Transcript for:
Azure Fundamentals (AZ-900) Course

hey it's Andrew Brown your favorite Cloud instructor over here on free Camp bringing you another free Cloud certification study course and this time it's the Azure fundamentals also known as the a900 and the way we're going to achieve Microsoft certification is by watching those lecture videos doing those Hands-On labs and as always I'm going to provide you a free practice exam so you can go get that certification putting your resume uh putting on your LinkedIn and go uh get that a cloud roll you've been looking to get if you love these kinds of uh Cloud certification study courses the best way to support more free courses just like this one is to purchase the paid optional materials it's going to help you uh increase your odds of passing the exam and it just helps the production of these courses um and if you don't know me I'm Andrew Brown and I've taught a lot of different Cloud certification study courses here uh we've done adabs Azure gcp kubernetes terraform you name it I've taught it uh but that's about it let's go ahead and learn some Azure and I'll see you soon ciao hey this is Andre Brown and welcome to the Microsoft Azure fundamentals and we're asking the most important question uh first which is what is this certification well uh the Azure fundamentals is the entrylevel cloud certification for Microsoft Azure or Azure uh and you'll see me alternate between those uh pronunciations they're both accepted so whichever you prefer um there is no prerequisite for this certification uh but you should probably have a little bit of it experience but if you don't it's totally fine if you're totally new to Cloud you still be okay here uh the key topics that we are covering is understanding the basics of cloud computing exploring the benefits of using cloud services uh and looking at those core Services the those being Computing networking storage and databases understanding identity security governance so you know one example for identity would would be entra ID previously known as Azure ad something you'll hear again and again through all the uh Microsoft certification courses um understanding how pricing Works things like subscriptions uh and cost management tools and uh learning about the tools available for managing Azure resources uh such as Azure portal or the SDK or the CLI and things like that uh Microsoft Azure is the second leading cloud service provider in the world the first being AWS but uh let that not uh discourage you because Azure is still an extremely uh great uh cloud service uh to use and um it's used quite a lot so Azure fundamentals is a very common starting point for people breaking the cloud U similar to the ads Cloud practitioner so both are really great entries uh into Cloud who's the certification for well consider this uh fundamental certification if you're new to cloud and you want to learn the fundamentals and benefits adopting cloud services in general you are from a non-technical background such as an executive management or sales level and you need to acquire strategic information about uh Cloud for adoption or migration you want to understand the capabilities of azure and how to build basic Solutions and deploy cloud services in your organization very very basic but I mean the the objective of these fundamental certifications is not to really teach you how to build Cloud workloads um that is more at associate level but we'll talk about that later on uh or you're a senior Cloud engineer or solution architect or or Cloud architect who needs a reset or refresh their knowledge after working with Azure for multiple years but maybe you didn't notice some things change so it's a great uh revisit to get an idea of what is going on here so what is the value of the certification well the fundamentals is uh provides the most expensive view possible for um Cloud architecture and Azure uh I like to say this is going to provide you a bird's eyee view or the 50,000 foot view so we're going to cover a lot of stuff uh but it's not going to be uh as detailed as you would imagine but uh the idea here is to promote big picture thinking zooming out and assessing the cloud and Azure landscape for changes Trends opportunities uh and being strategic about the approach and process for our Cloud Journey okay um the Azure fundamentals is not a difficult exam it will not validate that you can build Cloud workloads um for technical roles such as developer engineer devops it's not going to be enough to obtain those roles but it it's possible that it could short list your resume for interview um the exam covers content not found in other certifications so strongly recommend that you take this as your foundational certification a lot of people like to skip fundamentals because they they think that they're easy yes the certification easy but the exam content has a lot of stuff in it especially mine because I pack in a ton of stuff that I just I'm not going to put it the next level because I'm going to assume that you taking this course and getting all that knowledge there uh the a900 00 lays a a gr foundation for Specialized or specialization for Azure certifications and is a stepping stone for professional de development in cloud services so definitely there is value in the a900 let's go take a look at the Azure road map and this is not all of the Asher certifications and Microsoft certifications they just have too many I cannot fit them all on screen here and um I think all the course codes are up to date but they're changing them all the time so uh it's possible that they might be incremented by some verions but the the entry we have the Azure fundamentals there are other fundamental certifications um we have the AI 900 which is for AI we have the dp900 which is for data uh we have the sc900 which is for security but again I don't have room for all that so I'm not showing them on here so I'm showing you the path that is commonly uh completed after taking the a900 so you have uh some associate certifications you have a couple expert certifications you have specialty certifications there's definitely more Associates there's definitely more Specialties but there's always the two Pros or experts I should say so getting my a handy pen out here very often what people go for after the fundamentals is the administrator the a104 this is the most common path uh for those that are going to their next step in their Azure journey and a lot of times people are going for that Solutions architect expert which is over here but before you do that you really want to go and grab that uh uh developer the a 204 these are the uh this is the the the most common strategy right here is uh these but of course it really depends on what you're doing if you're doing security you have the sc900 and then there's three different associate level security certifications uh if you are going after data that's a whole different track so it's going to really vary based on that but um again you know this is the most common track and even if you go uh do all of this and you want to do something else that's totally fine because this is going to lay a very very very strong Foundation uh and give you really good skills in Azure so how long does it take to study for this certification well if you're a beginner we're looking at about 30 hours and this is someone that's never written uh or used Azure or any cloud provider have never written any code or held a tech role technically the certification doesn't require you to code but I really want to make sure that I set you up really well because in Azure uh coding and scripting and that kind of stuff is way more important than any other cloud provider uh because you come across it a lot more and so I've stuck in a bunch of coding stuff and it is very challenging for beginners but I want to try to get you um best prepared as possible because when you go to the associate level with like the a104 it is so much more difficult so I made this much harder than it had to be to prepare you for the next level despite the exam okay so uh again 30 hours on that side if you're experienced uh then you're already working with that Azure or you maybe are you've worked in eight of us in gcp and you are trying to pick up Azure the it could be as little as 6 hours um so you know generally the study time is 24 hours and I would say it's split between uh lectures and labs and then you have your practice exams so just make sure that you put your time uh in with the practice exams practice exams are very very very very very important for Azure because Azure has all these different question types and we'll talk about that in a moment but yeah the recommend studies is 1 to two hours a day for 14 days take your time let it absorb uh you could finish it in a couple days but don't do that you know make sure that you are acquiring the knowledge for long term and the the best way to do that is to take your time uh and and not try to pass it in a weekend um what does it take to pass the examp well you got to watch those lecture videos you got to do those Hands-On labs and fall alongs within your own account uh strongly recommend that you do uh some paid online practice exam uh we give you a full free practice exam like a full set uh which is on our platform there we have a lot of practice exams you can get that at exampro doco a900 and really helps support the course here uh where do you take the exam well you're going to either take it in person at a test center or the convenience of your home um and uh so I would just say just a second here sorry about that b is knocking on my door door beo is the other Andrew uh who you you'll hear me talk about uh bo a bit throughout the course but uh he's the other person that works with me that's never on camera you never see him but um he helps uh do a lot of the work over here uh with uh the platform and um creating the content but anyway so Azure uh delivers exams via I got to reclick here um and the click's not working there we go uh Pearson view uh is the proctoring system that Microsoft uses in the past there used to be a bunch of ones there's Criterion uh which Google used to use Google Cloud there's PSI online which um adab us like to use but for whatever reason both um adabs and um Microsoft exclusively only use Pearson view now and I think um gcp is now using PSI online and everyone else uses PSI um for whatever reason but yeah you have to use Pearson View and you can do it online or Pearson view has a uh a network of test centers that uh you can go to in person personally I recommend that you go in person if you can because if there is a test center near you the whole environment is controlled it's going to be a lot less stressful whereas if you do it from home uh you know if you have family or you have uh the least ideal place to uh set up uh because you have to have a non-cluttered room and they have to inspect your room and things can go wrong so I'm just saying if you have that opportunity to go to an iners inperson test center Center leverage that if you can't that's okay do what works for you but understand that these certifications are proctored uh so uh when you go sit that exam there is someone who is monitoring you to make sure that you are not cheating um in terms of the content outline there is three domains I think there used to be more but they grouped them into three I'm not sure why uh each domain has its own waiting and and that determines how many questions in a domain will show up so we'll look take a look there something that's really interesting about Azure exam is that they um they don't give you the same amount of questions uh per person so they'll give you like you like you might sit the exam and get 35 and your friend might get 40 so I had to give ranges here in terms of um uh the the percentage that will appear on your exam so we have describing Cloud Concepts which is 25 to 30% so you're going to get about 13 to 15 questions describe Azure architecture and services that's 35 to 40% that is the majority of uh the certification most fundamentals is about learning all the services uh that the cloud service provider is providing then we have describe Azure management and governance so that's uh 30 to 35% with 14 to 16 uh 16 questions there is uh subdomains under each of these so of course security is in there and all those other things are in there but we'll have to open up the exam guide uh to see that okay so um again you know just pointing out that that domain 2 is the largest one there so make sure that we we're going to make sure that we know a wide range of azure services but we're also going to make sure we know in depth a a bit more about those core Services let's talk about grading you got to get 700 points out of a th000 so um that's about 70% we say around because Azure uses skilled scoring meaning that it doesn't necessarily mean you get 70% and you pass um you could technically pass with 71% or sorry fail with 71% but you could also technically pass with 69% so just understand it's not based on percentage it's based on a point system in terms of what kind of questions you'll be getting well first let's talk about the range of questions but you can get between 35 to 50 I us say 37 to 37 to 50 um it's confusing because I don't know how they determine how many you get uh when I sat my exam I got about 35 questions some people get more uh it's really really tricky to to nail that down there so you know we say about 10 to 14 questions you have you can afford to get wrong there are no penalty for wrong questions so absolutely uh always fill in the answers in terms of formatting questions uh we have multiple choice multiple answer drag and drop yes and no I do need to point out that uh when you go and take uh associate level and expert level certifications with Microsoft they have way more um question types and uh just to help prepare you uh for that level of difficulty and it doesn't appear in these exams but in our practice exams we try to put in uh case studies so case studies is a much more advanced um exam type question and you know I really feel that we need to do that because if we don't uh you're going to feel like you're ready for the AZ 104 and you're going to get totally blindsided because again the difficulty ramp is super hard so again we're increasing the difficulty for your benefit uh so if you feel like uh this course is hard that's good because it's going to make the next one really really easy for you uh in terms of duration apparently it's 45 minutes I cannot remember how long it was when I sat it uh and when you search the internet it's very difficult to determine that number uh Microsoft does not make it easy to find out that number you think that they would other cloud service providers their certification exams they tell you right on the same page good luck finding it on azure but uh 45 minutes would still leave us with about one minute per time again it depends if you get the 35 questions or 45 questions so we're going to have to say about a minute uh so we'll say the exam time is 45 minutes uh some people say the seat time is 60 to 65 minutes when we say SE time we we're talking about the time you should allocate for the exam that includes things like time to review instructions read and accept the NDA complete the exam provide the feedback at the end now personally I think that the seat time should always be 30 minutes on top of whatever that is so if it's 45 minutes it really would be um 75 minutes or 70 minutes or something like that so uh you know anyway if you got a 45 minute exam show up 30 minutes or 35 minutes earlier because if you're checking in especially online you got to uh pull out your uh government ID you got to make sure the lighting is right and then it scans it in if things go wrong uh you know it's going to cut in your time so give yourself ample time and don't get stressed out um uh for that okay so these certifications are uh for Microsoft are valid Forever This is specific for fundamental certifications so if you take the um any one that has 900 in the name so a900 dp900 AI 900 sc900 PL 900 ms9900 you get in the pattern here if it says 900 in the name it's a fundamentals those certifications do not expire um and so I just want to make that very very very clear um for the other levels like associ expert um I think it's two years it's either two or three years but uh the interesting thing is that if you want to get recertified um you don't have to pay to take the exam again you can take a simpler test to U make sure that your knowledge is up to date and I think it's free so uh that's a great advantage that Microsoft has at the associate and expert level specialty level but uh yeah there we go and I'll see you in the next [Music] one all right so I went on to the internet and I searched for a900 and we've ended up on the learn. microsoft.com the reason I want to show you this page is to uh get more familiar with where we actually get the information um so that you can read up about about it if we didn't answer everything or if anything has changed um but it's good good good to be familiar with these pages so once you're here here uh on the a900 um what they'll have down below here is the study guide now the study guide used to be in a PDF format and for whatever reason Azure has just made it a website with all the other study guides here I really don't like this format um I find that it's very hard to find uh information and to read it I really prefer the old PDF but that's never coming back or if it is it's somewhere else and I don't know where it is but what we can see over here um is the actual breakdown so so we have Cloud Concepts and so we think see things like defining cloud computing share responsibility model the um different uh deployments of cloud um and a bunch of other stuff here um you can see describing the cloud service types now at one point they actually removed this and now it's back so that's really interesting I don't know why they ever removed it to begin with but it's good to see that that is uh returning we have uh I call This Global uh infrastructure or uh and uh cloud networking so they call this core Architectural Components which I suppose some of these things are but this is more like a billing thing and this is more Global infrastructure then we have Azure comput and networking services so we're recovering virtual machines functions skill sets availability sets uh Azure virtual desktop now we don't have to do all these things um and we aren't going to do all these things because some of these things are really hard like Azure virtual desktop is not an easy task but we need to know what they are we are going to launch a virtual machine uh and uh play around with that a little bit we are going to launch an Azure function um then we have storage services so we do a lot with Azure uh storage because it is uh cheap and easy to use uh then we need to know how to perform different operations with Azure um Azure storage there then we have Azure identity access and security so um again this is a subcategory under here or subdomain so we need to know a bunch of things about security I'm just going to tell you that some of the content is going to say Azure ID some of it's going to say Microsoft Entre ID um Microsoft for some crazy reason decided to change the name of azure ad even though everybody was fine with it it confuses uh myself and Boo and everyone else to this day so just understand that some of it's Azure ID some of it's Microsoft entra ID but this is this is really what's going to be going forward okay we have described cost Management in Azure so that uh that's TCO so more pricing stuff here um a Azure purview Azure policy we have the Azure portal which is just the platform which we use everything Azure Arc which uh I guess it's okay to know uh we actually do a lot of interesting coding here so I show you how to do IC with um arm templates and Azure bicep and terraform uh so that stuff's fun there we look at uh monitoring tools so we look at Azure service Health Azure advisor all sorts of fun stuff now there could be other stuff that appears exam that's uh uh not on here and so we just do a very thorough job to show you uh basically everything and just to kind of round out your knowledge but again it's very difficult to um to find all the details like the time of the exam and the amount of questions they really just do not make this easily available here if anyone finds it please tell me because I sure can't find it and uh the only way I know is by Sting the exam and I have to remember those details afterwards they do show what kind of changes that they make um so they're always making teeny tiny changes but try not to worry about that too much because we do ensure to include a lot of stuff here and this exam is up to date and and and the fresh and as fresh as it can be as of this recording but you know I find that even two years out people are passing uh like people are passing the the current exam with the old the old one um which is which is really interesting so it just shows you that not much changes on those exams okay but anyway that's that another thing I want to show you is the exam s sandbox so this uh emulates the Pearson view uh kind of experience and it'll just show you some of the question formats now uh we are under here for the a900 and it might show us more exam types than what we'll actually see on the exam so go here this just has 10 questions it's going to just show us all the types so here we have multiple choice then we have multiple select I'm not looking at what the correct answers are or reading any of it I'm just showing you here I believe that we drag these into these areas here so that's this one then this one is your answer area and you're bringing them over and then you're trying to uh determine the order so you're changing the order here then this one's an answer area so we go here and it's just an image and this is draggable we have this one here so we look at this graphic and we try to match it based on this information we read it very clearly this one here um uh what is this for a hot area so hot area is you have a Graphic very similar to that other one but you click it it's almost like you're kind of interacting with it but you're not it's just an image then we have a case study so this is something that we absolutely absolutely give you in our platform and you will not see this on your exam but we give you this exam question type anyway because it's super important uh to get that kind of experience you notice this one's a little bit more uh robust in terms of the information and so there are other things um yeah another thing with case studies is when you do a case study you basically get a series of questions around this case study right and it went to the next part and it's kind of like a mini exam inside the mini exam I'll show you case studies in another video so I know I'm going really quick there but uh we'll come back to that then sometimes you have uh these additional tabs so this is kind of like a minic case study for just a particular question but they might say hey uh check out the exhibit and you have to look at the exhibit come back and then answer the question so there's that and then sometimes there's multiple exhibits so yeah but uh yeah there you go so that is the um the sandbox there so hopefully that gives you a good idea the price might vary based on where you live so if we go to Canada I'm not sure what the price is in Canada so we go here and it still shows $199 USD we go somewhere else does it ever show a different price sometimes it does okay for some reason Canada gets a bad price but uh some other places do a little bit better so understand that that price is going to fluctuate based on where you live um yeah hopefully that gives you an idea of the uh exam and we'll see you in the next one okay ciao hey this is Andrew Brown from exam Pro and we are at the start of our journey asking the most important question first which is what is cloud computing so cloud computing is the practice of using a network of remote servers hosted on the internet to store manage and process data rather than a local server or personal computer and so when we're talking about on premise you own the servers you hire the IT people you pay or rent the real estate you take all the risks but with a cloud provider uh someone else owns the servers someone someone else hires the IT people someone else pays or rents the real estate and you are responsible for configuring cloud services and code and someone takes care of the rest of it for you okay so to understand cloud computing we need to look at the evolution of cloud hosting going all the way back to 1995 where if you wanted to host your website or web app you'd have to get a dedicated server so that would be one physical machine dedicated to a single business running a single project a site or an app and as you can imagine these are expensive because you have to uh buy outright the hardware have a place to store it the network connection having a person to maintain it um but it did give you a guarantee of high security um and they still do as of today so this model hasn't gone away but it's been specialized for a particular use case then came along the virtual private server so the idea is we still had one physical machine but now we were able to subdivide um our machine into submachines via virtualization and so essentially you're running a machine machine within a machine and so you had better utilization of that machine um running multiple web apps as opposed to having a physical machine per project so you got better utilization and isolation of resources and so uh these two options still required you to purchase a machine a dedicated machine and so that was still kind of expensive but then came along shared hosting and so if you remember uh the mid 2000s like with GoDaddy or HostGator or any of those sites where you had really cheap posting the idea is that you had this one physical machine shared by hundreds of businesses and the way this worked it relied on uh tenants underutilizing their resources so you know you wouldn't have a submachine in there but you'd have a folder with permissions that you could use um and so you would really share the cost and this was very very cheap um but you were limited to whatever that machine could do and you were very restricted in terms of the functionality you had and there was just poor isolation meaning that you know if one person decided to utilize a server more they could hang up all the all the websites on that single server then came along Cloud hosting and the idea is that you have um multiple physical machines that act as one system so this is distributed computing and so the system is abstracted into multiple cloud services and the idea is that you basically get the advantages of a lot of the things above so it's flexible you can just add more servers um it's scalable it's very secure because you get that uh virtual isol Iz ation you get it extremely at a low cost because you're sharing that cost with the users where in the shared hosting it might be hundreds of businesses we're looking at thousands of businesses and it was also highly configurable because it was a full virtual machine now uh Cloud actually uh still includes all of these types of Hosting they haven't gone away uh but it's just the idea that you now have more of a selection for your use case uh but hopefully that gives you an idea what cloud hosting looks like and it really has to come down to distributed computing okay [Music] hey this is Andrew Brown from exam Pro and we are looking at common cloud services so a cloud provider can have hundreds of cloud services are grouped uh into various types of services and the four most common types of cloud services for infrastructure as a service uh and we'll talk about what that is later on uh would be compute so this is where you have a virtual computer that can run applications programs and C uh code then you have storage so this is where you would have uh virtual hard drives that you could store files uh then you'd have virtual networking because you have these computers and storage so you need to uh put them in some kind of virtual Network and then you have databases so uh just imagine um a database that is running in the cloud or uh if you're not familiar with databases just imagine that it's excel in the cloud but it Powers your web apps uh and one thing I want you to know about the term cloud computing is that you even though it says Computing in the word uh at this point we just use it as a catall term so it could refer to all of these categories so when I say cloud computing I could be referring to compute network storage and databases but you can also say cloud storage Cloud compute Cloud databases Cloud networking and people will know what you [Music] mean hey this is Andrew Brown from exam Pro and we are looking at what is Microsoft so you've probably seen this logo before and and Microsoft is an American multinational computer technology corporation headquartered in Redmond uh Washington and Microsoft makes software phones tablets game consoles cloud services which is uh what we care about here today and they even have a search engine uh and we're not just limited to that list they have tons of stuff but Microsoft is best known for uh their oper operating system called windows and they've been around since the 1970s so uh they've been around for quite a while in the tech sphere uh so now that leads us to the question is what is azure so Azure is what Microsoft calls their cloud provider Service uh and so it's called Microsoft Azure or we commonly refer to it as just Azure uh and so here is the logo for it if you're wondering what is the name behind the service it means bright blue color of the cloudless sky so sure that's great um and so uh you'll hear me say cloud service provider frequently with throughout this course and it is abbreviated to CSP but that's what Azure is it is a cloud service provider so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at the benefits of cloud computing so what are the benefits well we have a big list here for you starting with cost Effectiveness so you pay for what you consume there is no upfront cost you pay as you go also abbreviated as P YG uh and you're sharing the cost with thousands of customers so that's how you're getting that uh that low low cost another benefit is that uh you can go Global so launch workloads anywhere in the world just choose your region um and uh you are now in the global market uh another benefit is uh the the cloud is secure so Cloud providers take care of the physical security and cloud services can be secur by default or you have the ability to configure access down to the granular level so you have a lot of security controls that you would have that you you would normally not have or you'd have to build out on pram now the cloud is also known for being reliable so you can have data backups disaster recovery and data replication and fault tolerance uh the cloud is also scalable you can increase or decrease your resources and services based on the demand uh the cloud is also elastic so you can automate scaling during spikes and and drop the demand when uh there is no longer the demand for that stuff uh and it's also current so the underlying Hardware in manage software is patch upgraded and replaced by the cloud provider without interruption to you uh and I mean the last one there is cases of interruption but generally fewer interruptions than you would have on Prem so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at the different types of cloud computing and we have this nice pyramid on the left hand side to help us understand um how each type builds off the other starting at the top of our pyramid we have software as a service also known as SAS and this is a product that is run and managed by the service provider you don't worry about how the service is maintained and it just works and remains available so you might not be aware of this but you probably already are using a SAS product so examples of that could be Salesforce or Gmail or Office 365 so those are those are things that would be considered SAS and these are really for customers so it's just you wanting to use uh software um like General software on your computer but in the cloud the next category we have is platform as a service abbreviated as pass and so here we focus on um development and management of your applications uh and so you don't worry about provisioning configuring or understanding the hardware or Os and this is really for people that are building apps but they don't but they don't think about any of the infrastructure underneath services like this would be elastic beanock on AWS or Roku which is very popular amongst um Junior developers which is a thirdparty service um for launching web apps and then you have uh the Google app engine so those are three examples there and these are really for developers so platform of service makes it easy for developers to uh build apps on the cloud without worrying about all the stuff underneath and at the bottom we have infrastructure as a service IAS um and this is the basic building blocks of cloud it so provide access to networking features computers and data storage space don't worry about the about it staff data centers and hardware and this is the true Focus focus of our course here is focusing on this layer but um the thing is again on this pyramid is that I um the infrastructure service can have platform as a service and software as service on top of it and so examples of infrastructure service would be Microsoft Azure uh AWS or even Oracle cloud and so this is really intended for administrators um so that is the three types of cloud computing and there you [Music] go hey this is this is Andrew Brown from exam Pro and we were looking at the types of cloud computing responsibility so we saw the three categories there um but we don't really understand what it is that we're responsible for and what is the cloud service provider responsible for so let's uh lay out our categories and we're going to include on premise uh into this because technically on- premise could be uh a private cloud and should be in the category here so we have on premise infrastructure is a service platform is a service and software is a service so when we're looking at applications um it's going to be the customers's responsibility um for on pram uh infrastructure pass but when we have software of service um the cloud service provider is responsible for that when looking at the data level it's going to be the same for software as of service uh the cloud service provider is going to be uh responsible but the for the rest it's going to be the customer and then on the next level for the runtime uh it's going to be uh responsible on the cloud service provider for the platform is a service and software is a service for middleware it's going to be the same for the OS like the operating system that is running on the service it's going to be the same then when we get to virtualization now it's uh the uh virtualization is responsible um with the cloud service provider and above and then for storage it's or sorry servers it's the same uh for storage it's the same and for networking it's the same so you can see that on premise you're responsible for everything and the the farther we move up the types of cloud computing the less respons responsibility you [Music] have hey this is Andrew Brown from exam Pro and we were looking at azure's deployment models and the first model we're going to talk about is public cloud and that's where everything is built on the cloud service provider you're not using anything on Prem or in your own data centers everything is running within Azure uh and generally this is known as Cloud native um but for some reason Azure calls it public Cloud so that's what we're going to use in the terminology here and so here I have an architectural diagram where we have a network uh on Azure and within that Network we have a virtual machine running and a database running so that would be an example of public Cloud then we have private cloud and so this is where everything is built on the company's data centers also known as on premise because it's within the premises of the organization uh like their physical location and uh it could an organiz organization could technically be operating their own cloud but it would be private cloud and they could be running some open-source Cloud software that mimics what um Azure would do such as open stack so it looks very similar uh but you just uh put an open stack in there and it's running a virtual machine or a server and it's also running a database and the last on our list here is hybrid so with hybrid uh you are using both on premise and the cloud service provider and they're connected together and so there's a lot of different networking services that you can use that will facilitate the connection between the two uh in this case we're using express route Express rout is a dedicated uh connection it's like having a fiber optic Line running from your on premise data center to the Azure Network so just one of the ways you can connect and if we wanted to understand like the pros and cons I have this nice little table here we'll just quickly go through it so if you're using public uh Cloud uh it's more cost effective security um it it's uh it sced controls are stronger by default but some people might not find the cloud will meet all their security requirements because of government and Regulatory um uh regulatory reasons not because the the cloud is not secure but it's just those uh those policies uh for level of configuration it's going to be limited based on what the cloud service provider exposes to you um still there's a lot of configuration there it's just that if you're if you have your own servers uh you obviously can do anything and everything with them for technical knowledge you don't need to have as much in-depth knowledge of the underlying infrastructure because you're not physically setting up uh or that networking everything else now coming down to private Cloud private cloud is the most expensive option on our list um so you're going to be paying uh a lot of money there uh for security uh there is no guarantee that is 100% secure because you just don't have the same kind of visibility that you would have with a cloud service provider with all those dashboards it's just so hard to build out all that software but you could meet your security compliance requirements um depending on your situation U but this is becoming uh less and less as um more governments and larger organizations move over to the cloud uh you can configure infrastructure exactly how you like because you literally have uh bought the hardware and can do anything you want with it uh and the technical knowledge you'll have to have a serious amount of technical knowledge you might even have a really hard time finding the resources to uh to maintain all that stuff then uh down below we have the hybrid model so this could be more cost- effective based on uh what you offload to the cloud and also the cost of actually moving data back and forth uh for security uh you know you have more to secure but uh technically uh some things are easier to secure on the cloud than it is in uh private so maybe you have a boost in security you're going to get the best of both worlds in terms of configuration uh and for technical knowledge you're going to need to know both the cloud and and uh like how to set things up on premise so that's the most work there and just one more deployment model here I just want to talk about cross Cloud this isn't something that is listed on the actual exam but it's something that you should understand and know and so cross cloud is when you're using multiple Cloud providers sometimes people refer this as multicloud or hybrid cloud and so I just have an example here so um uh there's a service called Azure Arc and what Azure Arc does it extends your control plane so you can run um containers kubernetes containers on different platforms and so you could have AWS on the left hand side with eks and gcp kubernetes engine and so you can be running virtual machines and they're all treated like they're on the same network so cross cloud is coming uh very popular with extremely large organizations where they they have uh very unique requirements but I I definitely want you to know what that is because it just gets left out uh and it's definitely something that is uh part of the industry so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at the concept of total cost of ownership tcco so what is the difference between on premise so having your own data centers and then using Azure and you'll notice above it it says KAC and Opex we're going to talk about that in the next slide but for the time for the time being we're going to focus on the total cost of ownership so to really make sense of this uh I always use this graphic here uh and if you're wondering what that is those are icebergs people sometimes think they look like teeth and so just to make this drawing a little bit more clear I've added some penguins and a whale so there's no mistaking it and the reason we're using this as a representation is because we have the top of the iceberg which are the cloths that we're generally concerned about but then we have those hidden cloths those CLS that we're not really think about that is underneath the water and if you know icebergs they can be really big underneath you don't know so um on the left hand side the cost that we generally think of is the software license fees uh and then uh for the cloud service provider we look at the subscription fees and so when you're comparing these two sometimes the subscription fees can cost more than the software license fees so you'd think well we should really just use uh um on Prem because it's more cost effective but when we Tak in the total cost of ownership all the costs involved we're going to see a very different picture so on the left hand side if you uh are on premise you have to deal with the implementation the configuration and the training but you also have to deal with the physical security of your building you have to pay for the hardware you have to pay for the IT personnel you have to uh deal with maintenance now on the right hand side on the cloud you still have to do implementation and configuration and training but that's about it so um there's a big difference in terms of what you have to do and you might ask okay well what is the amount of savings well generally people find that when they move from on Prem to the cloud they save 75% that's a lot of money okay 75% of what you generally would spend and so now all this stuff on the left- hand side is now azure's responsibility you don't take care of those anymore Azure is going to take care of it for you so that's total cost of [Music] ownership hey this is Andrew Brown from exam Pro and we are looking at Capital versus operational expenditure so on the Le hand side we have capex so Capital expenditures on the right hand side we have operational expenditures Opex and so looking on the left- hand side capital expenditure is spending money upfront on physical infrastructure so deducting the expenses from your tax bill over time a lot of companies larger companies are used to dealing with capital expenses and they know how to work their tax bill and so that's why a lot of people are afraid to move over the cloud because they're used to this uh this this way of operating but let's talk about some of the things that would be considered a capital expanse so again it's anything that's physical and then you're buying it with money UPF front so computers so that would be your server costs if you were to buy hard drives that' be your storage cost if you bought routers cables and switches for your network if you were uh purchasing things for backup and archive costs if you had disaster recovery so like an un uninterruptible power supply would be an example of that uh you have your data center cost so that's your rent cooling physical security your technical personnel so you're hiring people to to do things for you and so with capital expenses you have to guess upfront what you plan to spend um now let's look at operational expenditure so operational expenditure is the cost Associated when an on-premise data center has put has shifted that cost of the service provider so here in this case it's the cloud service provider and the customer only has to be concerned with nonphysical costs so what's examples of opec's cost well leasing software and customizing features training employ emplo in cloud services paying for cloud support um building based on the cloud metrics so compute usage and storage usage uh and the advantage here is that with operational expenses you can try a product or service without investing equipment so we have flexibility of uh investment and we also from the previous slide we saw that we have a huge reduction cost so there's two reasons really good reasons to use the [Music] cloud let's take a look at Cloud architecture terminologies before we do let's talk about some of the roles that are around uh doing Cloud architecture so the first is Solutions architect this is a role in a technical organization that Architects a technical solution using multiple systems via researching documentation and experimentation and then you have the cloud architect this is a Solutions architect that is focused solely on architecting Technical Solutions using cloud services understand that in the uh actual Marketplace a lot of times Solutions architect is used to describe both a cloud architect and a Solutions architect and you know these are going to highly vary based on your locality and how companies want to use these terms but this is just me broadly defining them here so just don't take them as a perfect word in terms of what they're representing so a cloud architect needs to understand the following terms and factors uh and Factor them into their designed architecture based on the business requirements so we have the idea of availability your ability to ensure service remains available scalability your ability to grow rapidly or unimpeded elasticity your ability to shrink and grow to meet the demand fault tolerance your ability to prevent a failure Disaster Recovery your ability to recover from a failure and there are a couple other things that uh that should be considered they're not terminologies but they're definitely important to a Solutions architector Cloud architect and uh these are things you always need to consider uh as well and this is just me talking to my Solutions architect friends where they'll always ask me these two questions after presentation they'll say how secure is the solution and how much is this going to cost all right and so for the terminologies up here we're going to Define these right away and we're going to figure these out throughout the course we have two giant sections just on cost and security alone uh so there we [Music] go hey this is Andrew Brown from exam Pro and we are looking at the concept of high availability so this is your ability for your service to remain available by ensuring there is no single point of failure or ensure a certain level of performance so here I have a technical architectural diagram that is describing High availability so the idea behind this is that if you have a server which runs your web application if you were to run redundant versions of your server if anything happened to a single server traffic could always be red to those other servers and that way your service would remain available now having multiple servers is great but even what's better is having multiple servers in multiple data centers because something could happen to a data center it could become unavailable of a networking issue so by being able to Route traffic or uh that way you're going to remain highly available and and uh running a workload across multiple availability zones and availability zones is what Azure calls their data centers ensures that if one or two data center becomes unavailable your service will remain available very very common to run uh at least three servers across three data centers now how would you distribute the traffic or manage the traffic to all three and that's where an Azure load bouncer comes into play that green triangle with the arrows that is the representation of a load bouncer so load balcer allows you to evenly distribute traffic to multiple servers in one or more data center and if a data center or server becomes unavailable so unhealthy the load balancer will rote the traffic to only available data centers with servers so there you go that is high [Music] availability hey