Further reading
  30. Chapter 19: Enterprise Design Considerations
    1. Understanding your customer
      1. Looking at process differences
      2. Understanding governance, risk, and security
    2. Optimizing costs
    3. Creating landing zones
      1. Identity
      2. Network topology
      3. Governance
      4. Disaster recovery and backup
      5. Monitoring and operations
    4. Building with continual iteration
    5. Summary
    6. Further reading
  31. Mock Exam
  32. Mock Answers
  33. Assessments
    1. Chapter 3
    2. Chapter 4
    3. Chapter 5
    4. Chapter 6
    5. Chapter 7
    6. Chapter 8
    7. Chapter 9
    8. Chapter 10
    9. Chapter 11
    10. Chapter 12
    11. Chapter 13
    12. Chapter 14
    13. Chapter 15
    14. Chapter 16
    15. Chapter 17
    16. Why subscribe?
  34. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Leave a review - let other readers know what you think

Product information

  • Title: Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond
  • Author(s): Brett Hargreaves
  • Release date: July 2021
  • Publisher(s): Packt Publishing
  • ISBN: 9781800566934