this is Andrew Brown from exam Pro and we are looking at the concept of high scalability and this is your ability to increase your capacity based on the increasing demand of traffic memory and computing power if you are a growing company you're going to have to scale up you're going to have to get bigger and better servers but the uh there are different types of scaling and the first type is vertical scaling this is the the the most obvious one people are going to think of and it's called scaling up and what we do is we just upgrade to bigger servers we need bigger hard drives faster computers that's vertical scaling but there's another kind of kind of scaling called horizontal scaling and horizontal scaling is is described as scaling out and what you're doing is you're just adding additional servers because we saw with the high availability we have a load balcer we can distribute traffic to multiple servers and three servers can equal the same thing as one big server so um horizontal scaling is when we add more servers of the same [Music] size hey this is Andrew Brown from exam Pro and we're looking at the concept of High elasticity and this is your ability to automatically increase or decrease Your Capacity based on this the current uh demand of traffic memory and computing power so this sounds a lot like high scalability but the key difference is that it's automatic and you can decrease the demand not just increase it and so the way we would do that is that we would have a virtual uh virtual machine or server and if we needed more servers we would add more servers and if we need less servers we would remove less servers and so this is going to be accomplished using horizontal scaling so when we say we're scaling out this means we're adding more servers of the same size when we're scaling in this means we're removing more servers of the same size and generally you're not going to use vertical scaling for high elasticity it's just extremely difficult to um uh uh to vertically scale because if you H if you have to increase let's say your storage Drive um and then you decrease it you could lose data so it's not a good idea or or even feasible to do vertical scaling with high elasticity now how would you accomplish uh being elastic on Azure uh well You' use azure's VM scale set so scale sets automatically increase or decrease in the response to demand uh uh b or based on a defined schedule and we'll talk about those in Greater detail later in this course uh and then we have SQL Server uh or server stretch database these dynamically stretch warm and cold trans transactional data from Microsoft SQL Server 2016 to Microsoft Azure not something we're going to cover but it's generally the same concept that skill sets uh do so there you go that's high [Music] elasticity hey this is Andrew Brown from exam Pro and we're looking at the concept of being highly fa tolerant and this is your ability for your service to ensure there is no single point of failure preventing the chance of failure so when we looked at high availability we had also said that it was no point of failure but when we really talk about that we're really talking about being highly fault tolerant because there is the word failure in the word and that is what being fa tolerant is and so how do we prevent failure well we use the concept of failovers so failovers is when you have a plan to shift traffic to a redundant system in the case a primary system fails and so I have a Graphic here that represents um a primary database failing over to a secondary database and I have a bit of a description here so the idea is that we have um a copy of our production database we're going to call that a secondary system uh and the idea here is that every time something is ritten to our primary database it's going to be synced so it's going to be sent over to our secondary database so it's up to date with the latest database and then if uh the primary database uh happens to fail for whatever reason whether it's Hardware or otherwise something's going to detect that there's something wrong with the primary and it's going to fail over to the secondary and the secondary is going to be promoted to being the primary instance and the key thing to understand is that that that secondary is standby it's not in actual use uh it's only in use when the failover occurs so what would you use an Azure to uh build out a highly fa tolerant system that's where aure traffic manager comes into play um so with this uh and this works with a DNS level um and so the idea here is that you can uh fail over from a primary system of the DNS level to a standby this is really great if you have Regional failures you could probably also use a load balancer but this is the case that I'm showing here but there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at the concept of high durability so this is your ability to recover from a disaster and to prevent the loss of data um so this could be solution that recover from a disaster is known as Disaster Recovery Dr uh and so I'm just going to ask you a bunch of questions to help you think about how how to be highly durable so one question would be like do you have a backup so do you have a backup in place how fast can you restore your backup does your backup still work how how do you ensure Uh current live data is not corrupt so that is the concept of high durability there's a variety of services to implement it so it's not just a single service um but there you go that is is the full list of cloud architecture [Music] terminologies so to understand Disaster Recovery we need to know more about uh things around it like business continuity plans BCPS and RTO and rpos so a BCP is a document that outlines how a business will continue operating during an unplanned disruption in services so it's basically the plan that you're going to execute uh if that happens and so here we have a disaster and you can see that there's a chance of data loss and downtime and these two um uh factors as RPO and RTO are going to define the length of these durations so recovery Point objective is the maximum acceptable amount of data loss after an unplanned data loss incident Express this amount of time so how much data are you willing to lose and then recovery time objective so the maximum amount of downtime your business can tolerate without inuring a significant financial loss so how much time you're willing to go go down okay so those are the two there and now let's go take a look at the disaster recovery options that we can use to define in our our [Music] BCP so now let's take a look at our disaster recovery options uh and based on what you choose they're going to be a trade of cost versus time to recover based on the rpos your RTO of course and so sometimes this is rep represented vertically like a a thermostat or you can do it horizontally here um both valid ways of displaying this information but I just have it horizontally here today and so we have low or high or you could say um even though I don't have it written here this could be cold or this could be hot okay so um on the left hand side we got backup and restore pilot light warm standby multiactive sight notice we're using the like the words like pilot light warm things that are relating to temperature so again cold and hot all right so let's just walk through what each of these things as conceptually do uh in terms of architecture so when you're doing a backup and restore you're back you basically back up your data and uh at the time of Disaster Recovery you're just going to restore it to New infrastructure uh for a pilot light the data is replicated to another region with the minimal Services running to keep on replicating that data and so you might have some core Services running a warm standby is a scaled down copy of your infrastructure so you basically have everything that you would absolutely need to run an application but the idea is it's not at scale and so at any time when there's an incident you're going to scale up to the capacity that you need and then you have multi-site active active where you you have a scaled up copy of your infrastructure in another region so basically everything you have identically in another region and so in terms of the rpos and the rtos for back and restore you're looking at hours uh with the pilot light you're looking at 10 minutes with a warm standby you're looking at minutes and multi sight uh active active you're looking at uh real time so you know hopefully that gives you an idea of you know the the difference in terms of scale but let's just look at more detail so for a backup and restore this is for low priority use cases restore data after events deploy resources after an event and it's very cost effective uh for pilot light this is where you have less stringent RTO and rpos so you're going to be just running your core Services uh you're going to start and scale resources after the event and this is a little bit more expensive this is uh very good for warm standby is good for business critical services so you scale resources after the event uh and it's uh almost very it's very it's costly but it's not as expensive as a multi-site active active so you get zero down time near zero loss uh you have it's great for Mission critical services and it's just as expensive as your original uh infrastructure so you're basically doubling the cost there [Music] okay hey this is Andrew Brown from exam Pro and we are looking at the evolution of computing and this is going to really help you to understand the different layers of compute uh and so we're going to start from uh on the left hand side to dedicated and work our way all the way to functions so what I want you to know is that uh when we're talking about dedicated this is a physical server wholly utilized by a single customer and so the idea is that this customer has purchased uh this dedicated piece of Hardware um but the thing with this is that you have to guess your capacity So when you buy it it's like a capital cost or you're purchasing uh uh for for like the whole like you have to plan how you're going to fully utilize it so you're going to overpay uh and you're going to have underutilized servers and the reason why is that when you first launch your app it might be small and then you're expected to grow into that space But you're just not using that space until you grow into it so it's considered wasted um if you want to upgrade Beyond Your Capacity this is going to be slow and expensive you literally would have to buy a new server that's larger and then move everything over you're going to be limited by your operating system so whatever operating system is installed uh that's what you're going to have uh you're going to have multiple apps uh if you do install multiple apps onto a dedicated server you might have conflicts in resource sharing but generally it's recommended to only have a single primary application on a dedicated server uh you are going to have a guarantee of security privacy and full utility of the underlying resources because that is what that's the whole purpose of having a dedicated server is sometimes dedicated servers where you have full control of everything is called bare metal and that's basically mimics what it was like to have a server on Primus or back in the day and they still exist so that is dedicated we'll move on to VMS so now we're moving on to Virtual machines also known as VMS and so the idea here is that if you had a physical server and you had the capability of running virtual machines that's like running a machine within a machine and so now you're able to run multiple applications on a single machine uh the technology that's used to actually run VMS is known as hypervisor there there are some other kinds but the ones we need to know uh is hypervisor so just know that that's the software that makes virtual machines work um you are now sharing the physical server with multiple customers that is generally a good thing because you are paying a fraction of the server cost you don't have to buy that server outright um you are still going to be uh uh overpaying for under underutilized uh uh the underutilization of a virtual machine because it still has an issue of wasted space because you have to choose a particular size of virtual machine it's not going to be perfectly fit for your application uh you are going to be limited by your guest operating system so whatever OS that you've chosen that's what you get um uh so that's that's what you have there if you want to run multiple apps on a single virtual machine they can still result in Conflict uh resource sharing but now uh customers that are isolated from you aren't going to conflict with you so you can run you could run uh if you had three apps you could run them as three virtual machines so you're not going to have that issue but if they're on the same VM you still have that issue so there you go that is virtual machines and we'll move on to two containers hey this is Andrew Brown from exam Pro and we are looking at the concept of containers and so this takes it a step further where we have virtual machines and we're running multiple containers so we're even uh we're further subdividing the way that we uh run our applications and the technology that is used to uh run a containers with within a VM or on a physical server is called dock Docker Damon if you're using Docker for containerization that's the most common in one um but that's going to let you run multiple containers and you can maximize the the uh the utility of the available capacity uh so this is extremely more cost effective right so um uh that available space is is always there for you to launch more servers within or you can or you can expand uh the usage for your app to take up that available space your containers share the same underlying OS so the containers are more efficient than multiple VMS um but the great thing is is that you can have different uh os's so the idea is that each container can technically be running a different uh OS and so now you have a lot more flexibility it doesn't seem like you could improve upon this further but we will when we move over to function so now we're going to take a look at the evolution of computing for functions and I I bet you didn't believe it but we subdivided it even further and so uh we've taken our applications that we're running container and we broke up the apps into little pieces of code called functions and now we even have more uh or or better utility of our compute so we have a manage a VM running managed containers so we don't have to worry about the containers and configure them ourselves functions are usually taken care of this is known as seress compute because you don't set up anything you just put your code online and it just works you might choose the memory and the duration that you need to utilize and that's all you pay for you're only responsible for your codee and data and nothing else and it's extremely extremely cost effective right because you are just paying for that individual function to run and all that un underutilized space is is the the the problem of the cloud service provider it's not your issue the only downside is that um there is a concept called cold starts meaning that when you launch a function or or serverless or a serverless code It generally has to provision a server because the the the cloud service provider doesn't want to be running servers when they don't they don't uh they aren't being utilized so you might experience a cold start where you're waiting for a server to start before your code will execute but there's definitely ways around that so there you go that is the evolution of [Music] compute hey this is Andrew Brown from exam Pro and we are looking at uh regions and geographies uh for Azure so a region is a grouping of multiple data centers and for um Azure they call their data centers availability zones Azure has 58 regions available across 140 countries one thing Azure likes to promote is that they have the most regions out of all uh cloud service providers uh then we have something what we call a geography so geography is a discrete Market of two or more regions that preserve data residency and compliance boundaries and the geographies that are available for Azure uh we have the United States then there's Azure government us this is a geography that's only for the US government uh so regular citizens cannot use it then you have Canada that's where I'm from Brazil and Mexico and I just want to emphasize that data residency and compliance boundaries for geography and I just want to give you an example so imagine you live in Canada and you uh and you work for a Canadian company you want to guarantee that the data will remain within Canada for whatever government regul regulatory reasons so then you'd want to use the canidate Azure geography because because that data would never leave Canadian soil um so that's the case there and I just want to give you kind of a a visual example so on the Le hand side we have two regions we have us East one and we have the Europe Norway east region and in those regions I'm I'm not showing it here because I don't want to make it too complicated but there would be availability zones and we could launch resources so we have some servers virtual machines those are the images you see within the regions and generally the way uh regions work in Azure is that when you go to launch uh a resource you choose the region at that time of creation so if you're launching a virtual machine it's going to give you an option to choose a region and you just choose from that list uh so yeah there you go so I just made my way over to Azure so I just typed in um Azure Global infrastructure because I just wanted to show you the big map of all the regions um and uh where Azure is available all throughout the world because sometimes it's nice to look here so we can see we have stuff down in Australia we have um uh regions in Africa we have a region in South America we have a lot in North America we have a lot in uh Western Europe uh and then we have some in um Asia here so we have Japan China all over the place so you know if if you want to look a little bit more into that um there's a lot of good information here on the global infrastructure pages but that's about it I just wanted to show you that world map [Music] so now we're looking at paired regions so each region is paired with another region 300 miles away and the reason why Azure does this is so that if one region is being updated uh then the other one is still available meaning that if you're running if you're planning to make sure that you never have uh downtime you can uh put your resources in that paired region uh and you're going to have higher availability uh so some Azure services rely on paired regions for disaster recovery so when you turn those services on they're automatically going to launch in that paired region uh one Service uh which would help you uh leverage your paired region would be a service called Azure well it's a feature of storage but it's called Azure Geo redundant storage so it replicate your data to secondary region automatically ensuring that the data is durable even in the event the primary region is isn't recoverable and just to give you an example of a paired region uh so let's say we're talking about Canada so with Canada uh you'd have uh um Canada Central and then its paired region is Canada east for North America and when we say North America we're really talking about the United States uh it's East US region paired with the West us region and then for Germany you have Germany Central and ger uh Germany Northeast so it gives you an idea how far away they are 300 miles that's quite a distance um but there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at Region types and service availability for Azure and what I want you to know about uh service availability uh regarding regions is that not all cloud services are available in every single region and there's infrastructure reasons as to why and there's compliance reasons as to why so Azure um has two types of regions they have recommended regions these are regions that provide the broadest range of service capabilities um and what that means is that uh the majority of services are going to be available in this region uh and this recommended region is designed to support availability zones then you have alternate regions uh and these are regions that extends azure's footprint within a data residency boundary where a recommended region also exists but they're not designed to support availability zones that doesn't mean you can't launch resources within them it just means that when you go to launch of resource you're not going to choose an availability Zone uh and these regions are labeled as other when you're in the Azure portal now let's talk about General availability so General availability abbreviated to GA is when a service is considered ready to be used publicly by everyone so if you have a a service or product and it was in beta and now you're ready to sell to people that means that it's ga uh uh but it's but just because it's ready to sell it there's also the the conversation around whether it's actually available to use and that's going to be determined based on the category that the Azure cloud service is in so Azure categorizes uh three different types of availability for services and the first one is foundational so a cloud service that is foundational is going to be available immediately in a recommended and Alternate regions when it goes GA or at least in 5 12 months of the time that it was announced then you have mainstream so these are um cloud services that will become immediately available in a recommended region or in 12 months when it goes GA um but for for the alternate region uh it may become available based on the customer demand and then the last one is specialized so cloud services that in this category will become available in in recommended or alternate regions based on customer demand so hopefully that clears up uh service availability and region [Music] types hey this is Andrew Brown from exam Pro and we are looking at special regions for Azure so Azure has specialized regions to meet compliance are legal reasons because they might want they might want to work with specific governments of uh and to meet those requirements they basically give them their own region and so the First on our list is the us and we have three regions that we know about so we have the US Department of Defense Central the US government of Virginia region the US government of Iowa region and then we have an additional three that we just don't know about it because they're in Secret locations so maybe they're for Area 51 we don't know um and so the reason why they have these special regions is that if you just want to do business with the government they need these kind of regulations um then on the other side we have China and so they have a region in China East and China North uh and these regions are available through a unique partnership between Microsoft and 21 vonet uh and so Microsoft does not directly maintain these data centers but they work with uh 21 vonet to give you uh accessibility to these regions um and probably to operate these regions you'd probably be um a citizen of these countries and you'd also be an employee of the government so it's not going to be for a citizens to use but there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at availability zones for Azure and so availability zones abbreviated to uh short for AZ and you'll hear me using that abbreviation a lot in this course and you should learn to remember that as well is a physical location made up of one or more Data Center and so a data center is a secured building that contains hundreds of thousands of computers and if you want a little visual uh here is uh the inside of a data center um and there's a technician working on a rack of servers and there's a dog uh in the data center uh you should definitely never have a dog in your data center you'll probably hear me refer to availab availability zones as a data center because it's the easiest way to think of it but it actually can be more than one data center now a region will generally contain three available IL zones I say generally here because there are cases where there are less than three but there's actually very specific reasons as to having exactly three availability zones data centers within a region will be isolate from each other so they'll be in different buildings but they will be close enough to provide low latency uh and that load latency would probably be in the sub milliseconds I don't know what it is for Azure but that's generally uh how it would be designed because you want it to feel like you're uh it's on uh the same network um it's common practice to run workloads in at least 3 A's and that's why I I was saying that earlier that's important to ensure Services remain available in the case one or two data centers fail fail and this is called high availability and we'll definitely cover this concept again in this course just to give you a bit of a visual on the Le hand side what we have is a region called us East one and we have multiple availability zones um uh Azure just labels them one two and three and so when you go to launcher resource if you look on the right hand side you choose your region so we are choosing us uh East us then we're saying we're going to use availability Zone and then we choose which one we want to launch it into so if we if we choose two it's going to go into availability Zone 2 that doesn't mean we're going to launch two instances it just means availability Zone 2 so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at AZ supported regions for Azure and so not every region has support for availability zones and we touched on this in the region section but we'll touch on it here again again so uh we know that there are regions called alternate others and these do not have availability zones whatsoever then you have recommended regions and these are supposed to have 3 azs the reason why they might not have them is because it's a newer region and Azure is promising to add more regions within 12 months or whatever time period that they say uh but generally what you want to do is when you have um Cloud resources you want to launch them where they have at least three azs so which regions have three azs and that is Central Us East Us 2 West us2 West Europe France Central North uh uh Northern uh Europe uh southeast Asia so that is where you generally want to run your workloads now what does it look like when uh you try to go launch a resource um and they and you choose a region that doesn't have an availability Zone what's that going to look like well it's going to look like this so you're going to availability zone is going to be blanked out and you'll have to choose no infrastructure uh redundancy required and so that would be the example for Brazil South where it's just there are there is a single AZ but it's described as not having a so you just don't choose it in the interface so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at fault and update domains so an availability Zone uh in an Azure region is a combination of a fault domain and an update domain so a fault domain is a logical grouping of Hardware to avoid a single point of failure within an a uh and so basically it's a group of virtual machines that share a common power source and network switch um the reason why Azure does this is that so if part of the data center fails then other servers won't be taken down with it so let's say there's a fire within the data center in one particular region it won't affect other Hardware that is running then you have update domains and so update domains is when Azure needs to apply updates to the underlying hardware and software um but the thing is is that because Azure is updating them it takes these machines offline so the idea is that if you run your workloads in um another uh like another domain in the update domain not neither domain will be updated at the exact same time and that way you won't have downtime because of updates and so the way fault domains and update domains work is that you use availability sets so availability sets is a logical grouping that you can use an Azure to ensure that your VMS you place in the availability set are in different fault update domains to avoid down time and just to really help with that visual uh here um what I'm going to do is just show you this here so each virtual machine and availability set is assigned a fault domain and an update domain and so what you're looking at here is uh you see those gray boxes those are racks uh in your data center aack is just like it it's like a closet for um servers and all those servers sit on top of each other and so each of those servers um uh uh in that is where your virtual machine might be deployed so if you are deployed if you have a server and it's deployed in Fault domain zero and fault domain one it could be in any of the the the servers on that rack uh but then update domains you just might have very particular servers um in that rack that are those update domains so hopefully that makes that a bit clear I know it's a little bit confusing but just remember the Conant behind fault domains and update domains and just to give you a visual of what it would look like in the Azure portal uh if you go ahead and create availability set you would name it so here I call it production and you would choose theault domains and you would choose the update domains and so I believe that what you're doing there is that you're choosing the amount of domains that you want uh your your virtual machines to be distributed across and I keep on saying virtual machine that's your server okay so if you say um two fault domains that that means that when you launch two servers and you put them into that availability set they're going to be across two fault uh two different fault domains and if you launch Five servers um and your update domains is at five that means it's going to be across five different uh servers that are isolated from each other so hopefully that makes sense but that's fault and update domains so I quickly just wanted to show you the fault and update domains that are in uh Azure here so the idea is if you're launching a virtual machine uh and you want to uh control the availability set what you can do is you can go um to down to here where we have availability options we're going to drop it down and choose availability set and then we don't have an availability set so I'm going to go ahead and create one if I just click there and so when we create a set we can say you know uh production set and so we have these two uh these two um uh dialogues here and so what what it is is when you say there's three fault domains that means that if you were to launch three VMS and you put them all into this uh availability set it'll be spread across three different racks so that if a rack goes out um two other racks are operational and so your service will remain available and then down below it's the same thing on a rack there might be multiple machines and certain machines um uh will will be will be scheduled for updates but they won't all be updated at the same time so if you're saying this you'll say spread it across five machines uh and that's all there really is to it so I just wanted to show you where that was uh when you actually launch it for a virtual [Music] machine hey everyone it's Andrew Brown and welcome to another follow along and probably the most important one which is how to create your Azure account so what I did is I typed into Google uh Azure uh Microsoft portal and so it brought me to here um this page might look a little bit different it really just depends on where you uh land in but a lot of times they make it very easy by having this try aure for free getting started free account so just find one of the ways in they probably go all to the same place so I'm going to go ahead and click Start free I'm going to get out of the way uh so that we can do this now um I already have an existing uh Microsoft account that's what you need in order to access Azure so I'm going to go here and say sign in with another account I'm going to create another account I go ahead and create one of course you probably already have an account or if you don't you can go ahead and start typing one in so I'm going to need an alternate email to utilize for this so just give me a moment okay so I was just thinking about it I actually already have another email called Andrew teer seat.com it's the name of our platform that runs exam Pro so I'm going to go ahead and try this and see if that works you can't sign in here with a work or school email address use a personal email such as a Gmail okay so it's not letting me uh uh do that there but maybe we can get ourselves a new email address and that will be one way in here now of course you don't need to create an Outlook or Hotmail you can of course uh use something else but I'm just going to create a new account to make my life a little bit easier uh while demonstrating this I'm going to type in exam Pro and your brown and hopefully it will allow me have that hyphen there and so I need to choose a password so just give me a moment also if you're looking for a password manager or sorry a password generator I tend to like this one called uh password generator.net because it works really well um so that's the one that I'm going to use but I'm going to take this off screen here for a moment and just put a pass in okay so I've just generated out a password and hopefully it will let me go ahead and create that so we're in good shape and so I'll fill in the next information here so I don't want to expose all my personal information so I'm just going to fill this in and hit next so you'll see me jump to the next screen okay and so it is progressing and we're just waiting for uh new things to happen here and so now I have a little puzzle to solve so just give me a moment I just want to save the password before I lose it okay I just saved my password off screen here let's go ahead and solve this so please solve the puzzle so we know you're not a robot uh how do I solve it do I need to put my headphones on just give me a moment here and take a look so let's go ahead and hit next so use the arrows to rotate the animal to face the direction of the hands um well it's already uh facing it so I guess we're in good shape that was not quite right oh maybe the direction of where the hand is pointing okay we'll try that again so there we go and we'll try that again very interesting um challenge that's the first time I've ever seen that one but uh that's interesting and we'll give it a moment here and so now we can fill in all of our information so of course again I don't want to expose all of my information here so go ahead and fill this in and what we'll need to do is verify our phone number so we'll fill in all this stuff um and then we'll choose to use a different phone number and all this stuff and I'll see you back here in a moment of course if you already have an email you wouldn't have to go through all of this process here but I'll be back in just a moment okay all right so the next screen that I'm being prompted with is to add a credit card they say identity verification by card um of course this is is so that when you want to pay uh and go to the pay TI you can I believe that Azure uh provides you a Sandbox so you'll be okay but you'll have limited control within Azure um but what we'll do is we'll go ahead and I will fill all this information of course I'm not going to show you all of this information um but I'll see you back here in just a moment okay okay that's all filled in and so it looks like um it's still setting up our account up here uh it's asking for some feedback um I don't really have any feedback for the sign up process I'm just going to wait here till setting up your account is complete so I'll see you back here in just a moment okay oh it looks like it's already done so the account is created I assume that we can just go ahead and log in so let's go ahead and sign in here and we will CH choose this new account now the cool thing about um Azure is that normally when you're logged in you stay logged in so um uh it's usually pretty pretty convenient I don't feel like I'm always logging into my account but we are in here and so that's all we had to do to get into our new azure account so there you [Music] go all right so in this video what I want to do is focus a little bit more on uh resource providers because it's very important to understand about registering uh or unregistering resource providers to get access to particular Services right now I am still utilizing the free tier so in some videos I might be on free tier in other ones I might not be but what I want to do is make our way over to our subscription so we'll go ahead and type in subscription in the top to and from here we'll go into Azure subscription one yours might be named differently if you named it differently I'm going to go down uh down over here and look for resource providers and so in here we have a bunch of uh providers that we can utilize and if we scroll through here there's a ton of them and so if we do not have um a particular things registered we're just not going to be able to use those services and the the type of subscription you have might determine what you're able to actually access so uh we can just kind of sort here on the right hand side by uh just double clicking and we can see what resources we have so I'm just looking through here and we we kind of have an idea of what they are so Microsoft storage is probably storage accounts um I'm trying to look for uh virtual machines I imagine there is probably one called Microsoft virtual machines or VM if we're not sure I can go ahead and type it up here so VMware what if I type in Virtual machines so um some of these are not registered but um you know uh it's just going to be really dependent on what we're running into so some of these are grouped under the same thing so it could be a bit misleading in terms of what their names are but uh what I'm going to do is just take a look and click into storage and see what kind of information we can get about it so we'll go ahead and click into this one here and I'm again I'm just trying to see what kind of information we can get and if we click here in the top it's showing resource types so that's kind of showing the kind of operations um that we can perform and if I hover over them notice it says like locations or operations or storage tasks so I imagine that these um uh these might be specifically tied to API calls um but yeah if if it's not very clear what these do that's totally understandable uh but I'm just going to say that we are going to come across resources and they're not going to work and it's we're going to have to enable those uh resource providers First uh one that I think that might happen would might be Cosmo DB I kind of remember having to always activate that one Cosmo DB so just give me a second I'll go look for it okay all right so I did a bit of Googling and in this one they were suggesting some uh resource providers I think it's talking about Cosmos DB and I think that Cosmos DB used to be called document DB or it was an older version of it so I'm just curious if we were to uh type that in here let me say document DB yeah and notice that it's not registered so um Cosmos DB is a um it's a nosql database if you ever heard of um adabs is equivalent of Dynamo DB it's something similar uh the question is can we use this in the free uh tier I'm not 100% certain but it says try for free uh for up to 30 days and so all I want to see is is it going to complain that we don't have it registered that's what I'm hoping uh to happen here to demonstrate this uh this thing about registering I'm going to go ahead and go ahead uh here and hit create and uh we have a bunch of different options here so I'm just going to go ahead and create a nosql database and I'm going to create a resource Group so I'm going to say you know my DB we'll go ahead and say okay just follow along if you don't know the stuff that's totally all right again I'm just trying to get it to prompt if you don't want to make this you can just watch and just see what happens uh when we see that resource provider uh complaint assuming that this is going to trigger it I'm not sure and so we need account name so I'm going just say my new DB um and I'm just going to put a bunch of numbers here on the end these are Global names so it's treated like a domain name I have to really figured out apply the free tier discount absolutely yes and we'll go ahead and give it a moment so we'll just wait and we'll go ahead and create and so it's initializing the deployment and I'm not seeing any complaint uh so far I keep expecting it to say hey you need a you need a um a resource provider here but it seems to be deploying so this might not be a good example but I definitely remember having this issue before but we'll give it a moment I'm just going to be back in just a second and we'll see what the result is okay also while we're waiting I just want to point out that uh a lot of times when things are happening you can go up to the notifications and it will give you an update here and so while this is creating I could go ahead and give this a hard refresh um and just still notice that it's still showing the deployment in progress so we can really keep track of where we are or what happening um again I don't know how long this takes to create this might take quite a while I just kind of forget I know it's not going to cost me anything to spin this up but uh we'll wait here a bit okay all right so that did actually create so I guess that wasn't a really good example unfortunately uh but I do know um I'm going to go ahead to that Resource Group and I'm just going to go ahead and delete this uh anytime you launch a resource in Azure uh you always have to launch it into a resource Group and it's a lot easier to tear down all the resources within a resource Resource Group so I go ahead and hit delete Resource Group it has that one database there I'm going to go ahead and delete it so I did kind of cheat and I went out to the internet and I said what service uh isn't enabled by default uh where you'd have to register it and one they said was AKs AKs is uh for running kubernetes clusters that's a little bit um out of scope for the the uh this level of certification but I'm going to do it anyway I really don't want you to do this I just just want you to uh watch and see what I'm talking about here because kubernetes can be very expensive um and I don't want to to put you in trouble here or to make this harder for you so just watch along and let's see if we can see what happens when we try to launch a kubernetes service without turning on uh turning it on in uh the reg uh under resource providers so I'm going to go here and launch a new kubernetes cluster and I'm going to create a new resource script I'm just say my K8 um uh Resource Group for RG there we'll say okay and I'm going to choose something again don't do this I'm just doing this we'll go ahead and do Dev and test I'm going to say my uh k8's cluster and so it likes the name there that's fine I'm going to go with the free pricing tier if it's free you can do it as well but going to tell you it's not fun to set up kubernetes clusters it's going to set up at one Noe pool we'll go ahead and hit review and create if you're also noticing um there's always this confirmation step with Azure I really like this like eight of us does not do this gcp kind of does this but you always go through this process of go through the steps review what it is that you want and hit create and then it has a a deployment step um so it's a nice workflow I really like that about Azure but we'll give it a moment here to um get ready to confirm all the information and we'll go ahead and see if we can create it it says validation has passed we'll go down below and hit create I'm still expecting it to ask me about container service and I definitely confirm that this is something you're supposed to have turned on now what we'll do while we're waiting is I'm going to go over here uh click back into a new tab and while that is deploying because that's going to take a while I'm going to go ahead back into our subscriptions and I want to check resource providers because I know this one is called like container services so I'm going to type in here container and it says it's registered so I feel like Azure is messing with me because in the past you've always always always had to manually turn these on and I feel like it's just turning them on for me so what I'm going to do here is I want to see something I don't have turned on and then I want to go try and use it and see if it actually just turns it on because if it does that now that is great but always in the past that's not how it worked so just let me go look for something and I'll be back in just a moment all right so I just went over to chat GPT and I asked what does Microsoft compute give you access to and it says virtual machines and scale sets which makes sense that's what I recall uh it doing but I just wanted to be 100% sure it's going to do what I wanted to do I also noticed that uh coming back to AKs our deployment failed I'm going to go take a look here um the resource R operation failed to complete successfully because it reached terminal provisioning State failed that's totally fine I don't even want to deploy a kubernetes cluster anymore I've given up on that we're going to go ahead and just um delete this Resource Group and if you're thinking this is a bit messy I'm just going to tell you this is what Azure is like um Azure is uh really great in terms of its offerings but uh out of all the cloud service providers I would just say that it is the most uh challenging to learn but anyway that's going to tear down and so what I want to find out is if I go launch a virtual machine this this automatically going to turn on to be registered that's what I want to know so what I'm going to do is go ahead and attempt to launch a virtual machine which that that is something that is a lot more reasonable to learn at this certification level but we're going to go ahead and hit create I'm going to choose an Azure virtual machine and I'm going to create a new resource I'm going to say my uh uh virtual machine uh RG and I'm going to go here and just say my virtual machine RG or not RG but just put that in there like that and we're going to go ahead and choose us East does not really matter I just want to it somewhere and I mean this looks all okay um I'm not going to log into this the only thing that matters is uh what kind of image we're utilizing because that's going to determine uh the spend so that is free tier I'm going to stick with free tier let's go ahead uh forward to our review and create and see what happens so again I'm kind of expecting to create this and I wanted to say that it's not enabled it wants us to generate a new key pair um um I don't really want to download a key pair but I'll go ahead and do that anyway that's something you commonly do with virtual machines I just wanted to create it so again I have not enabled that service while we're waiting for this let's go ahead and click on notifications and view all the activity I'm just curious if it's enabling those subscriptions because usually it tells us everything in here and so I'm just carefully looking so um I'm going to go ahead and refresh that was four minutes ago ah look here Register subscription for container service okay so um we absolutely do need to turn it on but it turned it on automatically for us and I'm just trying to say that in the past I always had to manually do that down below here register the the uh uh storage resource provider so I'm not sure if this is a problem anymore but I still think it's important to point out that you are supposed to register Services uh before you use them um and that's the only point I wanted to make there um so just understand that that is something that's important to um Azure but uh now what I need to do is uh get rid of my um uh that virtual machine I've been launching so over here you can see the latest resources I'm going to go to this one here and I know it's still deploying it's creating these resources I'm going to go ahead and tear that down so I'll go here and just say um apply for delete for all everything yep I definitely want to do that and I'm going to go ahead and copy this name here and we'll tear that down so that's the only point I wanted to make in that video I know was super complicated but hey that's Azure we'll see you in the next one okay ciao let's go ahead and actually create some users and just before we proceed forward to create a user I just want to point out you can tell what tenant you are in if you look in the top right corner so here I'm in my Starfleet tenant and there's actually I think you can switch between here yeah that's an easier way to switch between your directories uh but generally that's not how I do it I'll go to the top here and just type in Azure active directory and uh when I want to switch a tenant I just click the Switch tenant button and click on what I want but we'll make our way back to the uh Starfleet tenant that I have here here you can see my information and I've obviously activated Azure ad premium P2 um but before we go ahead and create a user we're going to have to create a group and I'll show you why if I'm going to go ahead I'm just going to speed through this for a second but if I scroll on down I have this option where I need to create a assign it to a group I guess I don't have to but um the problem is I don't have one and so before I create my user let's go ahead and create ourselves a new user group and so we'll go ahead and create a new group here and I we have two options we have security and Microsoft 365 it explain explains right here the difference so 365 is really for giving access to mailbox calendar files SharePoint we're not doing that stuff here we're just sticking with regular security groups uh which is for Azure stuff we'll name this uh developers and then we'll name this developers and notice here that uh the membership type I have a drop down if you're on the free tier this is going to be great out but uh this Dynamic user is part of P2 and so uh this allows us to add a dynamic query and the idea here is that if I start having users and I just say if a user uh is from Canada then they'll automatically be added to this group and so that's the query that gets outputed but we're not going to make a dynamic group today uh we'll just make our way back here to the new group and we'll just manually assigned stuff all right I'll go ahead there and create that user or that that group there and now that we have that group let's make our way over to users so we'll go back here I'm going to make myself a new user um and and on the top here we'll go here uh and we'll name this one Kevin and we'll have that lowercase and we will call them Kevin xxbridge all right and you'll notice here it will autogenerate a password it's four letters and four numbers I don't find this personally uh very secure but the idea here is that uh user is going to reset that password right away so it's not a big deal and that's very easy to remember and now I can go here and assign uh groups and if I want to assign them a ro I can do that here so we'll open that up we have a bunch of different options maybe we want these two roles here and then we have some additional information I'll go ahead and create this user and so now this user exists what's interesting is that I can go ahead and delete users and then recover them the groups have this as well where if you go here and I actually have a user I deleted previously so it just takes some time to show up but if you go ahead you can hit the uh delete user here and then uh they will remain in here for uh 30 days and then they'll automatically be Del be deleted so if someone made a mistake this is a great opportunity to bring them back and so I can just go checkbox on rishan here and we can just bring her on back restore that user all right and again you know this is sometimes a bit delayed so we might have to hit refresh there she is and so uh you know that is the whole group and user stuff there [Music] let's take a look at how we can enable multiactor authentication for our users and so multiactor stands for MFA you're probably used to it where it's a secondary step to confirm your identity before logging in either via a phone or a hardware device such as an UB key and so there's this button here says multiactor authentication and it could be disabled for you it very likely is if you're on the uh the free version of um your Azure ad just going back up here one level you can tell based on what that is here so I'm using Azure ad premium P2 that's definitely going to allow me to have MFA so if you just don't want to turn on P2 or it's trying to uh charge your money don't worry about it just watch me do it here you pretty much learn what you need to know so we'll just go ahead and click that button it's going to bring us to a different screen here and here we have our users and you can see multiactor authentication has turned off for all of them so we can go ahead here and turn it on for a single one if I click enable uh and so that enables it for Kevin then we have some other additional options like manage user settings and here you can see we have some extra options so require selected users to provide contact methods again delete all existing app passwords generated by the selected users restore multiactor authentication on all remembered devices so just some additional things another thing we'll want to check out here it's not very obvious but we have a service settings button up here and this will give us more addition additional options to enforce for our users so first we have app passwords so this allows users to create app passwords to sign into non-browser apps so things that are uh not part of the website here and so you can whitelist some IP addresses for them uh so that they are trusted from those locations then for verification options this is something that's important we have some options like call to phone so um it will actually uh to do the MFA will actually call your phone and you'll tell you the letters and numbers that you enter in or it can send you a text message or it can notify you through the mobile application so you can install the companion app uh from the Android or iOS store or the Windows store I imagine there's a Windows store too um and then there's the verification code and mobile app on or Hardware tokens so Hardware tokens could be with an UB key right then you can say remember a multiactor authentication on trust devices for x amount of days that way they don't have to enter it all the time uh because it might get annoying for some users honestly for me I want everyone to entered every single time cuz that's just how I am but let's make our way back here and see how we can do some bulk assignment so what I'll do is I want to enable it for a few people here so if I go up to bulk update I can download a sample file and uh that's going to go ahead and download that and uh you can see I actually did this previously here so I'll just copy it and uh what we'll do is just paste that in there so we're just pasting in yeah that's fine we're just pasting in uh their their name right and the MFA status you can always get the name from here just back on the list there and so once we have saved that file we can go ahead and upload that uh they're the same here so it's not a big deal and we'll just wait a few seconds here this is pretty darn quick usually doesn't take minutes sometimes it takes seconds but we'll just give it a moment here and there we go so that was a long wait I don't know why but I verified the two there and so if we go next now those will be now enabled uh there's also this option to enforce so I just go there uh after multiactor authentication is en Force users will need to create app passwords to use non-browser applications such as Outlook or links and so that's a great option to have so I'll just go ahead enable that as well so now that's enforced and so that's all you really need to know about uh [Music] MFA hey this is Andrew Brown from exam Pro and we are looking at Azure Computing Services starting with Azure virtual machines so virtual machine is going to be the most common type of compute whenever you're launching a server I would just think of a virtual machine uh and your virtual machines could either be running Windows or the Linux operating system now the great thing with virtual machines is you get a lot of configurations so you can choose your OS the amount of memory the amount of CPU you can attach storage to it uh the thing here is that because it's a virtual machine the uh the hardware is shared with other customers you can get dedicated but generally it's shared and then you get a virtual uh computer um so it seems like you have like 100% of the resource okay then we have Azure container instances so this I would describe as Docker as a service you can run containerized apps probably runs Docker in both windows containers CU I believe uh Windows has containers as well but uh runs containerized apps on Azure without provisioning servers or VM so makes that a lot easier for you the next sounds very similar which is called Azure kubernetes service so it's kubernetes as a service uh easy to deploy manag and scale containerized applications um so the idea here is that kubernetes is is just another uh way of uh working with containers um but it's using an open-source library kubernetes has basically become the deao for um uh containers and so we've seen all the cloud providers uh try to make their own service or orchestration service but um kubernetes kind of one out so you'll see it on all platforms the next one is azure service fabric this one can be a bit confusing because it's described as many things uh but I'm going to describe it here is a tier one Enterprise container as a service uh application or um cloud service so um it's for distributed system platforms it runs on on the Azure cloud or on premise uh and the way they described is easy to package deploy and manage scalable and reliable microservices and anytime you hear the word microservices think of also containers so with Azure container instances and Azure kubernetes Services that's where you'd also run microservices then we have Azure functions so uh this would be event driven serverless compute uh anytime we're talking about serverless compute we're usually talking about serverless functions which are little B of code uh that you can just um upload and it just works you don't have to think about the servers or provision anything uh and you only pay for the time that that code runs so serverless functions generally run for very short duration as soon as they're done those uh those underlying servers are shutting off uh and the last on our list here is azure batch so you can plan schedule and execute your batch compute uh workloads across uh 100 plus jobs in parallel when I say jobs here it's just the the code that you want to run uh you can use spot VMS spot VMS might not be out at the time of this but it will be in the future um but generally it's known as low priority VMS but the idea here is that there are uh virtual machines that are being underutilized and so Azure is allowing you to uh uh rent them at a more cost effective cost and so if you're doing a lot of uh scientific compute or other things uh and it doesn't matter if these uh Services get interrupted and you want to use those low prior VMS that is a great way to save and that is the computer [Music] Services hey this is Andrew Brown from exam Pro and we are looking Azure virtual machines which makes it easy for you to choose your own OS compute memory and storage and launch a server within minutes all right so let's take a quick look here at VMS for Azure and this is a highly configurable server that relies on virtualization meaning that you're running a server without having to actually buy and maintain physical Hardware that runs it uh you will still have to manage things at the software layer so you would have to apply your own OS system patches and installing the configuration packages but the nice thing is that you're not dealing with that Hardware it's just going to work for you and some things I want you to know about Azure virtual machines is that the size of the virtual machine is determined by the Azure image uh and so the image defines the combination of vcpus memory and storage capacity the current limit on a per subscription basis is 20 VMS per region I would think that if you wanted more you could just use another sub subscription I don't know if they have service limit increase for that but that might be possible as well Azure VMS are build at an hourly rate an instance uh or a single instance that you launch is going to have availability of 99.9% when you're using premium disc if you have standard disc I have no idea what it is um but it's going to be less than that if you want to get 99.95% availability you're going to have to launch two instances within an availability set and you can attach multiple manag discs to an azure virtual machine now just to give you uh like a quick visual of what's actually happening when you launch an instance because when you do launch a virtual machine there's going to be other networking components that are going to be created or associated with you and you definitely need to know all these components here so I have this nice diagram we're going to do a quick run through with it and I want you to just know that when you do launch a virtual machine it actually does give you a list of all the components that it creates this is actually very common with most Azure services and sometimes what they'll do is they'll put it within a resource Group for you so that they're all grouped together which is very nice um but uh let's just run through these uh common components that you need to know such as the network security group and this is going to be attached to your network interface it acts as a virtual firewall with rules around ports and protocol so that is what's protecting our virtual machine you have the network interface that handles IP protocols so that's how the virtual machine uh talks to the internet or other things on the network you have the virtual machine itself or the instance that's a uh the version or the um uh instance that is currently running it's going to get a public IP address assigned to it so that's how um people from the internet can actually access the virtual machine and then you're going to have to launch it within a virtual network uh and so that's you're going to have that v-net so you'll either you'll either choose one or you'll be creating one uh during that wizard process so there you [Music] go so now let's take a quick look at the options for operating systems on Azure VM and let's just Define what an OS is uh so the OS is the program that manages all other programs in a computer and the most commonly known operating systems are windows Mac OS and Linux and when you want to uh launch a virtual machine the way you determine what operating system you use is based on the image that you choose okay and um Azure has a Marketplace so they have so many different kinds of operating systems you're going to have every Poss option you want and Microsoft is also partnered uh with specific companies to make sure that they're providing you images that are updated and optimized for the Azure runtime so let's do a quick run through of these supported or partnered uh os's so we have Seuss we have red hat Ubuntu Debian FreeBSD um then you have flat car container Linux Rancher OS which is for containerization bitnami bitnami is more like images that have pre-loaded software on them they very popular for their bitnami WordPress you have mesosphere uh and then you have images that have Docker with it so you have a lot of options uh open to you there and I always forget about Jenkins and Jenkins is on the end there now if you want to bring your own Linux version you can totally do so all you have to do is package it into a virtual hard disk or a vhd uh if you've never heard of vhd uh these are these are just uh virtual hard disk formats that you can create using hyperv software which would be on your Windows machine uh and just be aware that Azure doesn't support vhdx which is a newer format it it only uses vhd okay so there you go so let's take a look here at Azure scale sets and these are used to automatically increase or decrease your virtual machine capacity so imagine uh you have a web application behind an application load balancer and you have an increase in traffic you want to be able to quickly add more capacity by adding another identical virtual machine or when uh there's a decrease in traffic remove it to save cost and that is what Azure skill sets do um so you're creating uh skill policies to automatically uh add remove based on host metrics host metrics could be like CPU utilization or uh Network in uh you're going to create health checks and you can also uh set a repair policy to replace unhealthy instances you can associate a load balancer to distribute virtual machines across uh availability zones and you can scale to 100 or even a th000 VMS using scale sets so one thing you're going to probably want to do with your scale set is associate with a load Bouncer and in honest I don't run any kind of application workload uh unless it is in a scale set and behind a load balancer because it's just good practice to do that and the reason why you're going to want a load balancer is that it's going to help you evenly distribute your VMS across multiple availability zones and that's going to give you high availability uh because you definitely want to try to run uh 3 VMS across 3 azs to get that a high availability uh you can also use a load balancer probe checks and these are more robust health checks than what scill set provides you uh so that's just an added benefit there uh and when we're talking about um load balancers we have two different choices here we have the application Gateway and so this is for HTTP htps web traffic load balancer uh and then you also have Azure load balancer and this is going to support TCP and UDP Network traffic and things like that so depending on what OSI layer you need to operate on is going to determine what kind of load bouncer you need to use so let's take a look at scaling policies and these determine when a virtual machine should be added or removed to meet the current requirements and you have this uh Little Wizard here this is what the What wizard you see or form you see when you're creating a scale set initially with very simple features but let's just focus on two things scaling out and scaling in so scaling out is when an instance should be added to a skill set to increase capacity so you choose your metric uh which is hardcoded in this case to CPU threshold so you choose your metric the duration how many VMS you want to add and then the scale in is the opposite that's when you're removing uh uh uh something from the scale set to decrease your capacity and again that interface is very simple uh when you actually go ahead and create a scale set after you go and update it you're going to end up with a lot more options and here are the options you can see they're extremely robust and so uh you have the option to choose one of the built-in host metrics that are already be being collected on your virtual machine so uh the most popular here and there's more than this but uh the most popular here is CPU Network in network out dis read and write uh then you have your Aggregates so you can decide how you want to group or uh collect that data uh before you apply your final operations on it uh then you have your operator so you can say greater than or greater than or equal to then you have your actions you can say increase the count of so add uh x amount of servers or you can say uh increase by percentage so imagine you had um uh 10 servers and you want to increase the load by 30% that would add three additional servers if you want more metrics than just the built-in host metrics you can absolutely get more uh but you're going to have to install a couple things uh for app uh if you want more app specific metrics like page performance or page load performance and sessions count you would uh install a small instrumentation package for app insights and uh if you want to have more detailed host metrics so you might have host metrics but you want them in more detail or more available host metrics you'd install the Azure diagnostic extension within your VM um there are a few other uh scaling policy options that are well they're not exactly in that form but they are around or are associated with them one is the scale in policy not to be confused with the scale in options um and this determines what virtual machine should be removed when you decrease capacity so it's just a simple drop down and you have a few different options so there's the default option this is where it deletes the VM with the highest instance ID and it's going to do that b uh uh take in consideration uh the balancing across azs and ads or it can delete the newest virtual machine so delete the newest VM again uh this one's only across uh virt or availability zones or delete the oldest VM this is going to delete the oldest VM and balance across availability zones then you have an update policy and this determines how uh how VM instances are brought up to date with the latest scale set model so again it's another drop down and you have a a few options here so you have automatic so increasing the start upgrade immediately in random over uh order or or manual so existence or existing instances must be manually upgraded or rolling and so this update upgrades roll out uh in batches with optional pause uh and just one other note here is that if you want to do automatic OS upgrades you can enable uh this to help ease update management by safely and automatically upgradeing the OS disk for all instances so there you [Music] go Health monitoring is a feature with skill sets you're absolutely going to want to turn on uh and what it does is it determines whether your instance your virtual machine instance is healthy or unhealthy so you have that option to disable or enable it and it comes in two different modes we're going to have the application Health extension which is what we're seeing on the right hand side here and this is where you ping an HTTP or htps request with a specific path uh and expect a back a specific status so the status here would be 200 so the idea is that you could say ping the homepage and if the homepage appears then therefore the server must be healthy or you can make it your own custom uh page that's what I like to do I have like a health check page the other mode is load balancer probe uh this is only going to work if you have an associate IED load balancer and uh here you can check based on TCP UDP HTP request so this is a little bit more robust um um so I generally would recommend using this mode over um the the first mode because generally when you have a scale set you're going to also want to have a load balancer uh now if you want to replace unhealthy instances they have an automatic repair policy so this is an automatic I mean like it's not turned on by default so you have to uh explicitly say you want to turn it on and what that will do is that if it finds an instance that is unhealthy it's just going to uh terminate it and then launch a new instance all right and so there you go all right let's take a look at Azure virtual desktop formerly known as Windows Virtual desktop Azure virtual desktop on Microsoft Azure is a desktop and app virtualization service that runs on the cloud Azure virtual desktop works across devices like Windows Mac iOS Android and Linux with apps that you can use to access remote desktops and apps you can use most modern browsers to access Azure virtual desktop hosted experiences use Azure virtual desktop for specific needs like when security is a concern because all data is saved on the server and cannot be left on the device of a user key features and benefits enable secure and productive remote work on any device Azure virtual desktop provides full Windows 10 and Windows Server desktop and application virtualization on any personal device seamless integration with Microsoft 365 apps for Enterprise and Microsoft teams reduce costs of Licensing and infrastructure use eligible windows or Microsoft 365 licenses to access Windows Virtual desktop and pay only for what you use protect against outages to stay productive help keep your team running during outages by leveraging built-in Azure site recovery and Azure backup Technologies simplify it Management Windows Virtual desktop manages the virtual desktop infrastructure for you say so you can focus on users apps and Os images instead of hardware and maintenance Heap application and user data secure easily apply the right access controls to users and devices with Azure active directory conditional access so that's an overview of azure virtual [Music] desktop hey this is Andrew Brown from exam Pro and I'm going to show you how to launch your own server on Azure uh and so a server would be considered some kind of Computing service and the one we're going to do right now is we're going to use Virtual machines so go the uh all the way to the top here to the search and I want you to type in virtual machine I know it's on our dashboard here but just to get the get in the habit of always being able to find stuff it's great to use the search and then once we're here on the left hand side I want you to click add and we're going to be presented with a lot of different options so the first thing we need to do is choose our Resource Group uh we have another Resource Group we that was created here for us for azure I wouldn't worry about it let's just choose the one that we created I'm going to name this virtual machine I'm going to call it my VM we're going to launch it in uh Us East uh if we wanted to choose an a we could so we go to availability Zone and choose one I'm just going to stick to no infrastructure then we have Ubuntu here it's using the latest version it might be different for you I wouldn't worry too much about it then we need to choose our size this is going to really determine our cost here this is $89 Canadian I'm just going to go ahead and hit select uh here and we're just going to sort on the right hand side based on cost and we're going to choose the most inexpensive server which is the B1 LS so that's one vpcu and half a gigabyte of ram um because this is just an example app we're not going to do any or a server we're not going to do anything with it so we might as well make sure we're not overspending our free credits uh we have the option to add a public key this is what you generally would want to do uh but that's a lot of work and so uh for this demo so we're just going to choose password they're very finicky about the passwords here that it has to have a uppercase lowercase special character um number and it also has to be 12 characters so I'm going to type in testing with a capital T testing 1 2 3 exclamation exclamation and then testing uh with a capital on the T 1 2 3 exclanation exclamation so there we go uh we don't need um any inbound ports I'm going to say none because we're not sshing in I'm just going to click forward here to show you some of the other options so we could Cho are are the type of uh dis we'd be attaching so it's by default on premium you might want to choose standard or standard htd generally when you're launching web web apps you want SSD if we were to choose standard it would say hey you should really use premium so we're just going to go back to premium you're going to notice that the uh disk is encrypted by default so you can't have an unencrypted dis that's a very good uh default option if we go over to networking it's going to automatically select our v-net that we chose uh and the default sub net that we uh that it created uh when we created the v-net and then here we could choose whether we want an IP address or not um if it had no I or public IP address it would still have a private IP address um and that would that would mean that it like it's really intended for a private subnet um it has a network security group set on to basic here um and that's pretty much it here you could also put it behind a load balcer we're not going to do that let's go over to management management we have a couple options here like identity auto shut shut down backup um these are all fine we're just going to leave it alone for Advance we could put custom data in here that means we could provide it a script that it would use to initially set up the server we're not going to do that um and that's about it so I'm going to go back to basic and I'm going to scroll all the way down to the bottom and I'm going to hit review review plus create and what we're going to have to do is wait for this validation step that was very fast it might take multiple seconds for you or even a minute um but sometimes it's faster than others so so now I'm going to go down below and hit create and we're just going to wait for that deployment to be submitted it's going to say deployment is underway and then soon it's going to say deployment is complete so I'll see you back here in a moment when deployment is complete great so we had to wait a few minutes there and now it says deployment is complete and we can PR proceed to go to Resource and so here's our virtual machine we have some CPU some Network some dis so there's some activity here um if we wanted to gain access to it there should be connect button here we're not going to be able to gain access to it because we just didn't set it up in a way that that was the case we have a few options down the left hand side such as the diss that are actually attached to it and maybe the size here so maybe if we wanted to um resize change it to a larger size we could go ahead and do that um but there's nothing really exciting here to do I just wanted to show you how to launch your own virtual machine and now that we have our own virtual machine uh launched I'm going to go back to overview we're going to go ahead and delete that because this is now costing us money uh it's not costing us a lot of money but uh again we're done here so we'll just go ahead and delete we're going to say yes to delete and now it says it's deleting the virtual machine and so we're just going to wait until this is uh finished deleting and a lot of times you can just look at the progress up here and it'll say deleting the virtual machine could take a few seconds it could take a few minutes um it just depends so I'll I'll see you here in a little bit when this is done deleting so after a little while here it says it's how it's successfully deleted the virtual machine if we want to make sure that it's deleted let's go make our way over to Virtual machines at the top here in the search and you're going to notice that it's still showing up there but it said it was deleted and this is the thing with uh Azure is that it takes time for it to propagate so what we'll have to do is just hit refresh and now it's gone so just be aware that um sometimes the consistency in terms of what you see in the UI is a bit delayed and so um if you remember clicking delete and it says that it deleted it just uh have a bit of patience there and hit refresh and just double check to make sure that's the case so there you go hey this is Andrew Brown from exam Pro and we're looking at Azure app Services which allows you to quickly deploy and manage web apps on Azure without worrying about the underlying infrastructure and specifically this is known as a platform as a service so Azure app service is an HTTP based service for hosting web applications rest apis and mobile backends and you can choose your programming language and it can either be windows or L Linux environment and it's a platform as a service so if you've ever used Heroku is basically the Heroku of azure and so Azure app service takes care of a lot of the underlying infrastructure for you so can do security patches of the OS and languages load balancing autoscaling automated manager uh and then um there's a lot of things that you can Implement uh and so for Integrations such as Azure devops uh GitHub Integrations Docker Hub uh package management easy to set up staging environments custom domains attaching uh SSL certificates so you can see that it just basically takes care of everything for you uh if it's really hard for you or timec consuming for you to do all this on your own in Azure and the way it works is you pay based on an Azure app service plan honestly I find these really confusing um I really like how adus does elastic beanock because you're just paying for the underlying services but Azure has all these crazy uh tiers here uh but you have shared tier which is free and shared doesn't support Linux you have the dedicated tier uh which is basic standard premium premium version two and three and the isolated tier and so uh another thing I need to note is that Azure app Services is not just for traditional VMS for monoliths you can also run Docker single or multi containers uh and when you set up a project you're going to choose your domain name on the azurewebsites.net obviously you can override that with your custom domain name but there you [Music] go let's talk about Azure app services runtimes and so let's define what a runtime is a runtime is software instructions that are executed while your program is running and so runtime generally means what programming language libraries and Frameworks you're going to be using and so uh runtimes for Azure app services are predefined containers that has your programming languages and probably some commonly used Li for those languages installed and probably commonly used languages for web Frameworks and so the idea is that you're going to choose your uh runtime it could be net net core Java Ruby which I'm very disappointed in Azure because uh as of shooting this video they do not support uh Ruby for application insights but yet they have it here in Azure app Services node GS PHP Python and there's all the logos uh if you like seeing the logos and so Azure app Services generally has multiple versions so they have like Ruby 2.6 2.7 for PHP they have a lot of versions for no J they have a lot of versions uh but I just want to point out uh that it's pretty common for cloud providers to stop or to retire the old ones at some point to stop supporting them uh you know that just because they want to keep things modern um and the other thing is like it also helps you keep with your best security practices because really you should always be trying to upgrade to the latest version uh for those security patches and and things like that so there you go but now let's say uh you wanted to use a language that wasn't supported on um Azure app services like you wanted to use uh Elixir what you could do is create your own custom container either for Windows or Linux uh and so uh you just go ahead and create your own Docker container on your local environment you can push it to an Azure container registry and then the the idea is you can deploy your container image to your app service so I just wanted you to know that you could do that um if there's some languages or other things or maybe you're using a language but you need uh some bundle or packages that are uh that are just baked into the uh into the Container so there you go let's talk about deployment slots so deployment slots allow you to create different environments for your web application and Associate a different host name this is useful when you need a staging or quality assurance environment or maybe you need just like a developer environment any kind of environment you want so think of it as a way to quickly clone your production environment for other uses and so down below here you'd have your deployment slots and there's your slots maybe you have app staging beta so that's the different uh host names there uh and so the idea is that not only do you have other environments but there's also this thing called swapping and the idea is like imagine uh you decide like you make a clone of your production environment and then you deploy the latest version to it and then when you decide that it's good it's in good shape then what you can do is swap it out with your current production environment and then just retire your old one and this is called blue green deployment uh and so that is a great way to uh do deployments and I just wanted you to be aware of that so I wanted to talk about app service environment because I just wanted to show you how Azure app service is not just for little toy apps or your small startup but they can be really useful for larger Enterprises so um app service environment is an Azure app service feature that provides fully isolated and dedicated environment for securely running app Service uh at high scale and this is going to allow you to host web or Windows Web apps Linux web apps Docker containers mobile apps and functions and app service environments are appropriate for application workloads that require very highs scale isolation and secure network access High memory utilization and again you know when you think of platform as a service you don't think it this kind of scale so it's really impressive that Azure does this customers can create multiple asc's within a single Azure region or across multiple Azure regions making ASC ideal for horizontal scaling stateless application tiers in support of high request per second RP RPS workloads and ASC comes with its own pricing tier and that's the isolated tier and ASC can be used to configure security architecture apps running ASC can have their access gated by Upstream devices such as a web app application firewall also known as a WAFF app or s s ases can be deployed into availability zones using Zone pinning I don't know what that is a Zone pinning but that sounds good to me uh and there are two deployment types for ASE we have external ASC and ilb ASC let's go take a quick look at what those look like so here's a big diagram and look in the middle there that's where our Azure uh uh service environment is it's in our own v-net and a subnet and the idea is that you if the reason it's called an external ASC is because it exposes the ASC hosted app on an internet accessible IP address and then down below uh if you wanted to connect this this is generally what people are probably using for but what uh you want to do is you can connect it to your on premise via a site to site or express route VPN um so that's something you can do with it and the other part is like you can because the ASC is within the same v-net it also has access to resources within the v-net without any additional configuration so that's really nice and then the second uh second one here it looks it's exactly identical but there's one key difference and it has this ilb there and an ilb stands for internal load balancer um and that is basically the only difference so uh there you [Music] go so the way you pay uh when you use Azure app service is you need an Azure app service service plan and that's going to determine you know how much you pay and what's going to be available to you they got three tiers which we're going to go uh through here shortly and we did mentioned them earlier I honestly do not like this whatsoever this tells you this this is a Microsoft product because it has these uh wonky pricing tiers I hope in the future they'll change it but that's just what it is and so let's go learn it so basically what you do is you have like this big uh wizard uh that tells you all the stuff that you can have it tells you what's included and stuff like that uh but let's work our way through through it so the first thing is the shared tier and there's two types here we got free and shared and so there's the free tier that red one there it's called F1 it gives you 1 gigabyte of disk space up to 10 apps on a single shared instance no SLA for availability and each app app has a compute quota of 60 minutes per day so there you go you get some uh free tier there then there's the shared tier this provides up to 100 apps on a single shared instance no SLA availability each app has a compute quota of 240 minutes per day uh and the thing is is that I didn't know where the button is for that so like the next thing right beside it is the dedicated tier and I thought that's what it would be because it says 100 total acus so is it I'm not sure but anyway the point is there is a Shar tier where it is I don't know and you can't use the Shar tier on uh on the on Linux base system so you're using Windows you're using Windows you got to use bigger instances anyway which I don't know I don't like that too much but that's what it is uh moving on uh over we're now into the dedicated tiers and look it's right beside the free tier that's the green one it says B1 and if you expand it it actually has a couple other tiers there so I just wanted to show you that there was uh three uh there and so uh for dedicated TI we got basic standard premium premium version two premium version three and we're looking at basic that's what that is more disc space unlimited apps three levels in this tier that offer varying amount of compute power memory disc usage it must be B1 B2 B3 uh and then the next thing over is uh the standard and we had we had to switch tabs there onto the production tab notice the terminologies don't really match the tiers uh and so uh with standard you can scale out to three dedicated instances has an SLA of 99.95% availability and three levels in this tier that are offering varying amounts of compute power memory and storage dis and so then uh that's that tier there and we're on to our last tier which is the premium tier and this scales to uh 10 dedicated instances it has availability SLA of 99.95% and multiple levels of Hardware so that's the dedicated TI then we're on to the last thing which is isolated and this is really only to be used I think for ASC so the uh the isolated tier has dedicated Azure virtual networks uh full Network compute isolation scales out to 100 instances availability SLA of 99.95% and again I think it's just for those as um but there you go that is all the tiers and hopefully it makes sense to you but it is a little bit tricky to figure out what to choose but you don't really get to like pick at a granular level that's what I don't like um but uh it is a really great service Azure app uh service it does figure everything out for you so maybe it's okay for [Music] you hey this is Andrew Brown from exam Pro and we are going to be learning about Azure app services in this follow along uh and it's a service that's supposed to make it easy for you to deploy web applications I say supposed to because it really depends on your stack Azure has more synergies with other Stacks than others so if you're like me and you like Ruby on Rails you're going to find a lot of friction with rails and Linux but if you're using something like Windows servers or python or.net you're going to have a much easier time still really great service just wish they'd make it a bit more broad there but let's hop into it so before we can go use that service let's make sure that it's activated and so we'll go over here and we'll go to Azure subscription and then down below we're going to go to Resource provider now you think what you could do is just type in app services uh and you'd be wrong because the the service is under a particular provider so if you want to figure out what provider it is we can go um Azure resource providers and they have a page on documentation here that lists them all so if I search for Azure app Services it's under web and domain registration so we're going to make sure this is registered if we're using a custom domain which we are not today we need this one activated so going back here I will type in web and you can see it's registered so if yours is not registered go ahead and hit that I believe this by default is generally registered with new Azure accounts so I don't think that is an issue for you but we'll go back up here close these additional tabs and we will type in Azure app services and we will look for that service so there it is and we'll go ahead and hit add um and so I'm going to give it a new name I just made it a moment ago but I'm going to try again again and try to use the same name so we're going to call this Voyager Great and then I'm going to go ahead and name this Voyager and I already know that that is taken so I'm going to type in Delta Flyer and these are fully qualified domains so they are unique with Azure app Services you can run a Docker container we're doing code this time around and what I like to use is Ruby um but again you know if I want to use the cicd I'm not going to be able to use the deployment center with Ruby so that is not possible um and so we're going to go with python and run either a flask or ajango app I haven't decided yet I am in Canada so let's go to Canada east and uh down below here we have the plans generally the plans will tell you the cost underneath you'll notice that it's loading but I just want to show you that there are some discrepancies in terms of pricing so if I was to go to Azure app Services pricing and we were to pull this up here we can kind of see the pricing here okay and if we scroll on down right now we're looking at a premium V2 uh and oh no I don't need help I'm okay you'll notice that it's 20 cents per hour so if I go here and do that times 730 because there's 730 hours in the year that's $146 I believe this is showing me in USD dollar yeah and in here it's showing me$ 103 Canadian which is lower um so it could be that because I'm running in a Canada east region it's the price is different but you could imagine that if I had this at this cost at uh what did we say here um at 146 USD to CAD I'd actually be paying $182 so you got to watch out for that kind of stuff but I'm pretty sure this is what the cost is so just be aware that if you look stuff up in here it's not necessarily reflective so you got to do a little bit more work to figure that out uh if we wanted to go here uh we cannot choose the free tier when we're using Linux if we're using Windows I believe we can use it we're working with Linux today so that's just how it's going to be um for the B1 this is totally fine but we want to utilize deployment slots deployment slots is an advanced feature of uh the production version and that's the only way we're going to be able to use it here this is 20 cents per hour again so I don't want to be doing this for too long but I think what we'll do is before we do that we can just do an upgrade to Dev to prod so we can experience that I'm going to go and just choose B1 okay so we go next um we do not need any application insights for the time being and it will not let us so it's okay we'll go next review and create and we'll go ahead and create this resource here and I will see you back when this is done so um our resources is now set up we'll go to Resource and now that we're in here you'll notice if we hit browse we're not going to see anything because we do not have anything deployed which makes sense right uh so we're going to actually have to go ahead and deploy something so we are going to make our way over to the deployment Center and uh it's just going to tell us that we have yet to configure anything and that's totally fine we're going to go to settings it'll give it a moment and so the thing is is that we're going to need something to deploy um I did not create an app but the great thing uh is in the Azure documentation they have a bunch of quick starts here all right and apparently they have one for Ruby as well but today we are looking at python uh and so they actually have an example repository for us here which is github.com aure samples python docs hello world and I mean I could go make a repo for you but we might as well just use the one that is already provided to us so I'm just going to pull this up to show you what's in it it's a very very simple application even if you don't know anything about building web apps I'm going to walk you through really easily here okay so we're going to open up app.py so we are using flask if you've never heard of flask it is a very minimal python framework for creating web apps uh very uninspiring uh homepage here but it gets the job done it's going to create a default route for us which uh we have there we're going to call hello here and we're going to have hello world so that's all that's going on here very very simple and we have our requirements this is our package manager I don't know why python uses txt files it's very outdated to me but that's what they use and here we have flask all right so we're going to use that repo it's a public repo so it should be very easy for us to connect so we'll drop down go to GitHub and uh the next thing we need to do is authorize GitHub all right so I ran into a bit of trouble there because I could not uh authenticate my uh a GitHub account but you know what I just made another GitHub account so that made it a lot easier I'm going to go ahead here hit GitHub and we're going to try to authorize it and so now I'm logged into this new one called exam Pro Dev and we'll go ahead and authorize this application and we're now in good shape this repository doesn't have anything in it so um if I want to clone something I guess I'll probably have to Fork that repo so we'll give it a moment to authorize and while that's going I think that's what I'm going to do I'm going to go and uh Fork the example repo if I can find the link again here uh myself uh I believe it is that's still authorizing over there I'm still looking for it so it was like examples or something samples or examples all right so I found a way around the problem I just made a new uh GitHub account so that's all I had to do um and I just won't be using my primary account till I get my phone back but um so what we'll do is go hit connect I'll hit authorize and it didn't prompt me because it already connected to this new one called exam prodev you might have to put your credentials in here and it's going to ask me to select some things it's a new account so there are no organizations there are no repositories there are no branches totally brand new so what I'm going to need to do is get a repo in there so we'll just go ahead and Fork the Azure samples one so that is azure samples python docs hello world and if I type that right we're in good shape I'm going to go ahead and Fork this repository I'll say got it and then I'll move this off screen here this is now cloned you should see it cloned here and we'll go back here and this probably isn't live so there's no refresh button here so we'll have to hit discard and we will give this another go here and we will select our organization which is our name there is the repository uh should be main branch is kind of outdated I'm sorry but it's called Master that's what it is not my fault that's azure's fault okay um and I think that's it I don't know if we need a workflow configuration file I don't think so it's going to double check here no I don't think so and uh what we'll do is we'll just go ahead and save that and so now we are set up for [Music] deployment hey this is Andrew Brown from exam Pro and we're looking at Azure container instances also known as ACI and this allows you to package deploy and manage Cloud applications using containers or the way I like to think of it as fully managed stalker as a service Azure container instances allow you to launch containers without the need to worry about configuring or managing the underlying virtual machines and you're going to be able to design isolate containers for simple applications task automations and build jobs let's talk about some of the uh reasons why you'd want to use containers over VM so containers can be provision within seconds where VMS will take several minutes containers are buil per second where VMS are built per hour so you'll save a lot more money containers have granular at uh and custom sizing VPC uh vpcu memory and gpus where VM sizes are predetermined uh so those are the benefits between containers and VMS uh aciis can uh be utilized for both windows and Linux containers you can persist storage with Azure files using ACI containers and honestly if you have containers or functions you have to have an external storage mounted to persist uh it's just the way you do it aciis are accessed via fully qualified domain names which is one of the things I really appreciate about Azure Services because most of the services are like that Azure provides quick start images to help you start uh launching example apps but you can also Source containers from add your container registry Docker Hub and privately hosted container Registries it looks like that the choice option there let's just talk about container groups because this is pretty much the only major component you have to worry about these are ction of containers that get uh that get scheduled on the same host and the containers uh the containers in a container group share life cycle resources local network storage volumes so the idea is that you have these tightly coupled containers so all of them act as a service within that container group uh so here you can see an example of a couple containers that are mounting Azure files on different directories there and underneath all of that it's running on an Azure virtual machine container groups are similar to kubernetes pods yeah and it says similar to but not really the same thing multicontainer groups can currently support only Linux containers which is kind of a bummer but that's just what it is and there are two ways to deploy a multicontainer group you can use Arm templates when you need to deploy additional Azure service resources or just a yamell file when you want to deploy uh when your deployment only includes container instances let's take a look at container restart policies and what these do is allow you to change how the policies uh restart and there's three different ways we have always uh never and on failure so the first one here always means always restart the container and the idea is to uh keep your container running as long as possible and the reason why you'd want that is if you're running a web server some other providers would call that a service then we have never so run only one time this is great for background jobs and so other providers would just call this a task uh then you have on failure so containers that encounter an error that's when it should um restart and so it's as simple as just choosing that option uh when you uh are creating uh that container let's take a look at container environment variables are also known as nbars that allow you to pass configuration details to your containers and you can do this through the portal the CLI Powershell which that's always the case with Azure and so it's as simple as just putting in your uh key and your value uh and one other thing I want to point out is that you can also pass in secured environment variables so the idea is that sometimes you don't want them plain teex so if you have like so I have that stripe secret key you don't want anyone ever seeing that in production so the idea is that through and I don't think you can do this through the portal but you can do this through the CLI or Powershell is provide the secure environment variables over the regular one which isn't environment variables and that way you can pass it securely so it's never uh exposed to human eyes let's talk about persisting storage and we talked about that a little while there when we were looking at Azure files but uh containers are stateless by default so when a container crashes or stops all all state is lost to persist a state you need to mount an external volume and there's quite a few different things we can mount Azure files secret volumes empty directory a cloud get repo so you got a few options there and to mount a file volume you need to do this via power shell C you're going to give the following detail so when you launch the container there's going to be nothing in the portal so you got to do it this way all [Music] right hey this is Andie Brown from exam Pro and we're going to take a look at Azure container instances so here it is so all we got to do is go to container instances we'll hit add and the nice thing is that Azure provides us with a Hello World one so it's very easy for us to get started um it's a Linux machine and it looks like it's pretty inex expensive there so we'll stick with that I'm going to create a new group here we're going to call it banana um and we'll name the container instance banana and East Us 2 seems fine to me you'll notice we're on a quick start image if we wanted we could use something from the docker Hub and provide our own link but we'll just stick with the quick uh start image for today we're going to go ahead and hit next to networking just to see what we have as options you can make it public or private we'll go to ADV Advanced hold on here yep those are just the ports you can expose we'll go to advance and for the restart policy we can set on failure always or never we can pass in environment variables and I covered this a lot more in detail in the lecture content so we don't need to really dive deep into this um and we'll go ahead and create this instance and so we'll have to wait a little while here and I'll see you back in a moment okay and so after a short wait our container instance is ready we'll go to that resource there and take a look around so on the left hand side we can go to containers and there we can see it running we can see the events down below of what's going on so you can see that it's pulled the image it successfully pulled it and it started the container some properties nothing interesting there the logs if we wanted to see stuff and if we wanted to connect to the instance we could also go here and hit connect which is kind of nice um I don't have any purpose to do that right now so and it's also not going to work the way we're doing it but I just wanted to show you you had those opportunities uh you can do identity so that means manage it with role base access controls but what I want to see is actually this uh hello world working I'm assuming that must be a a hello page I've never looked at it before so we're going to go here grab the public IP address and paste it on in the top and there we go so we have deployed a instance onto Azure container instances or a container I should say so nothing super exciting to talk about here um but we do need to know the Basics uh there um if we wanted to deploy other containers it's just the one there so that's all you really need to do um but yeah so yeah hopefully that uh gives you an idea there I'll just go back to the list here so we can see it and we'll go ahead and just uh delete that probably do it for the vi the resources on the left hand side like I always like to do uh and we will go into banana here and we will delete banana and there you go [Music] let's talk about networking for Azure and so everything kind of revolves around the virtual Network also known as the v-net and this is a logically isolated section of your Azure Network where you launch your Azure resources and here's a very simple uh diagram of using v-net but there's a lot of networking components uh that you're going to be utilizing and we're not going to go through the exhaustive list here but let's just go through some of them uh just to give you an idea like all the things you can do within Azure networking so you have Azure DNS this manages your your DNS domain then you have the v-net itself and so underneath that it'll have like address spaces route tabl subnets then you have network security groups this access a virtual firewall at the subnet or Nick level you have express route this helps you create a very fast connection between your on-prem to your v-net then you have virtual Wan this is a centralized Network to Route different network connections then you have virtual Network Gateway this is a sight tosite vpm connection between v-ets and local networks then you have your Nicks or your network interfaces and these are virtual network devices to allow VMS to communicate using IP protocols and then you have like all your load balancers and other things like that so again not an exhaustive list uh but just shows you that there's a lot you can do uh within networking on [Music] Azure one interesting concept is v-net peering and this is where you connect multiple v-ets so they act as one network and there are two types of peering we have um uh Regional peering this is when you peer two v-ets from the same region and then you have Global v-net peering this is when you peer two v-ets from two different regions let's take a look at network interfaces which are software or Hardware interfaces between two pieces of equipment or protocol layers in a computer network and so network interface controllers also known as Nyx um that is the actual piece of Hardware that connects computer to computer network and they go by a bunch of different names such as network interface card network adapter LAN adapter physical network interface or even ethernet interface controller card so if it was back in the 1990s you definitely would have had one of these in the back of your computer and if you're a gamer uh today then you have one because you want that wire connection so you have a super fast connection uh and so um these cards or Nicks uh communicate using the Internet Protocol also known IP that's going to them to uh communicate on the on Layer Two the data link layer and the physical layer of the OSI uh model uh and so the way these work in Azure is they're called the Azure network interfaces and um they have the same initialism and IC and so the idea is that you're going to attach a network interface uh to an Azure uh VM instance and without one of these your Azure VM just can't communicate because it's just imagine not having that card in your computer it would have no way of of communicating um and the difference here is that they're just virtual network interfaces right so I'm sure um at the data center Azure has a bunch of these um actual uh cards but they are abstracted away so you know you just treat them as virtual and um an Azure VM it just has to have at least one Nick but it can also have multiple Nicks if you want and so here's just a nice little graphical representation of a VM that has a Nick attached to it so there you go let's take a look at subnets and a subnet is a logical division of an address space so we just looked at address spaces so we're cutting it up one step further and subnets help you define different kinds of workloads and allows you to apply virtual is isolation within your network so when you launch an aszure resource you choose the subnet you want to launch with within and an IP from that subnet is assigned to your resource so uh the thing is is that uh when you create route tables that's how you are associating uh the subnet so it can access the inter internet or access anything uh and then there's public and private subnets but this thing is interesting because like again if you if you're using AWS uh those are very clearly defined things but in Azure uh they don't have this concept of public and private you have to Define it yourself so really a public or private subnet is just a subnet that doesn't have access to the internet and so we saw that when we had the rote table and we over over uh Road um the access to the internet to none that M essentially made it a private subnet uh another thing you can do with subnets is you can associate a network security group and this is going to help protect protect your traffic entering and leaving the subnet so you're making rules based on the IP address port and protocol uh and then there's a special thing called a Gateway subnet so uh it's a specialized uh type of subnet it's just for Azure virtual Network gateways and so um it's interesting you'll go in and there'll be a separate section just for it and so you'll create it it's just for that service [Music] to understand Azure DNS let's first Define what is the domain name and that is a service that is responsible for translating resolving a service name to its IP address and so Azure DNS is a hosting service for DNS domains that provides a name resolution by Microsoft Azure infrastructure so imagine you have a domain you want it to be M managed by Azure DNS and then you can make records like www to point to a specific Azure resource that's the idea behind there and there's two types of uh dns's you can make you got a public DNS an internet facing one this is the one you're likely going to be using so this allows you to manage your domain for internet accessible domains Point your domains to your website or creating records that you uh you own the domain or that you uh are pointing uh emails to your email server uh so things like that then you have your private DNS which is internal facing this allows you to use your own custom domain instead of the Azure provider domains so azure has its own provided domains which are fully qualified domains for a lot of services a great example of this is azure storage accounts and so that is that link there is its fully qualified domain one thing I want to point out is that you cannot use Azure to purchase domains if you want to purchase a domain you can actually do do that through app services or you use like a thirdparty provider such as uh name cheep or GoDaddy and then have Azure manage that DNS uh stuff [Music] so uh virtual private networks also know as vpns what they do is they extend a private Network across a public network and enables your users to send and receive data across shared or public networks as if their Computing devices were directly connected to the private Network all right uh and so now we have to talk about what is a virtual Network Gateway and so virtual Network Gateway is the software of VPN device uh for your Azure virtual Network so that's how these uh devices are going to connect to your network so when you deploy a virtual Network Gateway it will deploy two or uh two or more specialized uh VMS in specific subnets you need to create a Gateway subnet and these deployed VMS contain routing tables and run specific Gateway Services you can uh choose the type of Gateway you want it to be and this is going to determine whether You' use something like VPN Gateway or Express rope Gateway so it's as simple as an option like that but to really understand these virtual Network gateways we should just look at some VP and Gateway design so you understand why you're creating these [Music] things so Azure Express routes creates private connections between Azure data centers and infrastructure on your premises or in collocation environments and so uh connections don't go over the public internet and as a result offer more reliability faster speeds consistent latencies and higher security so here's a big old graphic here kind of representing what's going on here and theide idea is that you're going to have connectivity from different things like from any to any so that's ipvpn Network a pointto point ethernet Network a virtual cross connection and this is all going to be going through a connectivity P provider at a co- location facility so this example would be a uh an edge partner and so you would be the customer Network that' be your on premise or whatever you want to connect so that you can make it all the way to your Azure services and the way you would establish connection is you create these Express circuits uh it's pretty common to have more than one because uh you want to have high availability just in case the other one goes out the idea is that you can route them uh route this traffic to a couple different places so the first one would be things like peering to Office 365 Dynamics 365 or even your Azure public services so when we say Public Services imagine you just launch a um a virtual machine that is in a public subnet that has a an IP that's reachable from the internet uh that could just be to that or maybe you're using like Cosmo DB or like you have fully qualified domains for other services uh so it's just a way that you can get there and then let's talk about the other side which is uh um doing private peering for uh v-net so the idea is that you have a private v-net so the subnets are private and so the only way is going to be access it uh you want a direct way to access it that way so uh that's the two ways there uh and just to note there is express route direct and so this is like express route with an additional benefit that has greater bandwidth connections from 50 megabytes per second up to 10 GB per second and this is really ideal if you have hybrid Solutions where you uh you're removing massive amounts of uh data or where latency matters because you you want uh to feel like these uh cloud services are right there with your on- premise environment you're going to need a lot of speed for [Music] that so as your private links allows you to establish secure connections between Azure resources so traffic remains within your Azure Network and so I got this big old graphic here uh and so let's just uh Define a few things I'm going to pull out my pen here and so imagine you have workloads on your on Prem or you have your own virtual Network on Azure and so you have some VMS doing some stuff and the idea is that you want to connect them to some other services over here uh but the thing is is that if you wanted to connect them they might try to transverse the internet so if you're on Prem it's going out here and it's going over here and so the issue with this is that um it's not necessarily secure uh another issue could be um you know it's just faster if it would to stay within the actual Network because if you're already connected you you know your stuff over here then why wouldn't it just go through uh the actual Network another thing is like data transfer cost so it's always going out the internet and coming back in and that's not a great scenario uh so I'm just going to erase all that stuff there uh the idea with private link is that it's just keeping everything within the Azure Network um and so that's what it's doing so if you want to uh you know um connect your workloads in your v-net or your on-prem that connects to a specific vnet the idea is that you can launch a private link endpoint which is a network interface and this is what's establishing that connection and you're going to have to give that private endpoint a private IP address from your v-net and so then the idea is that on the right hand side that's what you want to connect to there's a lot of Azure Services by default works with private link so there's no additional configuration you'll just be able to uh say use private link and they will uh same thing with some third-party providers um in the marketplace uh they might be powered by private link and then there's a third case where let's say you have like a private subnet and you have some VMS there uh so what you could do is um if you have a load balcer and you need to have an internal load balcer there you can uh launch the private link service and this is going to basically make your uh your workload in that v-net become compatible or powered by private link so there you [Music] go hey this is Andrew Brown from exam Pro and we're going to look at making our own virtual Network so we made a resource Group but we also need a virtual Network or v-net so we actually have some Network to launch our resources within so what I want you to do is make your way all the way to the top here and we're going to go ahead and type in vnet which uh we'll get virtual networks and go ahead and click that and if you notice you don't have any networks so we're going to have to go ahead and create our own so go ahead and hit the add button and uh we're going to have a bunch of options here I'm just going to name this uh well sorry we're going to choose that Resource Group so exam Pro and we're just going to name this exam Pro vet and there are some additional steps here we'll just take a peak here we don't really need to change anything but we'll just take a look so for IP address you can set the IP address space it's going to default to 10.0.0 416 which is very good for us you can see that it supports IPv6 which is great it's going to create us a default subnet which is going to be 10.0.0 sl24 that's going to be a subnet with uh like 256 um IP addresses which is great we go to the security tab um we have DOS protection basic and you definitely want to stay on that because that is free same thing with the firewall we don't want it on because that's going to cost extra money I'm going to go back to basics we're going to hit review plus create we're just going to wait for validation to complete this could be instantaneous for you or you can wait a few seconds it's different for everybody and now the validation has completed we'll go ahead and hit create and so we'll just wait for that to finish creating great so it's created so it's just saying deployment is underway so we're just going to have to wait a little bit here until it says deployment is complete and it's already done super fast we'll go ahead and hit go to Resource and so now we are in our virtual Network and we have a bunch of settings on the left- hand side so address space subnets etc etc nothing we need to know at this level um we just need that virtual Network so we can launch resources in so now that we have resource groups and virtual networks we can start launching resources so there you go I'll see you in the next follow [Music] along hey this is angrew Brown from exam Pro and we are looking at Azure storage Services starting with Azure blob storage so um I would describe this as object serverless storage so if you ever heard of object storage or seress storage this is going to make sense to you so you're able to store very large files and and large amounts of unstructured files uh and the idea here is that you pay for only what you store uh it's basically unlimited storage you don't have to resize the volumes you don't have to worry about file system protocols you just upload files uh and that's why it's considered serverless storage then we're going to move on to Azure dis storage this is the most common type of storage uh you'll encounter um so we can describe it as a virtual volume so you're just choosing either an SSD or an htd so it's basically a hard drive in the cloud it has encryption by default and uh it's attached to Virtual machines so anytime you're spinning up a virtual machine uh it's probably spinning up also uh Azure dis storage attached to it then you have Azure file storage so this is a shared volume that you can access and manage like a file server so it's going to use uh protocols such as SMB the reason you'd want this is that let's say you had multiple virtual machines multiple servers and you wanted them to all share the same uh uh hard drive drive that's what You' use it for or if you need to have users access it using those protocols that's another way of doing that uh then you have Azure Q storage now I put an aster in front of it because this is just a weirdly named service um because this is really uh for a messaging queue this is actually for application integration but I list it here because they put the word storage on it so I just think it's poorly named um and even the way they describe it is is just makes you think it's storage but it's a data store queuing and reliably delivering messages between applications so it's just uh uh integrating two applications together passing a messages along another one that's confusing is azure table storage I would put this in the database categories and it's a nosql database and specifically it's a wide column nosql database as they described it's a nosql store that hosts unstructured data uh independent from any schema so just be aware of those two they're just very poorly worded um then you have Azure data box and also it's upgraded version the Azure data box heavy this is a rugged briefcase computer and storage designed to move terabytes or pedabytes of data so imagine um somebody uh shows up your door with this uh this Tower that's a computer and you plug in your USB or whatever um uh whatever you want and you transfer all your files locally on your on- premise Data Center and then they they ship it because it's faster to ship the data on a physical piece a device and it is to send it over the Internet that's what Azure data box is uh and then we have Azure archive storage so this is long-term cold storage for when you need to hold onto files for years but you want the cheapest storage options if you have lots of data and it's not it's not doing anything you definitely want to be uh putting on the cheapest possible uh storage devices cheap meaning um uh doesn't mean that they're not reliable just means that they're not active the discs are not act actively spinning nobody's accessing the data on those hard drives the last one is azure uh Azure data Lake storage and so this is a centralized reposit repository that allows you to store all structured and unstructured data at any scale when you're working with big data from multiple different sources and you need it to be in one place that is the service for you and so that is the Azure storage [Music] Services hey this is Andrew Brown from exam Pro and we are looking at Azure storage accounts which is used for containing all your your storage data objects such as blobs files cues tables and diss so storage accounts is one of those Services where it has a bunch of different storage types uh within it so it's a quite the multi-purpose uh service and with each different type of storage is going to have different features and their own pricing models let's just quickly break down uh the type of storage we have so we have general purpose uh version one uh version two blob storage block blob storage and file storage and so I just want you to know that when you are using storage accounts uh I'm saying storage type but for whatever reason the UI calls it account kind uh just to be aware of that small little discrepancy there but storage accounts are going to vary based on features and so the common features we'll see across storage will be um supported services so where can I put this storage account and so on the right hand side you can see uh like if you make a general purpose version two what you have access to such as contain containers cues tables or fur those options are going to change based on what you're using all right uh for performance tiers this is how fast uh you'll be able to do reads and writs uh you have standard and premium uh you have different kinds of access tiers so how often do I need to quick access these files and then there's replication how many redundant copies should be made and where and the last thing is deployment models so who should deploy the supported service resource manager class CL and in generally most cases it's going to be resource [Music] manager so here I have all the storage Types on the Le hand side and uh we have the feature set and how it's going to vary based on the certain types let's just quickly look through this to see where there are some uh standouts and you might want to actually review this at the end of the section just so uh you're a bit more familiar with all these types of features so it clicks it better but let's just quick go through this so you're going to notice for version one this is the only case where you're going to have a deployment model of classic everything else is going to be the resource manager from a practical standpoint you're not going to really notice because you're just going to be pressing buttons but underneath um that's the only case where it varies for replication you're going to notice that uh version two has the most options with replication and if these don't make sense don't worry we're going to cover all the replication in an upcoming slide uh for uh blob block storage you can see it's very limited same with file storage um so that's there when we're talking about access tiers how quickly you can access files you're going to notice that it's only available for General version 2 and blob storage where we're choosing these different tiers for these ones it doesn't really matter um because well especially with like a file storage because the drive is as fast as it's going to be right uh for performance tiers uh you're going to notice that with version one and version two we have standard and premium when you're using file storage and block blob storage you're always using premium and with blob storage which is again a legacy format there that's going to be using standard uh blob storage comes in three different types and you're going to notice that uh based on what you want to use there'll be some variation there um I don't know where pages I think that they both support page but there are three types in there I wouldn't really worry about it too much uh you're going to notice that file storage only supports file types and then you have version two and this pretty much uh supports everything so you can see general purpose version 2 is a really great um uh storage to [Music] choose so we were just talking about storage types now let's talk about the actual storage services that we can actually uh launch or utilize Within These uh storage types under storage accounts and there are five core storages available to us the first is azure blob this is a massively scalable Object Store for text and binary data it also includes uh Big Data analytics through data Lake storage Gen 2 um and so aszure blob is really great because you just don't have to think about the file system you just upload files and they're treated like objects so that's really nice then you have Azure files and this is a file share uh and so the great thing about Azure files is that if you want to have a bunch of virtual machines and have it so like they have um the same file system sharing all the same files that's what you're going to use that for then you have Azure cues to me this really is a database but for whatever reason it's under uh storage accounts and it's a nosql store for schema storage of structured data this is another unusual one uh I don't know why Azure puts it under here but um it's a messaging store for Reliable messaging uh between application components to me that's like an application integration service but Azure categorizes it as storage and the last one is azure dis and this is Block Level storage volumes for Azure VMS and so the idea is that when you want to do the top four the above you're going to be launching storage accounts and for uh discs you're going to be launching diss it's a bit unusual because um one of storage accounts say that you can uh use or store diss uh in I think version or uh general purpose version two I'm not really sure I understand that uh maybe it's talking about like backing them up or something like that but anyway from practical standpoint and for what we need to know is that this is the breakdown here and we do have a full section on Azure diss um so we will get into that [Music] so now let's take a look at some of the features that are available on uh account storage the first being performance tiers and generally this is going to be for blob storage and we have two types of performance tiers we have standard and premium so it's a simple as uh just choosing between the two uh and when we're talking about performance especially when we're talking about storage we want to be thinking about iops and that stands for input output operations per second so the higher the iops the faster a drive can read and write so you can uh definitely assume that uh premium is going to have a higher amount of iops and so when we're looking at the premium performance these are going to be stored on solid state drives ssds which we have in the picture there it's optimized for low latency higher throughput and the use cases here is going to be interactive workloads analytics uh AI or ML and data transformation on the other side for standard performance these are running on hard disk drives and you're going to have VAR Performance Based on your access tier and we're going to talk about access tiers uh very shortly uh but the tiers would be hot cool and archive and this is great for backup and Disaster Recovery media content bulk of data processing uh and things like that and so the reason why ssds are uh generally really really good for uh premium performance is because they have no moving Parts within them and the data is distributed Rand uh randomly so if you have to do a read and write the distance between the read and wres are going to be a lot faster uh and that's generally why you're going to see Sol satz with premium performance or things with higher iops and then for um hard uh dis drives it does have moving parts so you see that it has an arm and that arm needs to read and write data sequential sequentially to the disk and so it's very good at writing or reading large amounts of data that is close together that is sequential um but you know the idea is that neither uh format is good or bad it's just the the use case that you need so you don't always always need to go with SSD sometimes you want to save money and hhds are uh or hdds are really good for [Music] that so let's take a look at access tiers and there are three types of tiers uh for standard storage we have cool hot and archive and so you're going to have this option between uh cool and hot and archive archive might not show up depending how you configure your storage account uh so for example if you use a particular type of replication that might not be available uh uh uh to use with archives so just be aware if that option doesn't show up you might have to change some of your settings let's quickly walk through the three options so hot is for data that's access frequently and has the highest storage cost and lowest access cost so again it's for data that's as frequently access or in active use or data that's staged for processing an eventual migration to the cool AIS tier then you have the cool tier this is data that's infrequently accessed and stored for at least 30 days lower storage costs higher access cost and the use casee here is for short-term backup and Disaster Recovery data sets or older media content not viewed frequently anymore but is expected to be available immediately when accessed uh and I think there's actually a third use case which is large data sets that need to be stored cost-effectively while more data is being gathered for future processing then we have the archive tier this is for data that's rarely accessed and stored for at least 180 days uh it's the lowest storage cost but it also has the highest access cost uh and so its use case would be long-term backup secondary backup archival data sets original raw data that must be preserved even after it's been processed into the its usable form uh and compliance and archival data that needs to be stored for a long time and is hardly ever accessed so just make use or note of the cool is at the least 30 days and the archive is at at least 180 days I should have highlighted those for you I don't know why I didn't uh and so just some other things you need to know so for account level tiering any blob that doesn't have an explicitly assigned tier infers the tier from the storage account access tier settings so you can set uh blobs at different um storage levels uh blob level tiering uh you can upload a blob to the tier of your choice and change uh change the tiers happen instantly with exception from moving out of archive uh the concept of rehydrating this is when uh you're moving a blob out of archive into another tier it can take several hours uh you have the blob life cycle management so you can create rule-based policies to transition your data to different tiers so after 30 days we can move it to cool storage and here is just the option here you see where it says 30 I think 30 is the minimum days you have to choose um but I could be wrong and so you have the options down below so move to Cool Storage move to Archive storage delete the blob uh and just a few other things here when a blob is uploaded or moved to another tier it's it's charged at the new tier rate immediately upon the tier change so when you're moving to a cooler a cooler tier the operation is build as a right operation to the destination tier and when the right operation per 10,000 and data right per gigabyte uh charges for the destination tier applies uh when moving to a hotter tier the operations is build as a read from the source tier and where the read operation again in the 10K and the data retrieval again in gigabytes charges for the source tier applies and early detection uh charges for any blob moved out of the cool or archive tier May apply as well uh and just lastly here uh when we're talking about cool and archive early detection any blob that is moved into the cool tier so this is only for general purpose version two accounts is subject to a cool early detection period of 30 days and any blob that is moved into the archive tier is subject to an archive early detection of 180 days and this charge is pro-rated so uh you know access tiers aren't the funnest thing to talk about but there is all the information you need to [Music] know so let's take a look at replication and data data redundancy and so when you create a storage account you're going to have to choose a replication type and the reason why is that uh you're going to want to have multiple copies of your data so you're protected from a bunch of things so maybe uh your data Setter has a planned outage so you have to make sure you have a u a backup of your data if you need to access it maybe there is a hardware failure or network or power outage or natural disaster and so that is the whole point of replication and the greater level redundancy the more expensive the cost of replication will be and talking about cost we can break it down into three categories and each uh of these categories have uh two types of uh replication so let's just quickly go through the list and then we'll Deep dive into all of them uh in the upcoming slide so for the first part we have primary region redundancy so we have local redundant storage lrs and Zone redundant storage zrs and locally redundant storage is the most cost effective tier so that's the one I'm usually going for a lot especially when I'm running uh using development accounts that's what I'm always setting and so the reason or and so the use for thisa uh this tier is generally disaster recovery and failovers the secondary region redundancy we have Geo redundant storage GRS and geozone redundant storage gzrs and the reason you'd want to use this tier is for also disaster recovery and failovers but it has a higher level redundancy uh then the last one here is secondary region redundancy with read AIS uh and uh for this case uh we we're going to have is read axis GE redundant storage so that's RS and read AIS GE redundant storage G uh R azrs uh and that's going to generally be for read replicas and if you can't remember all the initialisms don't worry I don't either um but uh you know there you [Music] go so what we're going to do is take a closer look at the replication type starting with the primary region redundancy and so for this tier all the data is going to be replicated at least three times in the primary region and we got two options we have lrs and zrs and by the graphic you can tell that they're slightly different and so for for lrs it's using um uh synchronous uh replication for those other pieces of data so you notice in that region there are three uh there's three versions running and so when we say synchronous we mean that if I want to read from any of those copies um they're all going to be 100% up to date so that's what synchronous means um and so here we have a durability of 119 and this is the absolute most cheapest option when choosing storage accounts so if you're running this for developer accounts you do not care about uh replication choose lrs uh for zrs we have copies of data synchrony to three different availability zones in the primary region and this has a durability of 12 9 so it's clearly more durable uh and so why would you want to choose the primary region over the lrs well the idea is that if an availability Zone goes out you still have your data in two other regions where in the case of lrs if the uh availabity availability Zone goes out uh your data is gone okay uh so that is uh the first uh [Music] tier so now we're taking a look at secondary region redundancy and the purpose of this is uh if you have your primary region uh suffers a regional disaster so all the data centers are out in your primary region uh you can rely on that secondary region and your secondary region is going to be determined based on your primar pair region so regions are paired with another region uh and so you don't get to pick your twin it's just it is what you get okay um and so secondary regions um aren't available for read and write access except in the event of failover so basically the uh redundant cop the second secondary region is uh is just there on standby but it's not in use and so let's just talk about GRS and G uh gzrs and you'll notice again by the graphic uh they're they look a bit slightly different but you can kind of get the idea based on our previous version or previous uh primary storage tier and so uh data is copied synchronously in within the uh the main primary region and then data is a synchronously copied to another region so asynchronous means that if you try to read from the second region all the data might not be there okay again synchronous means if you read from something there's a guarantee that it's going to be the same and asynchronous means that there's not a guarantee that the data is one: one to the original and the durability here is 69 going over to gzrs uh we have data data is copied synchronously across three availability zones in a physical region and then the data is copied asynchronously to another region and um I believe that the data in the secondary region is not necessarily in three other azs at least that's the graphic I made there so hopefully that is true um but yeah there you [Music] go so now we're going to take a look at um a redundancy in the secondary region with read AIS and the whole purpose of this region is so that you can actually uh have a read replica in another region uh and so the the concept of that is having your data in sync okay and so down below we have RS and R azrs and it's going to look very similar to the last setup but the key difference is that now um data is synchronous uh synchronous in both the primary and the secondary region because if you're going to be reading from it you want to make sure that your data is one to one uh with your primary regions data so there you [Music] go so we keep on mentioning about Azure blob storage let's actually talk about it now so blob storage is an object stored that is optimized for storing massive amounts of unstructured data and unstructured data is data that doesn't adhere to a particular data model or definition such as text or binary data and Azure blobs are composed of the following components so I have this graphic here so the first thing is your storage account and I didn't mention this prior but uh when you create a storage account you actually get a fully qualified domain uh a lot of azure services are like this where you get a fully qualified domain so that you can access it from everywhere and this is a really nice feature but that means that when you're naming your storage account or other Azure Services you have to treat it like a domain name and you have to choose a unique name uh the next thing are containers uh and this is a little bit confusing because when we think of containers we think of computing but Azure um uh account storage has the concept of containers for blobs and it's just uh what they call folders so just be aware of that and then you actually have the actual data being stored and these are the [Music] blobs so there are three types of blob storage we have blob blocks and this is what you're going to primarily be using and so this is when you store text and binary data it's made up of blocks of data that can be managed individually and it can store up to 4.7 uh terabytes of data then you have aend blocks um and these are optimized for append operation so imagine that you have logs uh from a virtual machine and you want to write them to blob storage this is going to be a lot more efficient if you're using appen blobs because they just appen to the end of the file and the last is Page blobs and these store random access files up to 8 terabytes in size and these are just for storing virtual hard drives so vhd files uh and serves as discs for aure virtual machine so there's the three [Music] types let's take a closer look at a copy and this is a command line utility that you can use to copy blobber files to or from a storage account so the first thing you're going to need is the executable file and there you can see they have it for Windows Linux and mac and then once you download that file uh what you're going to have to do is also uh make sure that you have the the right level of authorization with for the user account you're using with it so you might need to uh for download you'll need storage blob data reader for upload storage blob data contributor and storage blob data owner so just be aware that you need to have those uh rules available to you um to your user account I think that I have access to everything so I don't think I even I set this it it just works but if you're in a larger company and you have more uh permissive least permissive roles you just need to know about that and so you can gain access uh uh via either the Azure active directory or a shared access signature so let's just take a look at that right now so the idea here is that we'll type in a copy login and it's going to ask us whether we want to sign into the web browser so that is uh that should be as your active directory option one and so what you'll do is you'll uh enter your username and password and you'll then have to enter the code displayed there and so now you're ready to use uh the um the CLI and so all you have to do is type in a copy copy and then you have the file and then you give it the endpoint to the storage account uh and the container and the location you want it to go in if you want to download files it's the same command you just reverse the order you say uh this is the the location of the file I want to download it locally all right let's talk about Azure storage Explorer so this is a standalone app that makes it easy to work with Azure storage data on Windows Mac OS and Linux and you can create a variety of things so I just want to show you and here I am running on a Mac but on the left hand side you can see I have my subscriptions my storage accounts my Diss and we have some options where we can like upload files download files open stuff uh clone stuff uh create uh some things and so this is just an easy and convenient way to uh access your file or your account storage and work with [Music] them so let's take a look at Azure files this is a fully managed file share in the cloud and the idea behind this is that it's like a centralized server for storage that allows multiple connections or the way I like to think about it it's like having one big shared drive that every that everyone can use or work on at the same time and when I say everyone I mean your virtual machines so here is a visual representation but let's just talk uh quickly about it uh so the idea is that you're going to be using a network protocol uh in order to uh facilitate communication and so the two most common ones is server message block which I believe uh was created by Microsoft and network file system NFS which is very commonly used on Linux files or Unix based file systems and what you're going to be doing is you'll have to establish a connection with your file shares file system uh and what you'll be doing is making it accessible within a specific directory so a folder within your um within your drive okay and this is called mounting so you notice there uh it says Z X and Y so on Windows you'd actually have the option uh when you mount it to say I want to mount it to zed and so anytime you access Zed on your Windows Server uh it's actually going to be using um Azure files okay so let's talk about all the use cases for Azure files normally they have a spiffy graphic here um but because Azure files has so much utility uh all I have room for is a bunch of text uh but we do need to learn it all because it is such an important service so the first use case is that it can serve as a replacement or supplement uh for your on- premise file servers network attached storage your Nas devices if you're performing a lift and shift and a lift and shift is when you're moving data in the cloud we'll describe it in a second here uh you can use um uh Azure files for that and so we actually have two different kinds of lifts we can do that Azure defines we have a classic lift and a hybrid lift so in a in a lift and shift this means when you you move workloads without re architecting so the idea is like you used to use on premise you want to use app meure uh but you're trying to keep things as as similar as you can very commonly lift and shifts for uh um from on premise to the cloud will just be taking your virtual machines and then just uh copying and bringing them onto the cloud with nothing else right uh but anyway in the case here for storage we have the classic lift this is where both the application and its data are moved to Azure and then in a hybrid lift this is where the application data is moved from uh moved to Azure files and the application continues to run on PR premise uh so clearly classic lift is bring everything over hybrid lift is like leave the application behind uh another reason you'd want to be using as your files is that it's going to simplify your Cloud deployment so imagine you have shared application settings so you have multiple virtual machines and workstations and they all rely on the same configuration fils you can just go ahead and mount that drive and share that information uh if you're doing do diagnostic tests so let's say you have a bunch of virtual machines and they're logging uh to those machines uh and you want a developer to go in and quickly debug them maybe there's a reason why you don't want to use a third party provider because of compliance or security reasons but the idea is that all these DMS can just log uh to the um uh to the file share and so now you have centralized logs across many machines uh another uh use case is that you need to quickly share development tools so you could put all your tools onto the on to the drive and so they developer would mount it and now they can set up a local environment a lot faster when we're talking about containerization we have a few options here so if you are using containers generally by default containers are stateless and so you need to purist volume somehow and so that's what you're going to do you're going to be using Azure files to do that um and also another question is why would you why would you use Azure files instead of setting up your own file share server because that's definitely an option that you can do and the reason why is that shared access so it already has the standard protocols so you don't have to configure them it's already uh baked into to uh the service it's fully managed uh and this is something that I should I don't think should be underlooked but because it's very difficult to um scale a file server so it they will uh apply patches for it and it will just automatically um scale another thing is that it already has a lot of scripting and tooling built in so if you want to use the Azure API or Powershell you can automate the management and creation of files and things like that and it's also extremely extremely uh resilient so uh you can be sure that it's going to stay remain running so there's a lot of use cases there but definitely worth our time so there you [Music] go all right so we heard of azure files but there's also another service called Azure file sync and so the idea behind this service is that it allows you to cash Azure file shares on an on- premise Windows server or Cloud virtual machine and so here is the uh visual graphic here where you can see on Prem Azure VMS and your Azure backups and so the idea here is that you can use any protocol that's available on the Windows server to access your data locally including SMB NFS and even ft FTP um and you can have as many caches as you need across the world so I mean like this is kind of like having a one drive right for your file share uh because it's keeping uh or like any kind of cloud storage it's just keeping your files in sync and the nice part is like you can have files in the cloud and uh they're they're referenced on your computer but you only um you only need to access them when you when you need them so you don't have to have all these files locally [Music] okay hey this is Andrew Brown and in this video I'm going to show you how to set up blob storage and so if you remember uh through the actual course blob storage is like serverless storage so you don't have to worry about um running out of space or resizing your discs let's go to it um at the top here I want you to type in uh blob storage and you're going to go to storage accounts and this is where you end up creating all of your storage accounts you can see that we have a couple storage devices from the virtual machine and when we created the um serus uh the serverless function there so go ahead and hit add and what we're going to do is choose exam Pro or whatever you called yours when we were at the resource Group step then we're going to have a storage device I'm going to say my blob uh storage oh has to be all lowercase my blob storage and that's already taken so we'll say uh exam blob storage and it can have hyphens there we go and so we're going to launch it in Us East we have the difference between standard and premium I think we'll stick with standard uh we have storage type V2 or V1 or blob storage we want blob storage uh we have some replication options here I'm just going to leave it alone uh we have access here hot or cool we're just going to leave it hot and we can just look at networking here for a moment uh we're going to leave this alone we're just going to look Advance at a moment so nothing exciting there we'll go back to basic hit review plus create we'll have to wait for validation we'll go ahead and now hit create and then it should say deployment underway we're waiting to see the St deployment complete uh you might be getting into the rhythm of how creating Services now it's almost always the same process and we'll just wait here till this is complete okay great so I just waited a minute there and now um that's all set up so let's go ahead and hit go to Resource and then we have a lot of stuff around here um so what we want to do is we want to start uploading files but I think we have to create a container first so go all the way down here left inside and go to containers and we're going to create a new container I'm going to call this start track it's going to be a private container so it's only just for me we'll hit create and now we should be able to click into that container all right so now we uh now that we have that container what we can do is go ahead and upload our first file I just happen to have a file on my desktop here so I'm just going to go select that there and upload um all the options by default are great here we'll just hit upload and there we go so we just uploaded a file into our blob storage brige um yeah so that's all there really is to it um so now that we're all done there we can just go ahead and delete this container so I think we'll just go back to storage accounts not sure if we have to delete the containers first I guess we'll find out and we'll just go here to blob storage we'll go ahead and hit delete and we'll hit yes we'll go to delete and there you go so we'll just go back to Microsoft Azure there and back on our desktop and I'll see you in the next fall along hey this is Andrew Brown from exam Pro and in this section we'll be covering the Azure Cloud adoption framework Cloud adoption framework is a white paper that is a step-by-step process to help organizations plan and migrate their workloads to Azure the image outlines the Microsoft cloud adoption framework for Azure a systematic approach to transitioning to the Azure Cloud the process is categorized into stages Define strategy here the focus is on understanding motivations grasp in the reasons for cloud adoption business outcomes identifying the desired results business justification validating the moves reasons first adoption project kickstarting the cloud Journey plan this stage includes rationalizing digital estate evaluating current digital assets initial organization alignment ensuring everyone is aligned with the migration goals skills Readiness Plan equipping teams with necessary Cloud skills Cloud adoption plan laying out a road map for the cloud transition ready this phase ensures preparedness Azure Readiness guide preparing the environment for Azure First Landing Zone setting up an initial secure Azure environment expanding the blueprint broadening the Azure setup as per requirements best practice validation ensuring adherence to Azure best practices adopt the actionable phase where migrate existing workloads or moved to Azure this entails the first workload migration understanding expanded scenarios validating best practices and making process improvements innovate transform services in the Azure environment using Innovation guides exploring new scenarios validating best practices and furthering process improvements govern this is about oversight and management establish a methodology and Benchmark for governance Implement initial best practices standards for Azure use measure governance maturity how well governance rules are followed manage the deals with ongoing operations ensure business commitments are met during the transition set and assess the operations Baseline determine operations maturity gauge the efficiency of cloud operations now let's take a look at the security roles and responsibilities of the Azure Cloud adoption framework Business and Technology outcomes goals and results expected from security functions security outcomes results an organization aims for including governance prevention and response role types security leadership provides security Direction and strategy security architect designs and implements security blueprints platform app security Engineers ensures security of platforms and applications security operations manages real-time security threats responsibilities security leadership set security strategy security architecture design secure systems security compliance ensures adherence to regulations policy and standards set security policies posture management manages over all security stance phases of security implementation plan identify security needs build Implement strategies including access control and asset protection run manages ongoing operations including prevention and response feedback loop continuous Improvement cycle and security operations in summary the framework offers a structured way to transition to Azure ensuring strategy alignment preparation adoption governance and effective management the next topic we'll be covering is azure migrate Azure migrate offers a streamline service for migration modernization and optimization on Azure it simplifies the pre-migration processes like discovering assessing and appropriately sizing on premises resources for infrastructure data and applications with an extensible framework Azure migrate easily integrates with thirdparty tools broadening its range of supported scenarios here's what it offers Unified migration platform a centralized portal to initiate execute and monitor your Azure migration Journey diverse tool set Azure migrate provides a suite of tools for both assessment and migration it features tools such as Azure migrate Discovery and assessment in migration and modernization furthermore it seamlessly integrates with other Azure Services tools and thirdparty offerings from independent software vendors comprehensive migration and modernization capabilities in the Azure migrate Hub you can assess migrate and modernize servers databases and web apps assess and migrate on premises servers web apps and SQL Server instances to Azure databases analyze on premises SQL Server instances and databases and migrate them to Azure SQL on a VM Azure SQL managed instance or Azure SQL database web applications evaluate on premises web applications and transition them to the Azure app service or Azure cubern service virtual desktops review your onsite virtual desktop infr structure and move it to Azure virtual desktop data transfer efficiently and affordably transfer vast data volumes to Azure using Azure data box products by using Azure migrate organizations can streamline and simplify their migration process reduce downtime and improve the overall efficiency and cost effectiveness of their Cloud migration the next thing we'll be covering are the integrated Tools in Azure migrate the Azure migrate Hub includes these tools Azure migrate Discovery and assessment discover and assess servers including SQL and web apps discover and assess on premises servers running on VMware hyperv and physical servers in preparation for migration to Azure migration and modernization migrate servers migrate VMware VMS hyperv VMS physical servers other virtualized servers and public Cloud VMS to Azure data migration assistant assess SQL Server databases for migration to Azure SQL database Azure SQL managed instance or Azure vm's running SQL Server data migration assistant assesses SQL servers identifies potential migration problems unsupported features and suggest the best path for database migration Azure database migration service migrate on premises databases to Azure vm's running SQL Server Azure SQL database or SQL managed instances Azure databased migration service is a managed service for seamless migrations to Azure data platforms with minimal downtime nuver assess servers nuu is a SAS platform that enhances business intelligence by accurately depicting it environments within a day web app migration assistant assess on premises web apps and migrate them to Azure Azure app service migration assistant is a standalone tool to assess on premises websites for migration to Azure app service Azure data box migrate offline data use Azure data box products to move large amounts of offline data to Azure so that's an overview of the integrated Tools in Azure mic great the next migration solution we'll be covering is azure datab box the Microsoft Azure datab box Cloud solution lets you send terabytes of data into and out of azure in a quick inexpensive and reliable way each storage device has a maximum usable storage capacity of 80 terabytes and is transported to your data center through a regional carrier it is designed to help customers with slow or limited internet connectivity to move large volumes of data to the cloud let's take a look at some of azzure data Box's use cases data boxes used to import data to Azure for onetime migrations moving large on premises data transitioning offline tapes relocating VMS SQL servers applications and transferring historical data for Azure based analysis initial bulk transfers large scale transfers using data box followed by incremental Network transfers for example moving vast backups with Partners like convolt periodic uploads transferring large volumes of data generated periodically like video content from oil rigs or windmill farms for exporting from Azure data boxes used for Disaster Recovery restoring Azure data on premises quickly security requirements meeting mandates that require data extraction from Azure storage tiers Like Us Secret migration moving data back to on premises or to a different cloud provider here's how Azure data box works customers order a data box from the Azure portal when the data box arriv arrives customers connect it to their Network and configure it using the Azure portal customers copy data to the data box using standard file transfer protocols such as SMB or NFS once the data transfer is complete customers ship the data box back to Azure Azure copies the data from the data box to the customer's Azure storage account so that's an overview of azure datab box its use cases and workflow hey this is Andrew Brown and and before we get into Azure ad I need to point something out it's not called Azure ad anymore it's called Microsoft entra ID Microsoft decided to change the name of azuread why nobody knows but I can tell you no customer likes this particular change um somebody just had a lot of time on their hands over at Microsoft but we do need to address this and I need to point out that I'm not refiling all of the content that I made just to change the name because that's crazy I will will at some point when this when the content is stale but the content's not stale they just change the name on us um but I wanted to just go over that quickly here so uh the names here we have Azure ad is now Microsoft entra ID then the Azure ad tiers is from P1 P2 still P1 P2 the Azure ad external identities is now called Microsoft entra external identities and if we scroll on down we have a logo change so instead of this which by the way I really like the old logo they didn't need to muck with it but anyway we have uh the older ones here and so this is the new one here and so there are some name changes here Azure ad single sign on now Microsoft entra entra uh single sign on we'll go down below here and you can see well more name changes okay so um anyway yeah they renamed it and you know customers are just going to take a while to get used to it I still like calling Azure ad I know a lot of other people like still calling it Azure ad but it's at some point we'll get moved over to it and we're just going to use both names okay now coming over to uh uh the portal I need to show you that if you type in Azure ad it's still going to pull up Microsoft ENT okay now you don't want Azure ad B to C which is interesting they didn't rename that U which is a it is part of azure ad kind of in a sense but it's more for um if you're building applications and you want to um have authentication into it so just understand that there's not consistency all over the place especially even their documentation the marketplace still says Azure ad all over the place um even down below uh you know Azure ad notification so you know there's just going to be that Legacy of azure ad but anyway yeah what you want to do is go go over to Microsoft Entre ID it all looks the same it's just some name changes okay but yeah there you go see you in the next one [Music] hey this is Andrew Brown from exam Pro and we are looking at Azure active directory and this is a cloud-based identity and access management service to manage users sign-ins and access to ad related resources so as your active directory is Microsoft's cloud-based identity and access management service which helps you your employees sign in and access resources so that could be external resources like Microsoft Office 365 azer portal SAS applications or internal resources so applications within your internal networking or access to workstations on premise and you can use Azure ad to implement single sign on so you can see that Azure ad is basically like the the the one solution to log into everything and uh we actually use it at exam Pro we use it with Microsoft teams or uh you know for the exam pro pro platform our mid panels tied to it so when we want to log into the mid panel with credentials we have it there uh we use it with AWS to log into there and we use it to log into azure so it has a lot of flexibility and if you're building out applications for Enterprises they're likely using ad and so this is the reason why everybody adopts it or needs to understand it so it's a service I really really do want you to understand and know as your active directory comes in for additions we have the free tier and by the way each uh uh uh tier that goes up has the features before it but uh free has MFA SSO basic security usage reports and user management then you have the Office 365 apps which is uh revolves around if you're using that Suite so you have company branding SLA two sync between on premise and cloud and then the premium tiers which really comes into Enterprise or or or on premise hybrid architecture so hybrid architectures Advanced group access conditional access premium 2 identity protection and identity governance only thing I don't like about Azure ad is that uh you can't really create your uh custom access controls unless you have premium one or premium 2 but that's just how they do it so there you go so let's take a look at the use case for Azure ad and we basically covered it in the introduction but I just want to reiterate it in a different way with a bit of a visual uh so that it really helps uh it sync into your uh brain there so Azure ad can authorize and authenticate to multiple sources so it can authenticate to your on- premise ad to your web application allow users to log in with uh ipds uh so identity providers could be like use Facebook or Google login uh you can use it with Office 365 or Azure Microsoft and so just a visual here notice that uh we have Azure ad and using Azure ad connect we can connect to on premise through uh app registrations we're able to uh connect our web application to Azure ad with external identities we can um uh use Facebook or Google uh uh uh uh login and then for cloud applications we can connect to Office 365 or Microsoft azure [Music] so active directory existed way before Azure and so let's just do a quick uh uh rundown of the history so we have an idea of what we're looking at so um Microsoft introduced active directory domain services in Windows 2000 to give organizations the ability to manage multiple on- premise infrastructure components and systems using a single identity per user so it's been around for 20 years and as your ad takes this approach to the next level by providing organizations with identity as a service so idaa solution for their apps across uh cloud and on premise and both versions are still used today because they just have different utility and so we have active directory which is for on premise and then you have azuread which is just the cloud hosted version and many regards these can also be connected together um but there you go so I want to cover some active directory terminology and the honest truth is that uh for a you're not going to be uh uh too worried about these things but they're going to come up in the documentation you're going to kind of wonder what they are and so I just wanted to uh uh tell you about these upfront even though they're not core to study uh so that it just really rounds out your active directory knowledge because active directory is such a core service to Azure Microsoft products you you should know these things uh so the first thing is all about domain so a domain is an area of network uh organized by a single authentication database an active directory domain is a logical grouping of ad0 objects on a network so just think of it way as you know how you have resource groups to logically group your Azure resources domains are a logical grouping for your ad objects then you have a domain controller a domain controller is a server that authenticates user identities and authorizes their access to resources very common to have multiples of these uh because you want to have redundant uh domain controllers so you can log in or availability or launching domain controller uh nearby so people can log in different places uh so definitely uh very core to active directory then you have the domain computer this is a computer that is registered with a central authentication database uh and a domain computer would be uh an ad object uh so then you have ad objects so this is the basic element of active directory so you have users groups printers computers share folders Etc then you have a group policy object a GP this is a virtual collection of policy settings it controls what an ad object has access to you have your organizational units this is a subdivision within active directory into which you can place users groups computers and other organizational units so it's just another way of um doing logical grouping then you have a directory service and this is this provides a method for storing directory data and making this data available to network users and administrators a directory service runs on a domain controller so there you go that is the rundown of active directory terminology and again hopefully when you see it in the documentation you can refer back to this or you'll have a better understanding of all the components I would have loved to have made a diagram but just couldn't find an example of one and so uh I mean I feel like there could be a really good picture for all this [Music] stuff so remember that the domain controller is the server that users are going to be using to authenticate to the directory Service uh and so when you create an active directory Azure sets one up for you but there's some cases where you might want to set one up yourself and the reason why is that you could be like an on like an Enterprise where you already have your own active directory on premise but you've decided that you want to move it over to Azure ad uh because you just want a fully managed active directory and uh you want to tap into the cloud but uh the thing is that some domain Services those are features on your domain controller just might not be available and that's where you're going to need to set up your own domain controller and that's where Azure active director domain Services come into play because these provide managed domain services and so they have manage domain services such as domain joins uh group policies ldaps uh curb B Ross Never Can Say That properly ntlm authentication and so the great thing is here is you can have these domain services but you're not going to have to deploy them manage them patch them they're just going to work so there you go the next topic we'll be covering is single sign on an enter ID single sign on an enter ID is a feature that allows users to authenticate once with enter ID and then access multiple applic ations and services without having to authenticate again when a user signs into enter ID with their credentials enter ID creates a security token that can be used to access other resources within the same organization this token can be used to authenticate the user to other cloud-based or on premises applications that have been integrated with enter ID SSO supports a wide range of applications including cloud-based applications such as Microsoft 3065 Salesforce and Dropbox as well as on premises applications such as SharePoint and sap SSO can also be used with custombuilt applications using industry standard protocols such as saml open ID connect and oth there are several ways you can configure an application for SSO choosing an SSO method depends on how the application is configured for authentication Cloud applications can use open ID connect ooth saml password-based or linked for SSO single side on can also be disabled on premises applications can use password-based integrated with Windows authentication header based or linked for SSO the on premises choices work when applications are configured for application proxy this flowchart can help you decide which SSO method is best for your situation the main SSO protocol supported in Azure include open ID connect and oath open ID connect is an identity layer built on top of oath 2.0 it allows for authentication and authorization of users in a secure and standardized manner it is saml ml is an xml-based protocol used for exchanging authentication and authorization data between an identity provider and a service provider it is commonly used for Federated authentication scenarios password-based authentication this refers to the traditional username password authentication method where users provide their credentials directly to authenticate linked authentication Azure provides the ability to link multiple accounts from different identity providers to a single user identity this allows users to authenticate using any of their linked accounts integrated Windows authentication it will let users access applications using their Windows domain credentials utilizing their current Windows session for authentication header base authentication in this method the application accepts an authentication token in the form of a header in each request the token is validated by the application to authenticate the user you'll need to be familiar with these SSO protocols as there will be questions asking you which SSO protocol is best suited for a specific application what is multiactor authentication a security control where after you fill in your username email and password you have to use a second device such as a phone to confirm that it's you logging in MFA protects against people who have stolen your password MFA is an option in most Cloud providers and even social media websites such as Facebook so that's an overview of single sign on an enter [Music] ID let's talk about external identity so external identities in aad allows people outside your organization to access your apps and resources while letting them sign in uh and use whatever identity they prefer so your partners Distributors suppliers vendors or other guests can bring their own identities such as uh Google or Facebook uh you can share apps with external users that's for B2B stuff uh if you develop apps and tender for Azure ad tenants uh for single tener multitenant you can do that as well uh you can develop white label apps for consumers and customers so this would be like azure ad uh B to C so there you go the next topic we'll be going over is conditional access conditional access provides an extra layer of security before allowing authenticated users to access data or other assets conditional access is implemented via conditional access policies which are a set of rules that specify the conditions under which signin are evaluated and allowed for example you can create a conditional access policy that states if the user account name is a member of a group for users that are assigned The Exchange user password security SharePoint or Global administrator roles require MFA before allowing access this policy enables MFA enforcement based on group membership simplifying the process compared to configuring MFA for individual users when roles change conditional access policy analyzes signals including user and location device application and real-time risk and verifies every access attempt via access controls this requires MFA block access and allow access signals or metadata associated with an identity attempting to gain access user or group membership policies Target specific users and groups giving admins find grain control over access named location information IP location information IP address ranges are used to permit or deny access based on geographical locations device policies can be applied based on the platform or status of a user device application users attempting to access specific applications can trigger different conditional access policies realtime sign in Risk detection signals and Azure ad identity protection detect risky sign-ins if risks emerge policies can prompt actions such as password resets multiactor authentication or block access pending admin intervention Cloud apps or actions can include or exclude Cloud applications or user actions that will be subject to the policy user risk for customer numers with identity protection user risk can be evaluated as part of a conditional access policy user risk represents the probability that a given Identity or account is compromised common decisions Define the access controls that decide what level of access based on Signal information block access most restrictive decision Grant access least restrictive decision still require one or more of the following options require multiactor authentication require device to be marked as compliant require hybrid ENT ID join device require approved Client app and require app protection policy conditional access policies are available and can be utilized with the following licensing plans Microsoft 365 business premium Microsoft 365 E3 and E5 enter ID premium P1 and enter ID premium P2 licenses overall conditional access acts as a robust security measure in Azure ensuring that authenticated users can only Access Data under specific conditions [Music] hey this is Andrew Brown from exam Pro and we are starting our journey for the sc900 talking about zero trust methodologies or the zero trust model in particular uh and this is super important because it really lays the foundation of the way we should be thinking about uh all of the security that we're going to be doing with an Azure and actually in any cloud service providers because the zero trust model is really uh what is being adopted today and we'll talk about why that is so the zero trust model operates on the principles of trust no one and verify everything so if you have malicious actors and they're being able to bypass conventional access controls and demonstrates traditional security measures that's no longer sufficient we need to come up with a new way uh to protect ourselves and so that's where uh Azure or Microsoft in particular has come up with their version of a Zer trust model called the Microsoft's zero trust model and this is based on three principles and six pillars so in the three principles we have verify explicity least privileged access assume breach for our six pillars we have um identities endpoints uh an easier way of thinking about end points is just think of them as devices apps data infrastructure and networks and I would say that if you wanted to put an emphasis on anything it's going to be identities which comes down to Azure ad that seems to be um the largest Focus here in this entire course and to really ensuring the zero trust methodology works the zero trust model is not unique to Microsoft gcp has its own uh zero trust model adabs has its own zero trust model but the one here is just going to really work for Azure [Music] okay okay so let's review the three principles we said that are in the Microsoft zero trust model the first is verify explicity and so this always authenticates and authorizes based on all the available data points um the next one is least privilege access so limit user access with just in time and just enough access for risk-based adaptive policies and data protection assume breach so minimize blast radius and segment access verify end to end encryption and use analy to gain visibility Drive threat detection improve defenses now you see me highlighting things in red uh and I'm not telling you what they are because we have a whole section on these things so don't worry if you see a bunch of terms and you're just getting overwhelmed uh we're going to cover them multiple times uh and so you just understand that we're going to front load you with a lot of terms you don't know but you will know them by the end of this course [Music] okay let's take a look here at defense and depth and so there are seven layers of security that Azure wants you to know it kind of maps up to the share responsibility Model A lot of times we see these things when um uh organizations or or CL Cloud providers are talking about their um security centers like the actual data centers and how they're secured but this is more General uh it doesn't necessarily have to apply to a data center but uh let's go and work our way through inside out okay so the core we have data uh so access to business and customer data encryption uh to protect our data then we have applications so um applications secure and and free of security vulnerabilities then you have compute so access to VMS ports on premise and Cloud the network limit communications between resources using segmentation and access controls the perimeter so uh distribut Den of service protection to filter large scale attacks before they can cause the denial service for users identity and access so control uh controlling access to infrastructure and change uh controls and then you have physical security so limiting access to a data center to only authorized Personnel so the idea is that if you really want to like if you want to get to data you got to go through all these steps here these are all the layers of Defense um and so I just want to give extra emphasis to um this one here identity and access because this one's like the besides the physical security this one's the outermost one so they they will say like your your your perimeter like the modern perimeter is defined based on your like your identity okay we'll see that more here in this [Music] course hey this is Andrew Brown from exam Pro and we are taking a look here at Azure Defender so Azure Defender provides Advanced protection for your Azure in on premise workloads and Azure Defender can be found in the Azure security Center So within the security Center there'll be a tab called Azure Defender and that's the way you find it so Azure Defender is composed of coverage security alerts insights and advanced protection so talking about coverage it allows you to see the resource types that are in your subscription and eligible for protection by Azure Defender so here take note that we can see things like virtual machines kubernetes Services container registry app Services SQL ver uh VMS Vault uh uh key vaults SQL servers and storage accounts for security alerts they describe details of the affected resources such as remediation steps and in some cases an option to trigger a logic app in response so here you can kind of see security alerts over time uh then there are insights this is a rolling pane of news suggested reading and high priority alerts uh that give security centers insights into pressing security matters that are relevant to you in your subscription for advanced protection Within Fender are additional security features that is driven by analytics so VM vulnerability assessments just in time VM access adaptive application control container image scanning adaptive Network hardening SQL vulnerability assessment file Integrity monitoring Network map iot security and so down below you can see all these options here whether they're turned on or not let's take a we'll take a look at Network map here in a moment um so scope of azure Defender so there it has a lot of different plans for specific Azure resources so we have Azure Defender for servers app service storage SQL kubernetes container registry key volt resource manager DNS uh open source relational databases and when you turn on as your Defender all plans are activated we saw that under the advanced protection uh tabs then just to kind of highlight Network map because this one's really cool uh it's a network map that provides a graphic graphical view with with security overlays giving you recommendations and insights for hardening your network resources is so uh using the map you can see the network topology of your Azure workloads uh connections between your virtual machines and subnets and the capabilities to drill down from the map into a specific resource uh resources and the recommendations of those resources uh then just the last thing I want to touch on here is hybrid uh Cloud protection so Azure Defender can protect VMS residing in other cloud service providers such as AWS and gcp Via Azure Arc so Azure Arc if you've never heard of it is a control plane that can manage compute resources across cloud service providers on premise and at the stage or at the edge and so for infrastructure you'll notice that it can handle uh VMS uh kubernetes clusters SQL servers and Azure sack [Music] hcis hey this is Andrew Brown from exam Pro and we are looking at multiactor authentication so what is MFA so MFA is a security control where after you fill in your username or maybe it's your email and password into a login portal so this login portal could be the Azure portal this could be you logging into Facebook uh the idea is that you have to use a second device such as a phone to confirm that it's you logging in and so why do we use MFA well MFA protects uh against people who have stolen your password because they might have your password but they don't have your phone or whatever device that they're uh you're using for MFA so um MFA is an option most Cloud providers have and just as I said before most social media uh websites have it so Facebook Twitter uh they all have it so just to give you a visual example uh we have a form where I'm entering my email and password then we have a phone which is our MFA in this case and then we get authorization so in the first case that is one factor right so if we didn't have to use a phone or another device that'd be considered one factor and then multiactor or two Factor authentication would be the uh the addition of another uh device to confirm that that it's you and pretty what pretty much what's common is to use your phone and to install an app on your phone and then what that phone will do is it will give you a random number that expires like every I don't know 10 seconds you have to enter that in uh uh with your username and password or as the second step and then you gain access to Azure [Music] portal hey this is Andrew Brown from exam Pro and we are looking at Azure security Center so azure security Center is a unified infrastructure Security Management System it strengthens the security posture of your data centers and provides Advanced threat protection across your hybrid workloads in the cloud that sounds really fancy but let's take a look at what that is so that's what it is down below it's a bunch of graphs and it's going to tell you uh if you are compliant with particular policies it'll tell you about your security hygiene all sorts of security stuff so you have a good visual about your security within Azure so there you you [Music] go hey this is Andrew Brown from exam Pro and we are looking at Key Vault so Azure key Vault helps you Safeguard cryptographic keys and other Secrets used by Cloud apps and services and So within key Vault it has a bunch of functionality in it so one thing it can do is manage your secrets so store uh uh store and tightly control access to tokens passwords certificates API keys and other secrets it also has Key Management so it it can create and control encryption Keys used to encrypt your data then we have certificate management so easily provision manage and deploy public and private SSL certificates for use with Azure and internal connected resources uh and then it also is a Hardware security module so secrets and keys can be protected either by software or fips 142 or 140 hyphen 2 level two validated HSM and I told you uh that we would be talking about fips again and we are right now so to understand uh um HSM the last thing we're talking about which stands for Hardware security module it's a piece of Hardware designed to store your encryption keys and it literally looks like something like that so um uh Azure would have bought one of these or tons of these and that is what is storing your cryptographic keys and this um piece of Hardware is special because uh when you store keys on it they're stored in memory meaning that they're not ridden to disk if that thing shuts down uh the the keys are gone and nobody can steal your data it's just a security measure and that security measure has to do with fips okay so fips 1405 and 2 is a us and Canadian government standard that specifies the security requirements for cryptographic modules that protect sensitive information so for hsms that are multi-tenant they're generally going to be 140 hyphen 2 compliant multi-tenant meaning that um that there's more than one customer that is using that piece uh piece of Hardware but they're virtually isolated from each other uh and then if you have a single tenant HSM they're generally going to be fips 140 hypen 3 compliance so a single customer on a dedicated HSM um it's better to be fips 140 hyphen 3 compliant um but fips 140 hyphen 2 is pretty good for most people so there you [Music] go hey this is and Brown from exam Pro and we're taking a look here at dos so this stands for distributed denial of service attack and it's a malicious attempt to disrupt normal traffic by flooding a website with large amounts of fake traffic so the idea is you have an attacker and a victim and the attacker is utilizing remote machines and uh with a with some software that's going to generate out traffic uh directed towards your virtual machine over the cloud and the uh problem here is that what it's going to do is it's going to make uh your website unresponsive or just not work at all for the regular user but by having your compute within the Azure Network you're going to get free dos protection and that's going to mitigate uh these attacks so let's talk about the types of um dos attacks that frequently happen the first is volumetric attacks so these are volume based attacks that flood the network with legitimate looking traffic these will exhaust the available bandwidth and legitimate users cannot access the website these are measured in bits per second so BPS then there are protocol attacks and these are exhausting server Resources with false uh protocol requests that exploit weakness you're looking at UDP and TCP flooding on the layer three and four measured in packages per second so PSP then you have application layer attacks these are attacks that occur at the application layer uh that's B layer 7 so you're looking at HTTP floods SQL injection cross-site scripting also known as xss parameter tamping Solus attacks here you're going to be wanting using a w web application firewall as a means of protection WS are generally uh paired a lot a lot together with DOs Services across the cloud service provider um uh offerings okay so Azure offers two tiers of Dos protection the first is uh the the basic tier this is free it's already turned on uh it's part of the global Network and then you have the standard that starts at about 2,900 uh about 3,000 USD you get metrics alerts reporting dos expert support application and cost protections SLA there's probably a difference in terms of the tier protection I cannot remember off the top of my head but you know one will protect more likely against certain types of attacks like like three and four and the other one will do all all the layers 3 four and seven [Music] okay Azure firewall is a managed cloud-based network security service that protects Azure v-ets resources and it's a fully stateful firewall as a service so you're going to get built-in High availability and unrestricted cloud scalability and what you can do is uh essentially create enforce and log application network connectivity policies across subscription and virtual networks so Azure firewall uses a static public IP address for your v-net resources allowing outside firewalls to identify uh originating from your virtual Network and the service is fully integrated with Azure monitor for logging and analytics so here is a representation of azure firewall and so the idea is that you're going to launch an Azure firewall into its own v-net and then other v-net and you're on premise or other things are going to pass through that Central v-net onto wherever they want to go and the idea is that we're going to be able to uh do things like utilize Microsoft threat intelligence this is going to block known malicious IPS in fqdns that stands for fully qualified domain names and by default the traffic is uh set to deny uh but you can set connectivity policies to filter out traffic in a variety of ways to make sure that you are protected uh there so yeah that's all there is to [Music] it so Azure has uh a few different kinds of load balancers and one in particular is the application Gateway and this is for application Level routing and load balancing service so application Gateway operates at the OS I layer 7 uh which is also known as the application layer and the idea here is that when you're working about applications you're working with HTTP requests that's what it is uh and so the idea is that it can look at the contents of the HBU request and do some interesting things so maybe it's looking at the path and saying okay you're uh if you have a path um and it's payments go to the VM that has their payment system and then if it's for admin go to the VM that does that uh maybe it has to do with something with cookies or um maybe you want to apply a WAFF policy to it and so you can look at those HB requests and determine if it is malicious traffic and filter it out uh so uh yeah it's all about the application which has to do with HP requests to configure this thing you need to set up a front ends uh Runing rules and backend pools and there are two configurations for the front end you can either have it with a private IP which makes it now an internal load bouncer or a public IP which makes it either we would call a public or external load bouncer uh and there's a both I've never used that option before um but I mean you just really need to know the public and private for the backends you create create backend pools and a backend pool is just a collection of resources to which your application Gateway sends traffic uh and so a backend pool can contain virtual machines virtual machine scale sets IP addresses domain names app Service uh and I think you can also send it to like on Prem uh so let's just talk about routing rules which connects the front end and the back end together and so uh here is a more complex example gives you a better idea of the service uh uh at full uh and so the idea is that you have your application Gateway it's going to send uh traffic or sorry like a DNS is going to send to application Gateway and then you have these listeners and they they listen for incoming traffic uh and then what it will do it will pass on that to a rule and a rule just really says who should we pass the data to uh and then if you are defining a backend pool then you need to have um an HTP setting that says how do we handle the HTTP requests okay and so now we'll just look at more granular detail about requests or routing rules [Music] let's take a closer look at routing rules this is where all the magic happens so a listener listens on a specified Port an IP address for traffic that uses a specified protocol if the listener criteria met the application Gateway will apply the routing Rule and these come in two flavors we got basic which fors all requests for any domain to back in pools and multisite forward requests to different backend pools based on host header and host name so the thing is is that uh you uh you can have multiple listeners and you can have an order of them and the idea is that you really want the basic to be on the uh be in last in priority because if it's a first it's going to capture everything because that's its job it's like a catch allall uh so just make sure that um if you're using multiple listeners you put basic last uh so that's just something you need to know then for those backend Targets this is where we either Define a backend pool or redirection redirection is just an HTP redirection like uh 403 or whatever you have their temporary or permanent very simple uh but for backend pools you have to create HTP settings uh and this tells us a little bit more about how we want to handle HTTP you know cookies cook uh connection draining Port request Etc let's talk about that a little bit more so here are the actual options that we can configure for HTP settings so you have your backend Port uh so generally it's either Port 80 or 443 it just depends on where you're doing your SSL termination uh but generally um if you need end to end encryption it'll be 443 or uh and then if you are doing connect or if you're doing SSL termination at the blow balcer then it's 80 um then you have cookie base Affinity this allows you to keep a user session on the same server so if you need to persist cookies and use them for authentication you'll want to enable that you got connection draining this gracefully uh removes backend pool members during plan service updates so the idea is that you know when there is an update it's not just going to abruptly cut over it's going to wait until a connection disconnects from a server before uh not no longer sending more requests there cuz you don't want a a connection dropping in the middle of an update it's not great for a user then you have request timeouts this is the number of seconds the application Gateway will will wait to receive a response from the backend pool before it Returns the connection timeout error message and last our um oh sorry we still have override backin path these allow you to override the path in the URL so the request for a spe a specific path can be red to another path the idea is imagine you want to send it to um bananas and you want bananas actually internally route to oranges I don't know why you want to do that or maybe to plantains that make a lot more sense so something you can do uh and the last one is the override the host name so application Gateway normally leaves the host name alone uh but you know if you're using multi-tenant services like apps uh like app service or API management it needs very specific host header set so this is where you can override them and change them for those services so hopefully that really gives you a good picture of application Gateway but I feel that that's all you really need to know so let's take a closer look here at Azure ro-based access controls because this is something we're definitely going to be using a lot and so Ro based Access Control helps you manage who has access to Azure resources what they can do with those resources and what areas they have have access to and the idea is that you have a user and you want to assign them a role so you're going to use a role assignment and a role assignment is made up of three elements you have the security principle the RO definition and the scope and we're going to look at those three things in a little bit more detail here in a second and there are four fundamental Azure roles which we are going to learn and then Azure rbac also includes over 70 built-in roles which we definitely do not need to go into great detail uh so let's take a look at uh one of those three elements first which is the security principle and this represents the identity requesting access to an Azure resource and when we say identity that's just like a loose term for something and that something could be a user in your Azure active directory a group uh which defines a set of users in your Azure active directory a service principle so a sec security identity used by applications or services to access specified Azure resources or a managed identity an identity in your active uh Azure active directory that is automatically managed by Azure so service principle basically an Azure service and then managed identity is something in your Azure active directory then we'll move on to scope and a scope is just a set of resources that um access that uh assess um the role uh the RO assignment applies to and so scope access controls at the management subcription or Resource Group level so what does that mean and we we have another slide on this I can't remember what section it's in but you have this breakdown of scope where you have management groups subscriptions resource groups or resources so when you're saying I'm setting a scope you're saying what is a scope is it on a management group is it on a particular resource is it a resource Group and that's what we're trying to say there and then last the last element there is a role definition and this is a collection of permission so role definition lists operations that can be performed such as read write and delete and roles can be highle like owner specific or like a virtual machine reader and so Azure has uh built-in roles and we said there were four fundamental built-in roles and here they are it's owner contributor reader and user admin uh administrator so you want to know those four and then across the board you have those three um operations read Grant and then create update delete so you can see the owner can do everything the contributor can uh both read and create stuff they just can't Grant access other people the reader just has readon access and then a user access administrator is granting other users uh privileges but themselves are not creating anything all [Music] right hey this is Andrew Brown from exam Pro and let's look at Azure management groups so Azure management groups is a way of managing multile multiple subscriptions and when you hear the word subscriptions in Azure just think accounts um because that's an easier way to think about it into a hierarchial structure so each directory is given a single top level management group called The Root Management Group all subscriptions within a Management Group automatically uh inherit the conditions applied to the management group and so this is a graphical representation so at the top you have your Root Management Group and then you can create management groups underneath so Human Resources it marketing production developers whatever you want and underneath you have those individual subscriptions again just think of them like an account so that is azure management [Music] groups hey this is Andrew Brown from exam Pro and we're looking at Azure service health so this is about information about current upcoming issues such as service impacting events planned maintenance and other changes that may affect your availability so going down the list we have Azure status which informs you of uh service outages in Azure Azure service Health a is a personalized view of the health of the Azure service and regions you're using and then Azure resource health is information about the health of the individual Cloud resources such as your VM so if you're ever wondering uh the state of your health you can use Azure service health and if you noticed it was an option under Azure monitor so if you're looking for it that's where you go to find it hey this is Andrew Brown from exam Pro and we're looking at Azure advisor so ad Azure advisor is a personalized Cloud consultant that helps you follow best practices to optimize your Azure deployments the a the advisor uh dashboard displays personalized recommendations for all your subscriptions for the following five categories High availability security performance cost and operational excellence and since we are in the security category that's what we mostly care about is security but it would also be important for the uh pricing section there as well so the first one we're going to look at is actually um the Azure advisor recommendation for cost so here you can see that it's telling you uh where the most impact can occur and leav tell you how much money you can save if you follow its recommendations then you have security and so here it has 21 recommendations if we were to click into it it would tell you what kind of things that you could improve in your system uh to improve your security so there you go that's Azure ad hey this is Andrew Brown from exam Pro and we are looking at Azure database Services starting at the top of list is azure Cosmos DB this is a fully managed no scoll database it's designed for scale with guarantee of 99.999% availability uh Azure loves talking about this database it's their Flagship database because it works at incredible scale and an incredible performance so whenever you're thinking about like uh like super large databases think of azure Cosmos DB next on our list is Azure SQL database and even though it doesn't have it in its name this is for the mssql uh engine so if you're running Microsoft SQL uh you're going to want to use this it's fully managed with autoscale integ uh integral intelligence robust security so has a lot of great features built around this for mssql databases now if you're not using mssql and you're using something like MySQL postgress or Marb they have Azure database so it's fully managed and scalable uh with high availability and security then you have SQL server on VMS uh again it doesn't have it in its name but it's Microsoft SQL uh engine okay anytime uh it says SQL servers just assume that it's the Microsoft flavor of SQL um and and the idea for this one is that if you already have SQL servers running on premise uh within your data center and you want to move them onto Azure uh this is where You' use a lift and shift so it takes those virtual machines and directly moves them onto the cloud you don't don't get all the functionality that you would with Azure SQL database but it's the easiest way to get onto the cloud then you have Azure synapsis analytics previously known as Azure SQL data warehouse It's because they added an analytics component to it um but it's a fully managed data warehouse with integ uh integral uh security at every level of scale at no extra cost then you have as your database migration service so migrate your databases to the cloud with no application code changes so there's that service then you have Azure cache for Reddit so if you need an in-memory cache that is using the open source redus you can use that and last on our list is azure table storage we mentioned this in the storage services but to me this is a database it's not a storage service um even though it's named as such so wide column no s database a noq store that hosts unstructured data independent of any schema so there you go that's the Azure database [Music] Services hey this is Andre Brown from exam Pro and we are looking at application integration services on Azure now I didn't have room on the slide for this but just to tell you what application integration is these are services that are designed to help apps or Services talk to each other so it's basically the glue of services the First on our list here is azure notifications Hub this is using publisher subscription technology underneath and this is for sending push notifications to any platform from any back end next we have Azure API apps so this is essentially an API Gateway so you can quickly build and consume apis in the cloud and then th those apis will have API endpoints and you can route them to Azure services or maybe functions or containers uh but it's a way of building an API in the cloud then you have Azure service bus and as the name implies it is a service bus uh so reliable Cloud messaging as a service Maas and simple hybrid integration I know that's not very clear uh that is the language that Microsoft uses to describe it but just what you need to know is that it is a service bus then you have Azure stream analytics so this is serverless realtime analytics remember that world word real time and think of this service uh from the cloud to the edge then you have Azure logic apps so you can schedule automate orchestrate tasks business processes and workflows and it integrates with enterprise sassin Enterprise applications then you have Azure API management this can be confusing because we have another service called Azure API apps I don't know what we would generally call this service uh they say it's a hybrid multicloud management platform for apis across all environments whatever that means but the when I looked at it what it does is you can put this in front of an existing API to add additional functionality so if you have an API you put it in front of it and it and it's a basically proxy to your API and you get all this additional stuff then last on our list is azure Q storage we saw this in our storage service sections and I had said that I don't really consider this a storage service I consider it an application integration Service uh and this is a messaging queue so it's a data store for queuing and reliably delivering messages between applications so there you go that is the application integration services on azure hey this is Andrew Brown from exam Pro and we are looking at developer and mobile tools uh that are commonly used with Azure the first on the list is azure signal R service and this is a real-time messaging service not to be confused uh with Azure notification service this is for easily adding real-time web functionality to Applications so if you ever heard of Pusher it's just like Pusher so um that is the equivalent there the next we have is azure app service so easy to use service for deploying and scaling web applications with net nodejs Java Python and PHP I'm a bit sad I don't see Ruby in there but what are you going to do um so it's for developers who want to focus on building their web apps and not worry about the underlying infrastructure so if you've ever used Heroku think of it like that but for Azure next you have a a visual studio um and visual studio is a code editor it's it it's basically an IDE an integrated development development environment designed for creating powerful scalable applications for Azure you might have heard of Visual Studio code um which is similar but different um but I just wanted to make mention of Visual Studio here then you have uh zamarin I think I'm pronouncing it right and it's a mobile app framework um it's for creating powerful and scalable native mobile apps andet and Azure um and yeah so that is the developer in Mobile tools for [Music] Azure hey this is Andrew Brown from exam Pro and we are looking at Azure devops services so Azure devops is really just an umbrella service for a bunch of modern Dev services and we'll jump into them right away first being Azure boards if you've ever used a can band board that is what Azure boards is and if You' ever use GitHub projects it literally is that because Azure uh and GitHub are owned by the same company Microsoft and so they brought over that technology to Azure so deliver value to your users faster using proven agile tools to plan track and discuss work across your teams then you have Azure pipeline so build test and deploy cicd that works with any language platform and Cloud connect to GitHub or any other git provider and deploy continuously so if you need automatic deployments that's what Azure pipelines is for then you have Azure repos and this is exactly like GitHub repos so get unlimited co uh Cloud hosted private G repos and collaborate to build better code with pull request and advanced file management I really mean it's just like GitHub repos because it's just that technology moved over to Azure then you have Azure test plans so test and ship with confidence using manual and exploratory testing tools so this is just a way of setting up test so if you ever use like um what's it called Cypress or any other like uh or any other testing tools it's just built into Azure it'll open up a browser and it'll literally test your app and make sure it works as expected then you have Azure artifact so create host and share packages with your team so this is just package management but specifically for cicd pipelines so cicd pipelines they have to set up these servers and you have to have pre-installed packages that's just going to make it a lot easier for you last is azure Dev test Labs so this is just an easy way to create Dev test environments for your developers and that is the Azure devops services [Music] hey this is Andrew Brown from exam Pro and we are looking at the cloud native networking Services now these networking Services aren't super uh super important for the exam I like to go through them generally I would make an architectural diagram for this but it's just a bit too complicated so I thought we'll just go through and list them so first is azure DNS and we do describe this service uh later in uh the course here but this provides an ultra fast DNS responses and ultra high domain availability so if you have a domain name and you just want it to be managed by um Azure you can associate it with Azure DNS then you have Azure virtual network uh we talked about this prior but we'll talk about it again um short for v-net a logical isolated section of your Azure Network for customers to launch Azure resources within then you have Azure load balancer and as the name implies it is a load balancer but this one is at level four transport um so it doesn't really understand requests like what a web application would send it's more lower level um and so that's what that is then you have Azure application Gateway and this is an HTTP load bouncer so it does understand um like requests coming from a web server and what you can do with it is you can actually route um based on HP request to specific services but it also you can apply a web application firewall because it is an application load balcer that's why you can apply that web application firewall which is a separate service then you have network security groups so uh this is a way of protecting your subnets so it's a virtual firewall around your subnets where you can say allow these um allow these ports to be open um and and from who and and and such so there you go that's the cloud native networking services and the reason why they're Cloud native networking is because you wouldn't use these with Enterprise or on uh or uh or in Hybrid models is just what you normally use and most startups would be using all these Cloud uh these networking services [Music] so next we have Enterprise or hybrid networking services so this is when you're using a networking that is going to bridge on Prem to the cloud so the first is azure front door so this is a scalable and secure entry point for fast delivery of your Global applications so just making sure you have a secure entry point into Azure from outside then you have Azure express route you want to remember this one definitely for the exam it probably will show up as a question this is a connection between your on premise to Azure cloud and it can be between 50 megabytes per second to 10 gigabytes per second I'm pretty sure it's also secure um but the point is that if you need a super super fast connection uh from your on-prem uh data center to Azure you'd use this service express route remember it it's going to be on your exam then you have virtual Wan so a network service that brings many networking security routing uh functionality together to provide a single operations operational interface I know that sounds complicated but a w is just a way of making networking Easier by creating like a hub spoke model uh then you have Azure connection so a VPN connection securely connects to Azure local networks via IPC so that's just a way of uh creating a secure connection uh with Azure then you have virtual Network Gateway a site tosite VPN connection between Azure virtual Network and your local network so this just way of connecting with azzure um so there you go that is um the networking [Music] Services hey this is Andrew Brown from exam Pro and we are looking at Azure traffic manager so this service operates at the DNS layer to quickly and efficiently direct incoming DNS requests based on the routing method of your choice so what you do is you'd um choose a routing method so we got performance weighted priority geog Geographic multivalue subnet um and You' be able to reroute your traffic so you could Route traffic to servers geographically uh nearby to reduce latency fail over to uh redundant systems in case primary systems become unhealthy or route to random uh virtual machines to simulate AB testings I think like the best use Cas is failovers um for DN at the DNS level I think that's a great one uh and just a visual example here imagine we had exampro doco and we had a production and a beta server and we only wanted 20% of our users to see the beta server so we could use um I guess we' use weighted there and we'd say 80% on prod 20% there and that's how that would work so there you go that's Azure traffic [Music] manager hey this is Andrew Brown from exam Pro and we are looking at iot services on Azure and so before we get into it what is iot so iot stands for internet of things so a network of Internet connected objects usually Hardware able to connect and exchange data so here is a graphical representation of iot devices maybe you recognize some but let's just go through a quick list of things that could be iot devices so you have Smart bulbs so maybe there's light bulbs in your house that are controlled by the internet smart fridges who doesn't want one of those smart light switches narrow band or wideband Hardware this is just a way of connecting to the internet it's just like uh it's kind of like Wi-Fi um then you have security cameras then you have voice command speakers so think of like Alexa then you might have temperature pressure or imunity sensors if you're in the farming industry you can you you can Le leverage iot devices for that maybe uh you have drones uh maybe you have phones that could be an IT device and even buttons so uh AWS had these things called AWS or Dash buttons uh they weren't popular but the idea was you could like press a button and like purchase something um so like if you always had to get like soap for your washer you can have that button right on your washer um but let's actually talk about the iot services here um so the first one here is iot Central so this allows you to connect your iot devices to the cloud then you have iot Hub so this is this enables highly secure and reliable Communications between your iot applications and devices it manages uh then you have iot Edge this is a fully managed service built on the Azure iot Hub it allows you allows data processing an analyst near the iot devices so this is really Edge Computing I really should have highlighted that for you but this is where you are able to offload your compute from the cloud to local Computing Hardware such as iot devices phones or home computers so it's just a way of saving money or utilizing your local network for compute then you have uh Windows 10 iot core services so this is a cloud services subscription that provides the essential Services need to commercialize a device on Windows iot or 10 iot core so basically it's long-term OS support and services to manage device updates and uh assess device health all right so there you go that's your iot [Music] services hey this is Andrew Brown from exam Pro and we are looking at Big Data and analytics services on Azure so before we jump into it let's talk about what is Big Data so it is a term used to describe massive volumes of structured and unstructured data that is so large it is difficult to move and process using traditional database and software techniques so we need spe Services just to handle them the First on our list here is azure synapsis analytics formerly known as SQL data warehouse so it is Enterprise data warehousing and big data analytics so it's intended to run SQL queries against large databases to generate things such as reporting um then you have HD Insight HD is short for Hadoop um but anyway it runs open source analytics software such as Hadoop kofka and sparkk I imagine it was called HD Insight because it only supported Hadoop and then they added additional services but that's just what it's called then you have Azure data bricks so uh we have an Apache spark based analytics platform optimized for Microsoft aure cloud service platforms so thirdparty data bricks cloud services support with Azure so data bricks was made by the uh creators of spark and yes of course you can run sparc on hdnight but uh data bricks is its own cloud service provider and as you're partnered up with them so that you can use it within uh the Azure platform then you have data Lake analytics so an OnDemand analytics job service that simplifies big data uh and we saw what data Lakes were when we looked at storage services but we'll describe them here just in a diff a little bit different way a data lake is a storage repository that holds a vast amount of raw data in its native format until it is needed so there you go that is the big data and analytic Services we need to know hey this is angrew Brown from exam Pro and we are looking at artificial intelligence and machine learning services on Azure so a great way of describing that is to always have this graphic here where we have this kind of like onion thing where each is dependent on the other and we'll start with artificial intelligence so what is artificial intelligence or AI this is where machines that perform jobs that mimic human behavior now that doesn't mean that uh the the technology behind it has to be complex it could be FL statements but it could be utilizing machine learning it could be utilizing deep learning but the point is that it mimics human behavior then you have machine learning and this is where machines that get better at a task without explicit programming um so they are smart enough to learn on their own then you have deep learning and so deep learning is where machines that have an artificial neural network inspired by the human brain to solve complex problems so literally it's like the power of the human brain uh maybe not as not as great as is the human brain but quite quite close there and AI could be leveraging ML and uh deep learning and so that's why it is like that so when we want to do uh machine learning on Azure they have a service called Azure machine learning service so this is a service that uh uh that simplifies running AI uh ml related workloads allowing you to build flexible pipelines to automate workflows so you can use Python and R you can run your uh deep learning workloads using Technologies such as tensor flow um and so that's what you'd use now there was a service called Azure machine Learning Studio I think it's still around if you uh if you're still using it and that's the classic version of the service and it does basically what Azure machine learning service does but there's some limitation so does not have uh like a pipeline and other functionalities and if you're wondering if you could easily migrate from classic to the other one um it's not easy to migrate um so basically you definitely always want to start with Azure machine learning services there's no reason you'd want to use Azure machine Learning Studio unless you're using it for legacy [Music] reasons hey this is Andrew Brown from exam Pro and we're still looking at Ai and ml Services specifically just AI Services because Azure has a lot of them and I'm just going to quickly go through them and they're pretty self-explanatory so first one is personalizer it delivers Rich personalized experiences for every user using AI then you have translator it adds real-time multilanguage text translation to your apps websites and tools you have anomaly detector detects anomalies and data to quickly identify and troubleshoot issues Azure bot service intelligent serverless bot service that scales on demand form recog uh uh recognizer automate the extraction of text key value Pairs and tables from your documents you have computer vision easily customized computer vision models for Unique use cases language understanding so build build a natural language understanding into Apps Bots and iot devices we have Q&A maker so create a conversational question and answer bot from your existing content text analytics extract information such as sentiment key phrases named entities and languages from your text content moderator so moderate text and images to provide a safer more positive user experience face so detect and identify people and emotions in images Inc uh uh uh recognizer recognize digital ink content and such as handwriting shapes and document layouts so there you go they have a lot of services and they haven't even made time to make all icons for them that's how many they [Music] have hey this is Andrew Brown from exam Pro and we are looking at servess services on Azure so what is serverless this is one the underlying server servers infrastructure and Os is taking care care of by the cloud service provider it will generally be highly available scalable and coste effective so serverless is event driven at scale so uh a seress function can be triggered or trigger other events allowing you to compose complex application and just scale so with serverless technology it's like playing with Lego blocks um then you have abstraction of servers so servers are abstracted away your code is described as functions these functions can be running on different compute instances so if some people like to use python or some people like to use JavaScript you can mix and match um uh there then you have Micro billing so when you have traditional servers you probably build by at least a second some build by the hour but the thing is if you're not using the server for the whole second or hour you are paying for a compute that you are not using so serverless functions will bill you in the microsc so you're saving money because you're not paying for unused computation uh now we'll just quickly walk through uh some of the Serv Services I'm sure there's more than this but this is what I think are worth highlighting so the first is azure functions so run small amounts of code known as seress functions in your favorite languages so you got C Java JavaScript Python and Powershell and if Azure is listening please can you support Ruby because I love using Ruby then you have blob storage so this is seress object storage just upload your files don't think about the underlying file systems resizing uh basically unlimited space and and you can upload pretty darn large files then you have logic apps allows you to build seress workflows composed of azure functions building a I would say this is you building a state machine for seress compute then you have event Bridge which seems a bit similar but it's not it uses Pub sub messaging systems to allow you to react to events and Trigger other Azure cloud services such as Azure functions so there you go that is serverless [Music] Services hey this is Andrew Brown from exam Pro and I'm going to show you how to create resource groups and the reason why we're going to make one is because without one we're not going to be able to launch pretty much any resource until we do so because you always have to choose a resource Group when launching uh Azure resources so even though it shows up here on our dashboard um if it doesn't I want you to go up here at the top and type in Resource Group and we'll go ahead and click Resource Group here and then all the way on the left hand side I want you to click on ADD and uh we're just going to have to use our R trial which is the our type of subscription I'm just going to type in exam Pro as the resource Group we're going to stay in Us East uh because that is where the most uh most of the services are available in Azure and that's what I'm going to be using throughout um this course is always using Us East so we'll go down here and hit create plus uh review plus create because there's really nothing else to check and once validation passed this might happen instantaneously for you you might have to wait a few seconds go ahead and hit create and so um now we have created our Resource Group and there is no cost resource groups so there's no worry about uh having this or whether you uh keep it around don't delete it uh you're going to notice that the group hasn't showed up just yet you're going to have to hit refresh and sometimes Azure is a bit slow about uh showing resources when you create them initially and when you delete them so I'm just going to wait a little bit here and I'm just going to keep on refreshing and I'll see you back in a few minutes all right so waited a couple minutes and if you just go ahead up here and hit refresh now we can see that we have our Resource Group so that's all there really is to it nothing super exciting there I'm just going to click Microsoft Azure at the top here to get back to my dashboard and I'll see you in the next follow [Music] along okay great so now that we've uh done that let's actually go learn how to do a different kind of compute which is serverless functions so uh if we want to launch our own serverless function uh by the the way if you're not at the screen just click on Microsoft Azure here at the top and we're going to go to our search and we're going to type in functions and so on the left hand side I want you to click on ADD and then uh what we're doing is we need to create a function app so we're going to be on our free trial we're going to choose our Resource Group we created earlier we're going to name this I'm going to just call this um this is the function app name so I'm going just say my my app uh my app is not available these all unique names I'm just call it exam Pro app you might have to change this a few times before you get what you want um and then for publish we're going to use code we don't want to use a Docker container that's too much work and we're going to just choose nodejs which is just JavaScript version 12 sounds great to me we're going to change this to make it sure that it's Us East to make our lives a little bit easier there's nothing wrong with Central it's just I want everything to be consistent so everything is very predictable in these um uh in these follow alongs here we'll go all the way to the top and look at hosting just quickly here we're going to see that we have a storage account okay nothing exciting here it's going to either be Linux or Windows this doesn't really matter to us we can let it be Windows we're going to go back to basic I'm going to go ahead and hit review plus create so we're going to wait for this validation to uh step to complete here so again it could take a second or it could take a minute just depends on the day with Azure so we'll just wait here a little bit there we go it's just finished validating I'm going to go ahead and hit create and now we're waiting for that initial deployment so we're going to see that deployment is on its way and then we're going to have to wait for deployment to be complete so it's in progress It's underway this shouldn't take too long it should say that it's complete here in a moment great so after waiting a few minutes here our deployment is complete we'll go ahead and hit go to resources so now what we need to do is we need to go create ourselves a function so on the left hand side make your way to function and then in here we're going to add ourselves a new function and so we have a lot of presets here for us it's not going to matter what we choose well it does um and I'm going to say let's choose HTTP trigger we're going to leave it with a default name that's fine uh we'll have it uh stay as function for authorization level we'll go ahead and create that function so once that function is has been created here and it's already done let's start adding our code because again the whole point of server list is that you don't have to worry about servers you just add your code and it works and so here's some code it already has for us what I'm going to do is I'm just going to add myself a console log uh console log is just like saying hello world so we're going to say hello world and then I'm going to hit save and now it's just connecting to application insights I don't know if it's actually running yeah it's connected great and now let's go ahead and hit test and so we have a bunch of options here I'm not going to fill in anything I'm just going to hit run and we're going to see what the output is okay great so you know I'm just looking at how this actually works and um I think what we need to do is we need to actually pass a name into the uh to the query string here so what we'll do is we're just going to go ahead and type in query here and we'll put a name and we'll say Andrew um and so that should do it so let's just hit run okay great and so it's saying uh hello Andrew so there you go that's all you have to do to uh create a serverless function um and it doesn't cost us anything to keep this around so we don't necessarily have to delete it uh if you did want to go delete it I guess we can go back here uh we'd have to go back to functions here and I would just click delete and we'll type in yes and we'll hit delete and there you go so that's that's all there is there uh there to it for uh serverless compute I can go back to Microsoft Azure here back to the dashboard and we'll see you in the next fall [Music] along hey this is Andrew Brown from exam Pro and we are looking at slas for Azure so SLA stands for service level agreement and this describes azure's commitment for uptime and connectivity that uh that means like if you have a web server Azure is going to say yeah we we guarantee 99.9% of the time it's going to remain uh running throughout the year it's not going to go down so that's kind of the idea behind an SLA um for Azure slas are indiv individualized per Azure service so they don't have broad uh slas you're going to have to investigate each service to figure out um what uh the commitment of azure is for that service um and the way we describe um uh these slas in terms of up time and connectivity is through performance targets now a performance Target is just a representation in the form of a percentage so if somebody were to say to you um you know this service H uh is 99% likely of not failing that's called two NES and then you have the three nines and then you have five NES and then you have nine NES and and the higher this number goes up the more uh reliable uh the the uh better coverage this SLA is going to give you so you want something that has a higher number of nines and it's not always just nines it could be 99.95% um but just understand that when someone says 9 N they're talking about that last value there and it is like one of the highest um one of the highest guarantees that SLA can give I can't remember if there's like 119 there might be 11 9 uh but generally 9 N is the upper limit uh and just to uh uh mention is that for Azure if you are using the free tier or shared tiers you do not get SLA because they just do not provide support for those because you're consuming everything for free so you have to be paying to get the advantage of that SLA garantee so I did say that the slas are uh service specific um and so if you want to actually go investigate all you got to do is type in Azure SLA into Google and you should be able to make your way to this page and what we can do is we can click into uh any of these here so if I go to database and we choose uh Cosmos DB and we just expand our information here we get tons of information about their slas and then our performance targets are down here so we have this for availability this is for read availability um so they have a lot of information uh and as I said it's for basically any service anything you want just click into it and they have all that SLA information so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at service credits for Azure so a service credit is when a custom customer would get a discount on their Azure bill as comp as compensation for an underperforming Azure product or service based on the SLA so those guarantees that Azure gives if they don't meet those guarantees then they owe you money uh and the way they do it is through credits right so credits is just like virtual money uh I actually don't know what a uh like what a service credit is worth but I just know that you know if they if they do not meet those slas they're going to back it and give you your money back in some sense uh so um just an example here if we have Azure virtual machine remember a virtual machine is a server uh if you had uh monthly uptime percentage of 99.9 so if it was under that then you'd get a service credit of 10% if it was under 99 then you get a service credit of 25% and if it was under 95 you get a service credit of 100% so um I guess what that means is maybe it's the cost of what you spend spent uh but anyway I'm not exactly sure um but I would take a guess that if if let's say the up time was under 95% and they're going to give you a service credit of 100% maybe it's 100% of your resources given back to you so if you spend $100 you get that $100 back so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at composite SLA so we had said earlier that um different Services have different slas uh and the problem with that is that when you have different servers different slas it's kind of hard to understand what the actual guarantee is when you use them uh in combination so composite slas is just a way of understanding what the actual uh SLA guarantee underneath is for the performance Target so imagine you have a web application and that web application uses an SQL database so the web app has a guarantee of 99.95% because maybe that's the um the performance Target for the virtual machine and then the SQL database is 99. 99% so what is it is it 95 99.95% or is it 49 we don't know so if we had to calculate that calculate that for the SLA with the web app and SQL database that would uh come out to 99.94% don't ask me on the math that is the example that we are given but just understand that that's what it would come out to be it would come out to 99.94% and so you'd have an overall reduction of the SLA whereas the SQL database would have 9 99.9% so how could we improve our SLA and consider that in our design so we get the uh the SLA that we want and so what you can do is you can add in fallback systems that will improve the overall SLA and if you logically think about it it makes sense why that would work so imagine you have that SQL database and it goes down but if you had a que uh and that Q was saving all the transaction attempts that the web app was trying to write to the database and saved in the queue it wouldn't matter if the database went down because once the database went back up all those transactions would be there and then those transactions would then complete and so by using the Q which has a 99.9% up time uh based on the math down below again don't ask me how the math works but the the the outcome would be an SLA of 99.95% and so that's uh an improvement over 99.94% so that is comp composite slas and there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at the TCO calculator for Azure so if you remember uh earlier in the course we talked about the total cost of ownership that's what TCO stands for it's about uh uh showing an enterpr Enterprise that that operates on premise how much money they would save if they moved onto Cloud onto Azure so that's what the TCO calculator does it estimates the cost savings you can realize by migrating your workloads to Azure so what it can do is it can gener generate out a detailed report and Export as a PDF to send to your decision makers now you have to input all the information in but it's going to help you convince your boss uh convince the executive level uh that it's time to move over to the cloud because they'll be saving tons and tons of money and so if you want to use that calculator you just got to go to azure.com pricing calulator and it's going to give you an idea of how much you'll save and now this is only a little bit of what it generates out because it's a it's a very detailed report but in this example it would compare on premise uh to the cost Savings of azure and in this case this person would be saving $130,000 over 5 years and it's going to vary on uh use case but uh yeah that is the TCO calculator so I just wanted to quickly show you the TCO calculator in action if you want to find it yourself just type in um Azure TCO calculator into Google and you should be able to find your way here uh so what I've done here is I've defined my workload so in my workload I've defined some servers so we have some Linux servers we have 10 of them four processes four cores 8 GB of RAM and then here I've added uh four servers that are databases running postest then I added uh some HDD drives so I said three terabytes two terabytes backup Etc and then I defined some Network bandwidth so Going On To The Next Step we're going to adjust our assumptions this helps us to um make it even more accurate the estimat so we can choose our our currency some other additional features we might want to consider where we might save money like using Azure hybrid benefit uh and then down below we can tweak some of our costs that we do know about for our on Prem uh so there's a lot here to tweak it to make it more accurate and then if we go to next we're going to get our um our savings here so just wait a moment and so over a 5year period we should save $666 and18 um and you can drop it down if you want to do one year we'll go to one year so here it says $381 and we have a lot of Graphics here as you can see uh and then down below you should be able to download it so you can just go ahead and download the results there and that is the TCO [Music] calculator hey this is Andrew Brown from exam Pro and we are looking at the Azure Marketplace so the Azure Marketplace is a place where there are apps and services made Available to You by third-party Publishers to quickly get started on Azure and so the apps available uh the apps and services that can be available could be free they could be free trial they could be pay as you go or they could be bring your own license so just an example of what that looks like if you were logged into uh the Azure portal and you uh searched for Marketplace what you could do here is you could type in a variety of things so like here I'm typing in WordPress and here I have a bunch of Wordpress that are provided by thirdparty uh um Publishers that have been vetted by um Azure and and again they they could call cost money they could have a free trial they could be 100% free but whatever you need it's generally in the marketplace um it's a great place to go check out so just be aware of that so I just wanted to quickly show you the Azure Marketplace uh so you'd have to have an account to actually see it um but we do show you that in this course but anyway I'm just going to go up here to the top and type in Marketplace and uh this will pull up the marketplace and here you can see we have a a huge amount of categories of uh things that we can launch so whatever we need and I think I show before WordPress but we'll type that in there so enter in WordPress and there's all these servers so you can click into there um it might it might have plans associated with it if there's any price but you just go ahead and hit create and then that would start the process of creating a virtual machine and you go through that and you subscribe to whatever the underlying cost would be but you can see there's just tons of stuff in here so and you can sort by Price sort by operating system so there you go hey this is Andrew Brown from exam Pro and we are looking at Azure hybrid benefit so many customers have invested already in Windows servers licenses and they want to repurpose their investment on Azure this happens because Enterprises had been working with Microsoft servers even before Azure existed or they were on premise originally uh and so they wanted to use the software so they purchased the licenses but now they're ready to move on to Azure um and so since they've already got a special deal with um Microsoft because they purchased those licenses they want to keep those deals and bring them to the cloud so that's where the Azure hybrid benefit comes into play also abbreviated as Hub uh sometimes it's called asure hybrid use benefit uh uh in Microsoft documentation but for some reason Azure they just dro the word use but the abbreviation is Hub so this gives customers the uh the right to use these licenses for virtual machines on Azure and so uh such types of virtual machines would be Windows servers or SQL servers uh and I would imagine this would probably happen with a lift and shift which I think we described uh somewhere in this course so Hub can be turned on and off at any time for existing virtual machines and hub can be applied at deployment time for new VMS and I just wrote bring your own license down here just because um we are talking about licensing and I just want to get you more exposure to that term bring your own license B Yol L and so uh that just means that someone's purchased a license and they want to apply it um uh they want to bring it onto Azure uh so there you go that is azure hybrid benefit so I just wanted to quickly show you this page here which is the Azure hybrid benefit page if you were to type into Google Azure hybrid benefit you definitely make your way here what I wanted to show you is that they actually have this nice little calculator down below so if you do have licenses and you're bringing them over and you want to run workloads on Azure you can fill this stuff out and it'll give you an idea of what you might save um so I just wanted to make you aware of that so there you go hey this is Andrew Brown from exam Pro and we are looking at Azure subscription so an Azure subscription I would describe as uh the equivalent of saying my Azure account uh I don't know why they use the term subscription because to me it's just confusing um but I always just try to reinforce that it's just your account and there are four tiers of azb subscriptions the first is the free subscription so when you first sign up this is the the account that you or subscription you're going to have you have to provide a credit card to complete the process you're going to get 200 USD credits free for 30 days and certain Azure products will be free for 12 months now um the whole point of this free subscription is to help you avoid charges and there are some limitations I remember when I was trying to add another user um I couldn't grant them access so there was definitely some uh some limitations here to uh to prevent you from being charged but it's not a a complete sandbox so it is possible to get charg in this account if you start using things outside uh the free tier or if you burn through your credit so just be careful there and then once you are ready to switch or or to upgrade and unlock everything then you can switch to pay as you go subscription also reved to p a YG um some people might call that on demand and so uh for this you still need a credit card required but since you've already entered it into the free subscription stage no problem here uh and you're going to be charged at the end of the month based on on consumed Cloud resources is then you have an Enterprise agreement so if you are an Enterprise you can uh make a deal with Azure and agree to receive a discounted price for licenses and cloud service but I bet you're paying a lot of money um like compared to the uh uh a normal person but the deal is worth it for you so just be aware if you're an Enterprise go talk to Azure they want to make a deal uh and the last is the student subscription so with the student subscription you do not require a credit card you get $100 USD credits for 12 months but it requires a valid student email so there is a bit of a vetting process there so uh you you definitely have to be in school to get that but it is a very nice option to have so there you go that is the Azure subscription [Music] Models All right so what I want to do in this video is show you how to keep track of your spend uh within your Azure account so I just created a fresh new account uh this one's exam Pro Andrew Brown outlook.com this is not my primary one so you'll see some videos where I'm I'm doing labs in this one and other ones in my primary account um so just be aware that there might be um some discrepancies uh between the videos but anyway um where we're going to keep track of our spent is within subscriptions so up here in the top if we uh type in subscriptions okay we can see subscriptions that are attached to this uh tenant so understand that there is a relationship between tenants and subscriptions and your uh your directory and subscriptions is how you pay Azure and you can create multiple subscriptions um and there's good reason for that um but the point is is that you start with a default subscription so here I have the Azure subscription one notice there is no current cost because I have yet to launch any services in here but we'll go ahead and click into here and eventually something should appear here yep so it says you uh your remaining $200 of free credits expire in 30 days so the idea is that we have $200 or uh we have 30 days to utilize uh this a free free account here so I'm going to go ahead and just click into this upgrade I'm not upgrading right now I just want to show you what it looks like so in here we have some options you can rename your subscription if you want I think for my even my primary account I just left it as as your subscription one the name doesn't really matter it's just for your reference but uh we do have some options and this is for additional um support if you want to have technical support from Azure when you upgrade you can just stick with basic because of course we don't need to pay an additional fee on top of what we're doing here cuz we have these instructional videos to learn but that's how you're going to go ahead and upgrade later when we do have some spend we'll come back and revisit it here but we do have a lot of options to uh track our spend and usage so there's spend and usage which are uh two different things but you know hopefully that makes things very clear when you want to figure out what your spend is go over to your subscription I'll just go back to the um dashboard here and I'll see you in the next one ciao [Music] hey this is Andrew Brown from exam Pro and we are looking at Azure pricing calculator so configure and estimate the cost of azure products you don't have to sign in to use this tool and and what you can do is download Excel spreadsheet and share that uh those costs with your boss so to get there you go to azure.com pricing calculat uh and from there you can you can go in here and you can fill out different things so there's a bunch of different categories the most common one would probably be a virtual machine so you go in there and you say what region it's going to launch in what OS um and all the types of configuration it's going to give you an estimated cost so this one down below is an upfront cost of 0 with a monthly cost of $12. $62 so if you're not sure how to make sense of all the pricing go here and play around and you will get a clear picture of what you're going to spend on Azure so I just wanted to show you the pricing calculator so if you just went to Google and typed in Azure pricing calculator you should be able to make your way to this page and so down below we have a bunch of products we also have example scenarios which is uh uh very nice to see here um so let's say we wanted a cicd pipeline here and we said add to estimate we could get that information for all these components I'm just going to go to single products because it's a bit easier to uh view so let's say we want to determine our cost for storage so let's just go to storage here and uh we will try storage accounts and and then down below uh We've now added storage and so we can enter some information to try to determine our cost so we could do blob file storage table storage I'm going to go with file storage um actually no I'm going to go with blob it's just easier to calculate and so we're going to have the performance tier to premium redundancy lrs um and we're going to be e uh East usest and so if we had a th000 gigabytes I guess it's a terabyte that's $150 uh if we had x amount of right operations x amount of list and create container operations read operations and here we'd have $150 as a monthly cost so here you just have to tweak it based on your uh consumptions um and then generally they'll show you like purchase options but really this just means like go sign up for an Azure account uh but I just wanted to show you what that looks like and just so that you know that you can go explore any cost and try to calculate something before you use [Music] it hey this is Andrew Brown from exam Pro and we are looking at Azure cost management and so this service allows you to perform cost analysis so you can visualize the spending of your Azure Cloud resources but you can also create a budget under the service so when you set a budget you're going to you're going to Define a threshold and you're going to be alerted when you're approaching or you've exceeded that threshold uh and so just to give you a visual uh representation there that is for the cost analysis so you can see you get beautiful graphs and you can drill down and filter that stuff out to really understand how you are spending stuff on azure so definitely check it out and there you [Music] go let's take a look at the concept of resource tags are just sometimes known as a tag and this is a key and value pair that you can assign to Azure resources so generally when you are launching a new resource you're going to have a uh a tags page and this is where you can uh apply that key and value name and just to give you some examples of tags you might want to apply you might want to have a department and then the type of Department status approved uh a team an environment or the project or the location and so you have a lot of uh tags that you can apply and tags allow you to organize your resources in the following ways you can organize them in your uh via Resource Management so that's where you are specifying uh workloads environments like developer environments uh there's cost management and optimization so cost tracking budgets and alerts operation management so uh that could be uh business commitments to SLA operations so uh you might want to tag services that are considered Mission critical Services uh there's security so that's classification of data and security impact so if there's uh certain databases that have uh very specific compliance rules you might want to do that as well which I think is the next example here um or maybe you're defining uh services that are used for automation or or services are for workload optimization so there's a lot to do with tags uh and even even though I don't use them uh frequently in my follow alongs it's definitely something uh is a good habit to do and uh you should do in your production [Music] workloads hey this is Andrew Brown from exam Pro and we're talking about Microsoft pview information protection also known as Microsoft information protection and this is a collection of features within Microsoft pview formerly Microsoft 365 compliance to help you discover classify and protect sensitive information wherever lives or travels so the idea here is that we have this diagram and we have four specific domains that are information protection capabilities around our data and so the first is know your data the second is protect your data the third is prevent data loss and the fourth is govern your data so we'll be going over all these sections in the next few slides taking a look at the four domains here for the Microsoft purview information protection these are features found within Microsoft perview so the first is know your data understand your data landscape and identify important data dat across your hybrid environment so one feature would be sensitive information types this identifies sensitive data by using built-in or custom regular expressions or a function it provides corroborative evidence includes keywords confidence levels and proximity we have built in sensitive labels and you have custom ones as well so then there's trainable classifiers this identifies sensitive data by using examples of the data you're interested and rather than identifying elements in the item so pattern matching and you can use built-in classifiers or train a classifier with your own content so you have trainable classifiers here for data classification this is a graphical identification of items in your organization that have a sensitive label a retention label or have been classified you can also use this information to gain insights into the actions that your users are taking on these items so that's the context Explorer and the activity Explorer the second part is protect your data so apply flexible protection actions that include encryption access restrictions and visual markings so you have sens sensitivity labels Azure information protection unified labeling client double key encryption Office 365 message encryption service encryption with customer key SharePoint information Rights Management Rights Management connector Azure information protection unified labeling scanner Microsoft Defender for cloud apps and Microsoft information protection SDK most of these you won't need to know but we'll definitely cover sensitivity labels then we have prevent data loss so this prevents accidental oversharing of sensitive information here you have Microsoft perview data loss prevention and point data loss prevention Microsoft compliance extension there's a Chrome extension that does compliance for you so it's built in your browser there's the Microsoft purview data loss prevention on premises scanner and protect sensitive information in Microsoft teams chat and channel messages we'll definitely take a closer look at Microsoft perview data loss prevention later next we have Microsoft perview data life cycle management formerly Microsoft information governance which is a collection of features to govern your data for compliance or regulatory so for Microsoft perview data life cycle management it keeps what you need and deletes what you don't we have retention policies and retention labels inactive mailboxes archive mailboxes import service for pstd files and for Microsoft perview records management it manages high value items for business legal or regulatory recordkeeping requirements you have file plan retention labels for individual items retention policies if needed for Baseline retention and disposition review and proof of disposition so those are the four domains in Microsoft purview information protection govern your data is not technically part of it as it's in the data life cycle and record section but I included it anyways so Azure policies are used to enforce organizational standards to assess compliance at scale and policies do not restrict access they only observe for compliance so here on the right hand side in the Azure policy uh port portal uh you're going to see a big list of policies and Azure has a bunch of policies built in for you right away that you can use so if you need to meet nist or fed ramp or Hippa what you can do is just turn those on and it's going to check based on the categories to see if like you're using Cosmo DB it's going to check for that compliance and tell you whether you're being compliant or not and there's a bunch of components that are involved when you're making Azure policies so you have the policy definition file and this is just a Json file that describes business rules to control access to resources you have policy assignment this is the scope of a policy that it can affect assigned to a user a resource Group or Management Group you have policy parameters these are values you can pass into your policy definition so your policies are more flexible for use and you have initiative definitions and these are an initiative definition is a collection of policy definitions that you can assign so it's a group of policies to enforce some kind of compliance like PCI uh DSS compliance and I want you to carefully look at the screenshot on the right hand side where it says defin defition type and you see policy initiative so the ones at the top there is talking about policy definitions and then you have initiative definitions which are just a group of policy definitions all right let's take a look at resource locks so as in a menu might have a case where you want to lock a subcription resource Group or resource to prevent other users from accidentally deleting or modifying critical resources So within the Azure portal you can set the following lock levels you have the cannot delete uh which is basically uh prevents deletion so authorized users can still read and modify resource but they can't delete the resource and the other mode is readon uh so authorized users can read a resource but they can't delete or update the resource uh so those are the two modes uh and that's something uh you might be interested in doing let's take a look at Azure Blueprints and this is a way to enable quick creation of govern subscriptions the keyword there is governed so the idea is like you can go in your account and just create a subscription but when it's a govern subscription that means there's a process uh and certain expectations on how subscription should be set up um so the idea is you're going to compose artifacts based on common or organization-based patterns into reusable Blueprints and the service is designed to help with environment setup so blueprints are are a declarative way to orchestrate the deployment of various resource templates and artifa artifacts I want to emphasize that word declarative declarative means that everything is spelled out so we exactly know what's going to be created and so artifacts could be Ro assignments policy assignments Azure resource manager templates also known as arm templates resource groups and the Azure blueprint service is backed by the globally distributed Azure cosmod DB blueprint objects are replicated to multiple regions so uh they're definitely well backed up uh and so the main main question people are going to ask well what's the difference between an arm template and an Azure blueprint because an arm template can automate the setup of stuff well basically nearly everything you want to include uh for deployment in an Azure blueprint can technically be accomplished in an arm template but the thing is is that an arm template uh you you are you are storing that either locally or in Source control and there is no active connection or relationship to the arm template whereas a your blueprints the relationship between the blueprint definition what should be deployed and the blueprint assignment uh what was deployed and it can also be uh upgraded SE uh it can also upgrade sever subscriptions at once that are governed by the same blueprint so uh blueprint support improve tracking and auditing of deployments that is the thing so they're very similar to arm templates but generally if you have the option you should always use as your blueprints so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at the the Azure portal so the Azure portal is a web-based unified console that provides an alternative to command line tools you can manage your Azure subscription with the Azure portal build manage monitor everything from simple web apps to complex Cloud deployments so what does that mean it just means the browser that you use to access Azure so anytime you're logged into Azure uh that is the portal that's all you need to know uh there's another thing about Azure portal and that's Azure preview portal so uh the thing is is that sometimes there are new features or new products that Azure has made that are not necessarily generally available but you can get a sneak peek of them uh sooner if you use the Azure preview portal so that could be previews uh betas or other pre-releases so the way you would do that is very similar how to you how you'd access uh the regular portal but if you want a test preview of new features you go to the preview. portal. azure.com or if you're looking for stable release and production ready features you just use portal. azure.com so that's all you need to know about the Azure portal so I just wanted to quickly show you what the portal looks like um we are going to show you in this course how to create your own account and work within the portal but I already have one set up here and uh I'm already logged in and if I go to the top here I actually have this portal link now and when I go here we can see what the portal looks like so this is the portal uh you can see that it's telling me about my spend but I'm on the dashboard right now on the left hand side we have this hamburger menu where we can explore the services we can go up here and search them as well so whatever I'm looking for if it's monitor we can go there uh and that's pretty much it this is the portal so it's just the browser when you're logged in and you can interact with any Cloud [Music] resources so in this video I want to go take a look at the preview portal so that you are aware where that is uh I know it exists I never ever ever ever ever go to it unless there is some kind of kind of service that I think is going to get released and I want to teach teach you it um and so I believe that we just add something in front of it so I was just looking up on the um uh like the azures or the Microsoft Tech Community and they're suggesting that it's this address here I'm not really reading it I was just looking for the address and so if we log into here we're now in the preview portal and so we have access to all the preview things um that Azure has so one thing that is in preview right now I believe is ma uh fabric uh Microsoft Fabric and this was just announced I believe or was talked about a lot at the recent Microsoft ignite and so this is a preview feature if we want to use it we have to be in the preview account if we're in um Azure here I'm not sure if it'll let us use it so we'll go over here and just see what happens um I have no idea what the costs are here so you can take a look and just not touch it but here it says uh Microsoft fabric delivers an nend experience create a fabric capacity and then we'll go over here and it's also here as well so what I'm going to do is go ahead and see what happens if I try to create this so it says you cannot create a Microsoft capacity using a personal account you use an organization account instead so um right now I'm still in a free tier account and it has to be within organization so they're not going to let me use this which is totally fine um but I just wanted to see what would happen if I clicked it and I don't know if that applies for any other preview features as well uh I wonder if we typed in preview if we could see what's in preview maybe uh there is a preview features service I've actually never tried to look this up so I don't know I'm just curious myself so exploring pre-release features so yeah it looks like we can see all the the preview stuff here um and there's nothing really popping out at me that we could go take a look and take for a spin um but it is nice to know that if you want to see where all the preview features are we can go ahead and look at that um so yeah that is all good here um and that's all I really wanted to point out now if I could find a preview service to launch we definitely test it uh one thing I'm not 100% sure is how we would go ahead and use preview features in the CLI so just give me a second to find out all right so uh I I wasn't looking for this in particular but it's worth taking a look here so here it's suggesting that if we want to um uh access uh preview features in our account we can go under subscriptions and documentation let's go check and find out if that is the case so we'll go over to subscriptions we'll click into our subscription here and on the left hand side I'm scrolling down I'm looking for document is that what they said I think that's what they said right no preview features and here it is and we'll go into here and we'll give it a moment it might be the same listing that we actually looked up just a moment ago okay and it looks like we can just register them so this is very similar to the the um resource providers it looks like if we want to use them we just register register them um but uh yeah I guess that's all there really is to it I was always told that the preview portal was so that you can only use preview features so if we can register them in the main one what's the point anyway in practicality this is not something you really have to worry about but you should know that there are there are things that are preview uh that you have to do some extra work to be able to access them and just make sure you're not using them in your production workloads because uh Azure might roll back on them and uh you know I've heard this from customers before where it's like they've worked with Microsoft and they worked for like six months and implemented stuff and it really seemed like it was going going to go through investing a lot of money uh and it really seemed like Azure was going to uh stick with it and then last minute they said oh we're not doing this anymore so really just be very wary of preview features you can get excited about them but do not put them in your production workloads but there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at Azure Cloud shell so Azure Cloud shell is an interactive authenticated browser accessible shell for managing Azure resources and so it provides the flexibility of choosing the shell experience that best suits the way you work so you can either use bash or Powershell we just talked about Powershell and this is the place where you could use it in Azure so uh just to give you a visual uh if you ever want to access the cloud shell it's all the way up in the header there in the portal and so you click that button it opens up Powershell or it will depends on what you choose but it will open it up down below uh and then you'll be able to use um Powershell right away and also the CLI right away which we'll talk about [Music] next all right so what I want to do in this video is to introduce you to Cloud shell so um Microsoft Azure has a portal which is what we're looking at uh and and and it basically has uh different Services where we're going to have user interfaces so if we want to say launch a virtual machine they have uh this really nice I don't know why it's asking me to log in again but that's okay but it has this really nice uh UI so that if I want to launch a virtual machine I can just do some click Ops click Ops is when we perform operations through clicking of the Mouse um but in practice a lot of the times especially if you're working in devops uh or other roles is you're going to be Pro programmatically creating resources because it's more efficient or there are cases in Azure where there is no UI and you have to do it programmatically uh this happens especially with newer services or Cloud native Services um so just be aware that you cannot avoid doing some basic scripting programming or uh terminal usage so the nice thing about Azure and most providers have this uh uh now but they have a a way of launching a a a cloud shell a terminal so that you can programmatically enter in commands and so that's what I want to show you in this video so in the top right corner you're going to see um a bunch of little icons here and the first one uh and hover over to make sure that it is what we think it is but it's called Cloud shell and if we go ahead and click that what we're going to get is this um dark box that's appearing below and it's going to say welcome to Azure Cloud shell uh select either bash or pow shell so um there are two uh very popular um scripting languages one is called bash it's also the terminal itself it's not just uh the scripting language but bash is what is used on Linux Powershell is what is used on Windows machines and so this is a a way to Pro programmatically um interact with uh machines and programs and so uh we should take a look at both of them but I'm going to first take a look at bash of course we are in the U Windows uh Microsoft ecosystem so Powershell is going to be what is uh probably preferred when we're using Azure but anyway the first thing it's going to tell you if this is the first time you ever launched it it's going to say you do not have uh uh a storage account so the idea is that um this bash terminal needs to store some data and so it's going to spin up a storage account and we'll talk about that later in the course uh in order to store some of the information here and so this should be uh pretty low cost to no cost so just go ahead and create that resource and uh we'll just give it a moment here and I just want you to know that uh it's still taking time for uh for me to create so uh if it's taking uh quite a few minutes do not stress out uh just keep waiting and we'll see what happens okay I'm just going to pause and and uh speed this up but actually there it is it's done so it took about I don't know 3 minutes for this to uh create that storage account so while this is spinning up a lot of times in Azure they will uh show up in the notifications recent actions and it's not showing up here might be this tab nope but normally when resources are ready or being created they will uh they will show up in the notifications not exactly sure why I'm not seeing it here but I'm going to go ahead and right click and just take a look at notifications and it really keeps asking me to log in not sure why today um but uh yeah if we go here uh we can see uh things that are happening so it started it created subcription that was the start of our account so this I just recently created this account and then it performed a generate not exactly sure what that was for um that's for subscription so totally um not important but I thought we would see and hear things like created a storage account but we don't and that's totally fine so we'll come back over here and going to carefully read here so it says storage file share subscription is not registered to Microsoft cloud shell namespace please follow these instructions to register in future unex unregistered subscriptions will have restricted access to Cloud Shell service so what I'll do is I'll go ahead and copy this link okay and we'll just enter this in here and it's giving us instructions about getting started with Cloud shell so what it's probably asking us to do is enable um uh enable Cloud shell so this is again another thing that we have to understand about Azure is that we need to uh register particular services so this is normally done under your subscription so what we're going to do is we're going to go over back to our subscription so let's just type subscription here and we'll click into our subscription and I want to show you on the left hand side there's a tab called resource providers this is something you're going to be going to a lot and you'll see me go here a lot but the idea is that Azure is made up of a bunch of different services and you have to register or permit uh the access of these services so uh in this tutorial it's saying make sure that Microsoft cloud shell is registered and if I go over here here it is registered so I'm thinking what it did is it did it for us so it said hey it wasn't registered but we did it for you okay and so now we're able to use it but uh you will again see me in many videos at the start of it making sure that we have those resources so um anyway we have this open and uh this is running Linux as far as I'm aware of and so we can run some Linux commands for fun so the first I'm going to type is PWD which is print working directory and then LS to list out the directory and you can see that uh we are getting some input what I want to do is just make this a bit larger it's a bit hard on the eyes and let's see if this Cog here uh will allow us to change the font so yes we can so that's the largest I can make it I apologize if it is uh not better but anyway uh the great thing about these Cloud shells is that they're normally loaded up with um clis uh for um the particular provider so uh Azure has a CLI called Azure CLI and in order to to use it you can type the command AZ so if we type in AZ and hit enter it should uh tell us a bunch of stuff on how to use this and I'm just going to go ahead and hit this maximize button so we have our full screen here and so the idea here is that uh in order to use the Azure CLI we can go ahead and start typing things in so maybe we want to find something about our Azure subscription so I can go down here below and type in AZ subscription or sorry account and we'll go ahead and hit enter and right away it's going to complain because most commands are going to have a command and then a sub command so uh here I'm going to go ahead and type in a account list as it's suggesting uh things that we can do and so what it's doing here is it's returning back to us um uh some information on our account so in this video all I wanted to do was show you how to open up cloudshell um in uh another video we'll talk a little bit more about the uh Azure CLI and and Powershell and and this other stuff but yeah that's about it here when we're done with Cloud shell we can go ahead and hit the X and close that off and we can just forget about it so it's as easy as that and we'll see you in the next [Music] one hey this is Andrew Brown from exam Pro and we are looking at Powershell for Azure so first of off what is Powershell so Powershell is a task Automation and configuration management tool um but an easier way to think of it is just it's a command line shell and it's also a scripting language and so when I say a command line shell I mean this thing this blue thing and so if you have a Windows machine you can actually you'd have to I think have Windows Professional uh but you can go ahead and install this and it's uh allows you to automate things using its scripting language as well as in this uh this uh program now uh powershell's available on Azure as well and we'll get to that in a moment let's just talk about the benefits of Powershell over traditional um uh traditional shells so a shell could be something like bash or zsh uh which would accept and return tax but Powers shell is built on top of the net common language runtime so CLR uh and it accepts and returns net objects so those objects make it a lot easier to automate scripting and so Powershell is available on Azure and it's known as Azure Powershell and so we have a set of command uh commandlets for managing Azure resources directly from the Powershell command line and if you're wondering how You' access Powershell you could use um Cloud shell which we'll talk about here uh in a moment okay so I just wanted to quickly show you a Powershell I'm on my Windows computer right now and this is natively installed on my uh my Windows 10 computer and I can type in commands here and so this is just giving me a list of all my um my my the directories in in this current uh folder but I just also want to show you that we have Powershell here in the Azure portal so I'm using the cloud shell up here and I've chosen to use Powershell and you can see it's pretty much the same experience um with some extra things that make it easier to work on cloud so that's [Music] it all right so in this video what I want to do is show you Powershell so Powershell is kind of like bash except it's for Windows um and uh it's it looks different so uh that's the easiest way to describe it but let's go ahead and get some experience with it so in the top right corner we're going to go ahead and open Cloud shell I'm expand expand this open so it's nice and big going to make sure my font is nice and big and uh notice right away that it launched and Bash uh it's whatever you had open up last you can restart Cloud Shell by clicking this button I'm just going to drop down and click on par shell and just confirm and it will go ahead and open it up so uh notice that Powershell is nice and blue most Windows computers should have Powershell installed I can't remember remember you have to have Windows Professional or not so I could technically open up Powershell on my computer here not going to do that but notice that this is spun up and so now we can go ahead and use Powershell and Powershell has its own syntax and its own way of working um it's a really powerful tool and very efficient when you are working as a systems administrator um but what we'll do is go ahead and ask chat jpt um the same thing we did before but we'll say let's use Powershell Azure Powershell and one thing I want to say about Azure uh or Powershell is that Powershell the Azure package or Plugin takes forever to install so I really uh am not looking forward to the time I I'll have to show you in a future course um installing that because it just takes forever um I don't know why it's always uh it's like that but it's always taken a very very long time I just want to point that out so here it's very similar it's saying okay the first time you use power shell you're gonna use connect hyphen a account um the thing is is that uh we don't need to do this because we're already logged in because Cloud shell will do that for us automatically if we're installing this locally the process would be a little bit different and so the thing is is that Parell is going to follow uh this very interesting convention in terms of how they uh name their stuff so here it's new new hyphen a a resource Group uh and so there is a way of learning um uh that syntax so I I I'm not I don't use Powershell lot I'm very I'm comfortable using it but um uh I just don't use Powershell because I prefer bash but let's go see if there is a Powershell asure uh uh reference documentation because that's what we would uh expect to look for so we'll go over here and I would imagine it's very similar um so yeah commandlet reference maybe it's under here and I said plugin but yeah they're called commandlets uh that's uh and commandlets contain modules so in here we're looking for the module for let's say the resource Group so we'll go here and look for Resource Group if it's not called that let's go take a look oh AZ Resource Group maybe it's a resources and we'll go ahead and type in Resource Group there it is so the modules aren't always named exactly the same but uh anyway if you remember our bash video very similar we're going to go look up that documentation and uh you know it looks kind of similar um so we can go down here and I'm not noticing shorter Flags but um I'm pretty sure that Powershell autocompletes so we'll find out here but I'm going to type in new yes it does and so that's one of the nice things about Powershell at least working on Azure is that they really want to make everything really easy for you so as soon as I started typing new it already started autocomp completing and so I can go ahead and hit tab here and uh I don't know why I didn't take the whole thing but maybe oops and it's not taking the whole thing but we'll keep typing here group and so I can do hyphen name and so uh we'll call this um probably singles I'll stick with singles I can't remember if it takes doubles but we'll say my uh Powershell RG and then we'll do location and here it's saying Central us so even notice like remember like we typed in Us East lowercase and the syntax was different so understand that things going to be different it's still suggesting more stuff um that is good enough so I'll go ahead and hit enter and so um we get that back there we'll go ahead and go to the next command so it's going to be new a storage account so we'll go back here we could also search it here we'll go ahead and just just look it up and we'll click on that one there and so we have a bunch of commands um but you know we just did this so we're already familiar with the the um the inputs that we're going to go into this so we'll type in new and we're going to say a uh storage account and so we need our Resource Group name and this one is going to be my par shell uh whoops my tab nope it's not letting me tab that sometimes it lets you Tab and other times it doesn't my Powershell RG and we're going to name this again these names have to be very unique it's showing that the name is title case so maybe we can name it whatever we want I thought it had to be lower case because azure's really picky again about naming it's very hard to remember because it's so different so I'm going to just double check here we'll go over to storage accounts and take a look if I click onto this and I click on here uh the name must be unique across all Sorge account names it must be uh 3 to 24 characters long and can contain only lower case letters and numbers and I go over here and look it's showing me title case so I feel like it's lying to me so I'm I'm going to ignore it I don't believe it uh unless it's going to normalize it for me which I don't know um but you know what let's just let's try to put it with title cases because it's not supposed to work but we'll see what happens so I'm going to just say my whoops my uh Resource Group or sorry storage account storage account I'm going to put a bunch of random numbers here and then my initials okay we'll choose the same location as our Resource Group so we'll just say Central us and um we should specify the kind of storage it might default to something so we might not even have to um set one here and what what did we have to do for that it was kind so we'll go here and look up kind yeah here it says blob storage so um it's not saying the flag here directly well we'll just do storage version two it's fine so we'll go here and just say um kind storage version two it's interesting that this doesn't require notice here it's not indicating single quotations I would assume that it would want it everywhere but we'll go ahead and hit enter and see what happens and so it says commandlet new a storage account at pipeline position one failed um and so it's saying that the SQ SQ name was not supplied I'm going to do control C on my keyboard uh to just ignore that but it's trying to prompt me to say hey you got to fill that one in so I thought we could get away without it so I'll go back and hit up on my keyboard and I'm going to type in hyphen I'm going to say SKU name and we'll go with standard lrs because that sounds like the default to be honest and we'll go ahead and hit enter and right away we're getting a problem and it's saying my storage account Etc is not a valid storage account name that's because it lied to us it was Auto autocompleting with title case and I knew I knew for sure that wasn't right so I'm going to hit up on my keyboard and scroll on back and I'm going just take out those uh those capitals here okay oh and it's there's still a mistake we got to get rid of that capital S there and it still doesn't like it it might be suggesting the name is too long um storage count must be three letters and length lowercase only I'll just take some letters out here like that what does it not like oh you know what AB is and caps that's why so go ahead and do that I notice it's talking about up upcoming breaking changes so it's even suggesting things that might change and so uh you know uh B who's the other Andrew that is at exam Pro my co-founder he loves Powershell and he always tells me like how awesome it is that it gives consistent output it's very good at chaining programs together his background was managing Windows machines for years I more on the the Linux side so um you know I'm going to be more biased for that but uh a Powershell is a very very powerful Tool uh we're definitely not even coming close to tapping uh all the power of it right here but notice that it created that storage account we're going to go back over to uh our our portal and we're going to go into storage accounts if you don't see it there you can just search it and well actually I don't want to go here I actually want to go to Resource groups and what we'll do is we'll go ahead and just clean this up because we're totally done with it make sure it's my power shell RG not this one that's your Cloud shell that we're we're using right now we're going to go ahead and delete that Resource Group and I'm going to go ahead and copy it and paste it down below we'll go ahead and delete it we can go back over here close that out and uh yeah just make sure that that does delete but um there you go so now you got some exposure to bash and Powershell so you're on your way of getting some good programming skills there okay [Music] ciao hey this is Andrew Brown from exam Pro and we are looking at Azure CLI so what is a CLI well CLI stands for command line interface and it processes commands to a computer program in the form of lines of text and the operating system implements a command line interface in a shell or terminal so we saw a shell earlier which was power shell um but uh we'll look at what uh CLI commands look like here in a moment so the Azure CLI can be installed on Windows Mac and Linux once it's installed you would type A Z followed by other commands to create update delete View and manage your Azure resources and so to really show you what that code looks like down below we have a bash script but this could easily be Powershell and you have the commands AZ and then you would have what it is that you want to do so if you want to create a group you type a group create and you provide the name and the location or let's say you wanted to launch a virtual machine which is a server you do asvm create uh and then provide those other parameters so that is how you would pragmatically create um Azure resources and there's tons and tons of CLI commands uh for Azure so you basically anything you're looking at pretty much can be created with the CLI Pro [Music] programmatically all right so in this video what I want to to do is get you more familiar with Azure CLI um it's very very very very very important that you get some scripting programming any kind of exposure to that because most technical roles in Cloud require you to touch some kind of cod like thing um and again Azure uh doesn't always let you do click offs with all their services and sometimes you'll be copy and pasting command so it's important we get comfortable with that as soon as possible so what I'm going to do is go in the top right corner and open up cloudshell we learned how to do this uh previously so watch the cloud shell video if this is the first time you're launching it I'm going to go ahead and increase my font size to large we're going to wait for this terminal to start um I just recently had cloud cloud shell open so it opened up very quickly for you it might take longer and I want to remind people that the Azure CLI is pre-installed on here so if we type in AZ um we should get back some um output just understand that sometimes there are uh Network latencies so you have to be patient but we're getting stuff back so uh what would be really interesting is to go ahead and launch something anything here uh via the CLI and so before we do that I just want to show you how would you find out CLI commands of course we can uh type in a and see them here another way that we can look at Azure commands is by looking it up so we can say Azure CLI reference documentation because that's often what CLI um interfaces will have is they'll have a reference documentation and carefully looking here this is at the learn website which is fine uh we'll try the first one here and what I'm looking for here is the reference so here it says Azure CLI reference and I'll click reference A to Z I personally don't like the way that Azure lays out their docs for the CLI I definitely prefer uh the way Google or um AWS does it but we got what we got and so uh here we have a bunch of different commands and uh they are going to correspond to different things so let's say we want to launch a storage account which is something that is very common for us to do I'm going to type in storage which is one option um and we're going to go here and just expand it and we'll look at summary and so we have some options here um one thing I want to point out with the documentation is the status so the status indicates whether these CLI commands are are going to are are going to be supported or whether they uh might be uh gone in the future so ga stands for uh General availability meaning that Azure has decided that they like this uh feature and they're going to keep it uh preview means that um they're very likely to um they might uh bring this feature to all customers and Azure likes to have a preview and a gener general available um I think it's a subcription or something somewhere there's a way to access it or the portal is different I always forget but my point is is that um if you want to utilize uh preview features in Azure uh you have to go some somewhere else to do that um and so if you try to use a preview feature and it doesn't work it's probably because you're not in the whatever preview setting I'll do another video on that so that's very clear but my point is is that always stick to the ga do not touch preview do not touch experimental because if they do uh get rid of those things and you rely on them you're going to run into trouble but anyway I'm interested in a storage so I'm going to go ahead and click in Click into here and notice that when I clicked into storage we have a big drop down of a bunch of stuff and again notice um where it says where it says type core so it's a core command or some some are extensions stick to core stick to GA and they just have a lot and a lot of CLI commands other providers like adab us and gcp do not have this many commands um for whatever reason Azure likes to take uh uh uh take their services and put them under umbrellas uh and they also uh like to just keep adding stuff uh and so you might have um CLI commands that do exactly the same thing and so there are a lot here and it can be really hard to figure out what to do so I'm going to go over to chat jpt and we're going to get its help to kind of narrow down what it is that we want to do so I'm going to say I want to create a um blob storage account via the Azure CLI and we'll go ahead and narrow down the commands it's going to provide us now chachy BT can go out to the internet and it can bring us back stuff but we have to double triple check it because it's not intelligent uh despite it be calling AI but it can give us an idea of where to get started so the first thing it's telling us to do is to do a login and that's great but um we don't have to do a login because when we use cloud shell we're already logged in if we were to install the CLI on our local computer we would have to uh utilize ay login in order to First gain access so we can skip that step the next thing it's just uh saying is to create an Azure Resource Group which that makes sense uh we always need to create a resource Group so let's go ahead and see what we can do and I want you to follow along and do this in your own account okay so the first thing we want to create is an Azure Resource Group um and so we'll just quickly talk about that here I'm going to open a new tab and every time I do that it wants me to log in totally fine and if we type in the top here uh a resource Group is a way of grouping together resources and um uh it's different like if you come from ads everything is with an account if you're in uh a gcp everything's within a project and in Azure everything is within a resource Group um and so before you create any resources you need to put them in a resource Group and often you need to create a resource Group so that's what we're going to do we're going to go back here and this command is a group create so let's go take a look for that command over here and find it so I'm going to type in resource not very useful so what I'll do is just search for it man manually and we have resource manager that's probably what it is and here we have a group I think that's the command it's asking us to do we'll go ahead here and we have create so we'll go ahead and look at this and we can see it requires some parameters it wants the location so that is something it might want it says that's a required parameter uh there is the name that's a required parameter then we have some op optional parameters and we can do some tags so uh here it's saying Resource Group and location and so the the the location is going to be a Azure region and then the resource Group is going to be the name so let's go ahead and start typing that in here so I'm going to say AZ group um create and then we'll do sorry for the little popup there it gets into the way I'm going to expand this to make our lives a bit easier I'm going to put in here um we had a short flag so we have the long flag or the short flag FL I'm going to use the shorter one CU it's a bit easier to look at we'll do L and we probably can do us East one uh or east us that's what it is I'm thinking about AWS right now that's my problem and um the other thing is the name so that's a hyphen n apparently it can be hyphen G as well which is fine so we do that and I'm just going to say um Azure CLI and this will be blob because we're going to create a a blob storage account and so what what that's going to do is it's going to go ahead and create it and so notice we got Jason back that's usually a good indicator that it is working correctly notice that the provisioning state is succeeded sometimes this will come back and say it's creating um but resource groups create basically instantly let's go over to our Resource Group uh Tab and we'll give it a refresh I want to point out that um sometimes Azure is very very slow in showing you what you've done um azure's uh portal is one of the most robust portals uh compared to every other provider and that is great but the disadvantage to it is it's very hard for Azure to propagate that information uh to us and so sometimes you will do something and you won't see it and you'll think that you did it wrong or you didn't create it but all you got to do is wait around so just have a lot of patience when you create something you don't see it and double triple check with Azure so here we can see we've created our azure CLI blob so that is there I'm going to go back over to our instructions and we're going to look at the next one so here it's saying AZ storage account create and it wants the name and the resource Group and the location the SKU and the kind so what I'm going to do is I'm going to go over here and we're going to look for storage okay and again I just really want to point out that if you're going to use any generative AI don't blindly follow it double check the docs always double check it so here um I think we're doing a storage account create yes we are and in here I'm going to search for create here it is good I notice it has a lot of flags so there is a lot here um I'm not sure exactly what uh we'll need for this but I'm pretty sure we can do these basic ones and it'll be fine so I'm going to go back over here and type in a storage account create and then let's take a look at the flags it wants so it wants the resource Group so let's go over here and take a look at the flag so Resource Group can be a hyphen G I think I like that so we'll do hyphen G and it wants it to be the name of the resource Group we name this Azure CLI blob so we go ahead and paste that on in here good we'll go next back over to here it wants a name we know that we can put hyphen n for name here and notice that um the resource Group allowed us use the hyphen G or hyphen n flag to name the name but in this one hyphen g means the resource Group and hyphen N means the storage account name so uh there might not be consistency in terms of the flags uh uh between like short Flags between different commands so again just always double triple check and don't just assume we'll go here to the right we have our location so we'll go here and do uh well we got to give a name for the storage account now storage accounts I believe have to have um all the everything lowercase no spaces uh Azure is notorious for having crazy naming for every service they're all different and I think it's treated like a URL like a domain name so you have to make it uh unique so I'm going to say here my uh storage account and I'm going to just put uh a number in here so I'm going to put 1 two 3 4 and I'll say AB for my initials you make it very unique so that you don't run into any troubles we're still not hitting enter we'll go back over here um did we do the location so do hyphen L East us and we'll go back over here again and then there's the SKU the kind so I know the storage is going to be version two that sounds good to me so um I'm going to double check and look for the short flag as I prefer those so we'll go hyphen hyen kind here and so we have a few options blob storage um blob block storage file storage Storage storage version two so um I believe that we can do blob storage under storage version two so we can do either or um so I'm going to just stick with storage version two because it's totally fine and uh it's this one doesn't have a short flag so we'll have to do it in full also note that if we're using the CLI we're programmatically doing stuff um it's not going to warn us about free tier stuff uh when you use click offs you get a lot more information through the portal when you're using the CLI it's just programming so it's not going to give us the same amount of stuff so we'll go back over here and we need the SKU so let's go take a look at what it wants for the SKU the storage account SKU so this is going to determine um uh the the replication of resources and so I I just want to go with the standard one now notice it says a default value so sometimes if there's a default value if we if we don't include it it will default to it so I'm hoping that's what's going to happen I'm going to purposely leave out the SKU I'm going to go ahead and hit enter and see what happens okay and so it's creating it or running it and we'll just give a moment and see what happens okay all right so um we got a bunch of uh output back and it looks like it was successful um so what we'll do is we'll double check we'll go to the top here to micros Azure we'll type in storage accounts and we can see that we have our storage account so we've done something Pro programmatically there is for stuff that we can do here we can go ahead and create our blob we can uh list the containers I don't want to do all those things right now I just wanted to get you a little bit experience working with the CLI um and uh being comfortable with that another thing I can uh say is that the CLI will allow you to Output to different formats um it might be hyphen o or something I'm not sure if it will show it here because that's kind of a global flag so yeah it's hyphen o and so let's say we wanted data in a different format we could choose something instead of Json we could get table yaml or something else um so I'm going to go here and just say uh here it says Azure storage list I want I just want to list um all the accounts I'm going to see if uh that works here I'm going just say a I'm just guessing but I think it's a storage account list and will that list out storage accounts for us notice it came back as Json so if we wanted to change the output we can give it a hyphen o flag and uh the the output format probably will vary per um command so don't expect the output format to be for all them this is defaulted Json uh let's take a look at yaml and type that in here there we go so that looks uh a lot more readable and I I really do like yaml uh we could also try table format so let's do that that's a very common one when you're in the terminal okay there you go so kind of looks like a table it's a lot of information so maybe not as nice as we'd like it to be but that's the basics of uh working with Azure CLI it definitely gets a lot more complex than that but again I just wanted to give you confidence with it so now that we are done with that resource I just want to go ahead and delete it uh so I'm just going to go ahead and close out cloudshell and we're going to make our way over to Resource groups so I'll type in resource groups at the top here and on the left hand side I'm going to Azure CLI blob here is that resource that we created I'm going to go ahead and hit delete res Resource Group and um I'm going to go and enter the name I like how they say enter the name but you can go ahead and copy paste it the idea to type it in is to make sure that you are you know what you are deleting but uh they've even uh expediated that so that is deleting and that's all I really wanted to show you um with the um Azure CLI okay so we'll see you in the next one [Music] ciao hey this is Andrew Brown from exam Pro and we're looking at Visual Studio code so visual studio code is a free source code editor meaning it edits code made by Microsoft uh for Windows Linux and Mac OS and you can even run it in the cloud and if you're wondering what it looks like this is the editor and this is not to be confused with visual studio so visual studio is an IDE uh and it is also for programming but it has a lot of functionality built in here um is Visual Studio code op Source well they say that it is but I don't know to what degree I don't know if it's 100% open Source but this is the most popular um um text editor or code editor um out right now and Microsoft has or sorry Azure has a service called it's like Visual Studio workspaces that's on Azure and it allows you to spin up these developer environments using this editor right in the cloud I don't think it's going to be on your exam but I just thought it was cool to mention uh and if you don't have a a code editor I strongly recommend downloading this one for your computer because it is great so I just wanted to quick show off visual studio code here um so if you wanted to go download yourself you just type in Visual Studio code into Google and you should end up here and you can download a version it's for Windows uh Mac and Linux so you can download for anything and you can run it in the cloud uh on Azure or even launch your own server on other other on other uh Cloud providers I just have happen to have Visual Studio code open here with an open source project um just to show you what it looks like the the thing that people really like about it is just it looks great and it has really good plugins so if just go to extensions here you can anything you need uh you can add it and enhance uh this editor here if you don't have a code editor I strongly recommend downloading this and I just wanted to make make you uh um familiar with this editor [Music] here all right so in this video I want to introduce you to um Visual Studio code and maybe we can go ahead and use a bit of azure SDK um in order to Pro programmatically uh set up a resource so this is very similar to how we use the bash CLI or P Powershell CLI we're going to use a programming language to do it and um again I really believe that you should learn this as soon as possible because uh very quickly you end up having to touch code or scripting or something so get comfortable with it right away here um so what you're going to need to do is install in Visual Studio code I'm not going to show you how to install that it's not that hard to learn uh but you're going to go look for visual studio code you're going to install it this is a free and open open source um um uh coder or code editor and once it's installed we can get go ahead and start utilizing it so you go ahead and install it I already got installed in fact I got a project open here not the project we're going to use but this is actually how I um Stitch uh the big video when I send it over to free Cod Camp so I have a bunch of scripts here but uh what I want to do is once you have it installed we're going to go ahead and create a new um a new folder so on my desktop I'm going to go do that so let me just make some room on my desktop to here okay all right so I got some nice room on my desktop I'm going to make a new folder here and I'm just going to call it um Azure uh because we keep doing things with the storage bucket so we'll just say Azure SDK example uh you can name it title case lowercase however you want to name it but uh just make sure there's no spaces in it I know that's a bit hard to read on my background here but we now have a folder and that's just going to give us a place to start working with so I'm going to go ahead and say file open folder and this is point to my sites directory so I'm going to go back and I'm going to say desktop I think that's we have a desktop there right and um I'm going to say show local so it'll just open it up here make our lives a little bit easier I'll click on desktop here I'm going to choose Azure SDK example select that folder and so it's going to open that folder up and it's opening up my whole desktop which is really not what I wanted to do um that is totally wrong so give me two seconds okay all right so what I'm thinking is what we'll have to do is try this again so we'll say open folder and we'll go to desktop and we'll double click into that folder make sure we're double clicked into it and say select folder there we go so we're in that folder looks like we're not in there but it's here uh in the top and you know again I'm not going to go super heavy into this because this is a completely separate discipline but do your best to follow along so we want to create a new file you can do that by going to file new text file up here you can also click this little icon here to do that so we'll go ahead and say new text file and the question is is what are we going to write our code in because um we're going to need to uh write this in some kind of language and so I'm just trying to decide what we can use here um so that is a another question as well so just give me a second to think about it okay you know instead of thinking about it what I want to do is I'm just going to go ask um go ahead and take a look quickly so we'll say it's probably in the slides but I you know I can't remember all these things off the top of my head AZ dek languages and so we'll go here and we'll take a look and we have uh Android C go C C++ iOS Java JavaScript python no Ruby which I mean I think there's Ruby somewhere but uh they haven't been maintaining it very well so we do have a few options here uh the question is which one do we want to use uh I don't really like any of these languages um but but we're going to have to make a choice and so I guess we could use C so maybe what we'll do is go ahead and use C I almost feel like I'm going to regret using that so um all right so anyway what I want to show you here is um yeah we'll write some C code and actually we're going to cheat we're going to go use chat GPT because I really don't want to uh spend forever uh figuring how to do it so we'll say uh um using the Azure SDK for C uh let's deploy a new Resource Group or a new storage account in a new Resource Group group for blob storage okay so we'll go ahead and hit enter and we'll see what it produces deploy a new aure storage account for blob storage in a new Resource Group using Azure SDK you're going to need the following so it's going to say install the Azure SDK okay and so we'll just give it a moment to uh uh spit out some stuff all right so it's produced some code here and so just taking a look here we have our code example it's explaining everything here but I don't need that and so the idea here is that we first are doing our Imports most programming languages are going to have you require import resources um so obviously resource manager for uh uh uh creating the resource and then we need storage for storage accounts um identity for probably connecting to Azure um that's most likely what it is system is for system stuff so maybe for doing outputs and things like that and right away we can see that we need to create our uh credentials and then from there it's saying initialize the arm client so arm stands for Azure resource manager so I imagine um that has something to do with um maybe resource grips we'll see here in a moment so we create the Azure resource manager client and from there we can get our default subscription that makes sense and from the subscription we'll get our resource groups and we'll create or update a new one here and so here it looks like it's going to create our Resource Group the next we have um our storage management client so it looks like that's how we create our storage account or at least it's the the manager for it anyway and then um create we're creating our storage account okay that makes sense if this looks very verbose and uh tricky it is um it's just the nature of c c is a great language um but I'm just going to say that the way they choose to name things here I even find a bit confusing and I work with every single programming language but we do have some code here and so the idea is that we can go ahead and copy this code and I'm going to go ahead and paste this into Visual Studio code now I do want to point out that um in order to run this program we actually have to have C installed and I'm not even sure if I actually have that installed on this computer um so we're going to have to see what we can do uh there so I'm going to go ahead and just save this file and I'm just going to name it uh we'll just say storage new storage account uh. CS because that is the extension for C and so it says do you want to install the recommended C extension for the language we'll say install so the thing is is that Visual Studio code on the left hand side they have extensions and they have extensions for everything and and I just want to point out that Azure because uh Microsoft created this project and Microsoft owns GitHub and all this stuff is uh Visual Studio code has tons of synergies with um with Azure and in fact you can create resources and other things uh via uh Visual Studio code directly um so here it says the net cor SDK could not be located um and so we can go here and say get the SDK says do you want to uh uh want to code to open the external website yes and it's complaining because it's saying hey you don't have this installed it's not going to work and so we could go ahead and install it here that is one way to do it um but the thing is it really depends on what kind of machine you're on if you're on Windows or Linux or Mac OS it's going to be a different installation process so we can do it this way but there's another option and the other option that um I'm going to recommend is to not do it locally but do it in a cloud developer environment now most um um cloud service providers have have a cloud developer environment uh adab us has Cloud9 gcp has um I forget what it's called project idx and they even have one built into their uh their platform but for whatever reason all we get is cloud shell in Azure so um I like to think of github's code spaces as azure's um Cloud developer environment why it's not directly integrated with Azure I have no idea so what I'm going to do is I'm going to go over to GitHub and you are going to have to create a GitHub account and they're free and you should absolutely have one because every person that's working in Tech should have a GitHub account but I'm going to go ahead and log into mine I'll be back here in just a moment and if you don't have one go ahead and create yourself a GitHub all right so I'm in my GitHub account and what I'm going to do is I'm going to create myself a new repository uh and again don't worry if you don't know all of this just do your best to follow along um because there is a lot to learn here and I'm not trying to overwhelm you but let's go ahead I'm going to choose um the owner is myself so you would have chosen a username when when you signed up mine is Omen King I also have like another account called exam Pro Co I probably should use that one and we're going to just say Azure SDK C example uh so you can name it exactly the same uh these are you uh you can have the same name for repo that someone else has because it's going to be based on the scope of your name here we can make it private or public I'm going to make it public uh that that way everyone's going to see it I'm going to add a read me here as well and we're going to go ahead and create this repository so go ahead and create that and we'll just give it a moment and so now that that's been created um you're not going to have this get pod button here but what I'm going to do is drop this down and it's sorry code I want the code button here and we have this option called code spaces and so here um code spaces does have a free tier or they should have a free tier anyway yeah up here and the free tier is going to let us run for a short period of time I'm not going to get fully into that because because we're not going to be doing enough coding to even worry about that but we're going to go ahead and create ourselves a code space on Main and U honestly I actually prefer git pod for cloud developer environments the reason I'm using codes spaces is because um Visual Studio code has a Marketplace so if we go ahead and type in Visual Studio code Marketplace and um these are extensions for visual studio code it's when we're over here on the Le hand side and we're installing uh fun plugins or extensions they're coming from this Marketplace and even though I prefer git pod um uh this portal this is or this Marketplace is provided by Microsoft and it's a proprietary um Marketplace so all of the official Microsoft Integrations are here and if you use um uh a git pod you're not going to be able to access the full Suite of these you could technically use them if you opened G pod within local Visual Studio code I'm not going to do that here today we're going to just go ahead and use um code spaces and I don't use code spaces that often but we're going to use it here the first thing I want to do is change the theme because I do not want to look at white so I'm going to go all the way down to the bottom to this Cog here and I'm going to go and go to settings or themes here we go and we'll choose color theme and I'm just going to go and say dark Visual Studio code and now my eyes are thanking me for uh putting that effort in and so what I want to do is create a new file so we can upload new files here by dragging them so on our desktop here uh we have this folder uh and this file so I'm going to go ahead and just drag this file on over okay and the thing about uh codes spaces and and G pod is that they should have a lot of these things pre-installed so down below here it says do you want to install the recommended C dev kit yes please I would love to have the dev kit so the devkit helps you manage your code with a Solutions Explorer and test your code sounds great to me and we're going to go Ahad ahead and let that install now I want to point out that the way these Cloud developer environments work is as long as you are running them they are consuming spend so if you are trying to walk away and go get coffee or or food please please please make sure you close the tab um so that it's not just running and you're uh exped uh utilizing uh credits or usage uh again you're on a free tier but let's make sure we don't use up all that free tier so I think that extension is now installed and so uh we should start to be able to use uh C so what we'll do is go back over here and we have our new file and it's right here uh and so we have our program uh and so we should be able to run it so there's a few values we need we need our subscription ID our Resource Group name our storage account our location okay so these are the few things we're going to want to fill out um so I'm going to go here and yeah I'll take West us I don't care it doesn't matter we'll say West us then we have our storage account name remember that has to be very unique so I'm just going to say hello world and I'm going to put a bunch of numbers here and I'm going to say AB remember to keep it lowercase and not any trouble here and here for the resource resource Group we're going to say my um SDK did we already create one no we didn't so we'll say my SDK um RG and then we need our subscription ID so we'll go over here subscription ID is is going to be um if we click uh into our subscriptions it's right here so we'll go ahead and copy that in okay and we'll make our way back over to here I'm going to go ahead and paste that in we'll say allow good we'll click oops try not to add any additional characters by accident be very careful but yeah that looks fine to me and so I filled in all the things that it's say saying that I need I also want to point out that you know chat chapt generated the code but it doesn't always give you good code so just understand that we could run this and it it could possibly not work um and it might even give us things that we don't want so always make sure you can understand what you're reading so here it's saying it's using the standard lrs which is good it's using storage version two so everything that we've been doing up to this point and so now I want to run this code um so uh again I don't run C code a lot but sometimes it uses mono sometimes it uses um different engines for running but let's go take a look at our extensions and we'll click into this one and see if there's any options to start running it so it does say there's like build and run options here um so it says command shift net build so it's possibly we can build it that way and that's probably the way I'd like to build it so we'll go back over here and the thing is that we have haven't logged into anything so it's my assumption that this isn't going to work okay so what I want to do is I want to open up the command pallet so I believe we go down here to the bottom left corner click the Cog if we do if we type in shift uh uh control shift p or click this button it'll open the command pallet and what we're looking for is that net build so I'm going to go ahead and do net build and see if that works I did click it we'll try this again command pallet says we used itm build and I'm not seeing anything happening so did it build I'm not sure so give me just a moment all right so I went over and I asked chbt how can I just run it and it was not helpful whatsoever um it did tell us that we should probably have the a uh the um the Azure seall which I absolutely agree so this is a great opportunity for us to uh do that here in fact it might already pre be pre-installed so if we just type in a is it here here no it does not um so maybe that's something we can go do so I'm going to go type in AZ CLI install and we'll go get the instructions for that and so I want to install this for Linux uh we're probably on Ubuntu or Debian so I'm going to go ahead and click that and I'm going to go to install Azure C and so we want this on line command I've done this a lot of time so I know it's this on line command so we'll go ahead and copy that and we'll go back over to GitHub code spaces and we'll go and paste that in there now I realize this font might be a little bit small so while that is installing I'm going to go ahead and increase our font so I'll go ahead and increase our font size I'm going to type in here terminal and if you're finding that I'm going really fast the great thing is you can always go back and watch the video I really do encourage you to try to work through the steps and try to figure out what it is that I'm doing um of course I could go a little bit slower but um the best learning is the part where you're going to go out and uh you know try to really figure out what it is that I'm doing here so that's why I'm not being super super detailed and slow with these steps um but uh you know just be aware of that so I'm just typing terminal font in here because I want to increase that font uh there it is and so we'll just say 24 there we go that might be a little bit too big we'll go down to 20 okay and so the CLI is now installed so if we type in AZ um it will now should prompt us and so now the next thing we want to do is log in so I'm going to type in a login and so what it did is it as soon as we typed in a login it popped up a new browser window and it's allowing us to connect to Microsoft Azure so I click this and uh even though it's not going anywhere that's totally okay we'll go back over here and it didn't work because we are not doing this on our local machine we are doing this within a browser so it says if uh if no browser is available or if the web browser fails to open use the device code below so that's what we're going to do we're going to actually do that instead so I'm going to type in a login hyphen hyphen user device code and hit enter okay and we're going to give it a moment here oh and then it says copy this link so we're going to go to this link here and hit enter and it's going to say enter this code in and so we'll go ahead and enter in this code that it want okay and we'll hit next and then we'll pick our account are you trying to log with the a CLI we absolutely are we'll go back over to here and it now gives us output so we are now logged into Azure CLI so now that the CLI is installed um we're in better shape the thing is when you when you log into the Azure CLI uh I don't know where it is but it's probably dumping some kind of file locally onto this computer onto this workspace if I type in LS so somewhere in here I'm not sure where but somewhere in the in the in this on the storage of this workspace in the cloud it's storing the credentials to log Us in so we don't have to pass in or we shouldn't have to pass in credentials here and when we run the script it's going to rely on that local file uh and it should pull it from these default credentials so the next thing I want to do is run this program and it really did not tell us how to do that so um I I should know how because I do have uh my own uh unpublished thing so I'm going to go take a look and find those instructions all right so I just want to point out that you will not have access to this this is totally private but I'm just trying to find notes from it and I also wanted to prove that I actually do know all the programming languages for cloud um but knowing them uh when I say I know them I mean like I've used them all and I've made really good notes notes and so when I need to go back to them I can always look it up and so somewhere here we should have some notes for c um and because there's a few different ways we can run it there's a program called CSC uh which is the turbo compiler um so it depends on what we want to utilize and we could use nougat we could have also created a net uh a net project that's probably what we should have done um so that's probably what we should have done is we probably should have created ourselves a net project because now that I'm um remembering that's pretty much the way that we do it okay and that's going to make our life a lot easier for um utilizing so what I'm going to do is just take a look here and let's go back to chat 2bt and say okay um how do we use the Azure SDK C and we create a new new uh uhet project okay and so this should be more in line in terms of what we want so chbt is only good if you know what to ask it and it's talking about new get packages and that definitely is what it looks like I was doing there before so we'll give it a moment here to help us uh see what's going on I just want those commands and it's asking us to do this through it's it's like telling us to click through it's going it's saying like go up here and click click click like create a new create a new project in there but that's not how I want to do it I want to do it via the um the CLI and all I wanted to know was whoops I just closed that tab we actually needed that tab um but what I wanted to know was what framework version does it want us to use because uh that could matter right and that's what we're not getting answer uh for so that's kind of important so we'll go back over to here and it's really really really not helping us this is not helpful whatsoever so I'm just going to tell it to stop talking because I know it's not helping us and I'm just going to pull up that example again just give me a moment all right so I have this pulled up again I'm going to go back to my hello world again you're not going to have this you don't need you don't need to have direct access to this it's fine um and then down below there is the thing here so we need to create ourselves a new project we're going to say new console because it's a console project and we're going to want to have that package so I'm just going to drag this off screen so I can see it and type it and then you'll just have to follow along here with me okay just give me just two seconds to be able to see this here and okay so what we're going to do is go back over to here to our project and and I'm going to try this I'm going to typee in new new console hyphen n we're going to say package. net and we're going to try framework net 60 even if there was a newer version of the framework we could use for um C or for net sometimes it doesn't like the latest version um so even over here like I made a note I said even though net is the latest neither fake nor bogus works with net 7.0 so you know I'm going to try to use seven and hopefully we're not going to run into issues here and so it did a bunch of stuff and it created this uh package over here so it actually created a folder called package. net if we open it up uh we have a program and so that's where our code has to go so I'm going to go ahead and I know this is a bit of a mess but I'm going to go ahead and copy this over here and I'm going to take all of this and we're going to cut this we're go over this program and we're we're going to paste it into here okay and I'll delete the old file here so now we have um our package um and we're in better shape so now we can probably use those net commands to um build the package that's probably what we can do here so that's what I would like to do next so I have to find that command um I believe it's just net run so if we type in netrun um that should probably do it couldn't find a project so we probably have to CD into that folder so I'll type in CD package h.net enter I'm going to type in LS to see what's in there I'm going to type in cleer clear to clear the screen I'm going to go ahead and type Inn net run okay and hopefully it's just going to run it now we didn't install any uh packages for it so I don't know how we would know how to run these it looks like it's actually complaining it's saying uh the typer namespace name Azure could not be found it's talking about this up here so normally you like in programming languages you have to install packages or libraries and every single um programming language usually has its own package manager and I believe the one for um uh net or the the one for that one is called nougat n u g so there's probably a way to add it and it's actually probably part of because I'm looking at my commands here it's probably part of um uh n get's probably part of net so I'm going to type in net add package and we need to figure out what the package name is so I'm going just type in Azure because it's probably what it is I'm going to go ahead and hit enter and uh we have to actually spell net correctly for that to work again this is just me totally guessing but I believe that's what's going to work and so I go up here and it looks like it's trying to install something it's talking about this falling back here and then it says error there is no version available for the package Azure so clearly there is uh something more to this here so Azure uh net net n get package and version so that's what I'm looking for here okay and I'm just trying to find what it is so I don't want to search the internet for that so I want to install the Azure SDK via net add package what is the command okay once you know programming chat GPT is great because you can narrow it down and help you save you some time but uh it's not always easy and sometimes it just doesn't tell you what you want to hear right away so here it's saying Azure identity ah so it looks like we might have to do do them individually okay so let's go give that a try so I'm going to go back over to uh GitHub uh in our uh code spaces now let's try each of these individually so I'm hitting up I'm going to try identity let's see what happens it looks like it's installing that looks great okay great so we're on to something here excellent so we have that one the next one is resource manager so I'll paste that in there enter just going to bring this over here um I don't know if we need to specify these individually underneath so I'm just going to copy them anyway and just try them again I don't know if we have to do that often when you have the top level one you get them all but since um doing the top level Azure didn't work I don't trust it and it did install something so that looked like that work we'll do storage next and these two are not going to do because these are buil-in packages we don't have to go ahead and and install them very common for most languages so I'm going to type in clear here to clear on our screen I'm going to hit up up up till we get back to that run command and we're going to try that it says there is no given argument that corresponds to the required parameter data um here and it's saying on line 2490 so we're going to go down below and look at line 24 and it's complaining about this uh saying something about data so there's no argument given that responds to the required parameter data um and so probably what might be happening here is either well chbt gave us bad code um or it it's looking at Old documentation so it's not that it purposely gave us bad code it just doesn't know what's the latest there's a few other errors here like the name s s KU name does not exist in the current context the kind does not exist in the current context and it's talking about this here so it really looks like like um uh chat GPT lied to us okay so what we can do is we can just go ahead and paste this into chat GPT and see if it can try to solve it for us if not we can go look it up ourselves uh we get the following errors uh from the code provided earlier in this chat okay so uh for me like I would just go out to the documentation go fix it um I'm trying to show you how you would do this if you don't have the same kind of uh programming skills so here it's saying the errors you encountered uh project suggest some issues great so it's just going to tell us what problems it had and then we're going to wait just a moment and find out um what it is make sure you have the latest packages well we just installed them so it should be correct okay well the other thing is that we don't know what versions uh Azure was using right so that might be the issue check the latest SDK documentation of course yeah so it's okay the suggest code changes like come on you're not really helping me today chat GPT all right and we'll take a look here at what it's saying so looking at this very carefully here it says uh new Resource Group data and then this one here is saying create or async um so it looks slightly different the meth seems to require additional parameter okay it's guessing it doesn't know what it's doing so I really don't trust it anymore and so what we'll do is we'll go back here and take a look at our code the first one it failed on was line 24 all right and so that's on here so um we need to go figure this out I'm going to close some of these tabs because we're kind of getting overwhelmed with tabs here and I'm going to go type in Azure SDK C and we'll go over here uh we'll say storage accounts and we're going to try to figure out if we can find some official docs okay ay login we've already done this here they're using visual studio we're not using uh well this this is how it did it over here which is fine um but we just want to see the reference docs so yeah it's talking about blob storage which is great let's go to reference Azure uh it might be whoops might be over here Azure SDK C reference documentation we'll go over here and uh we're looking for these commands so the first one it it mucked up on was line 24 so I believe this one's okay uh this is for creating a resource Group so we'll go here and I'm going to search Resource Group it's probably under resource manager and here showing that we add that net package so that makes sense uh and so we have this line here so if we go back to our code do we have that line Looks like we do right new arm client uh yeah it's down here sorry new arm client so that's right now we get a resource Group collection so this one's slightly different it's trying to do it all in one go um which that's one way of coding it but I actually kind of prefer what they're doing here in the documentation so I'm going to go ahead and grab this so that we assign this to its own variable okay in coding you can do things uh multiple ways so um you know one code can do the exact same thing as something else and be written differently that can make it very confusing if you don't know what you're looking at we'll go ahead and paste this one NE uh in next so uh looks like I cut off a bit of that code there okay and so this is now the equivalent of this so that gets that part and then this is equivalent of that so that's that part and so next thing we need to do is this create or async thing so we'll go to the next step and we already have uh these two things set up here as strings this one set as an Azure location so we probably want to do what they're doing here too okay so I'm going to go up here and paste this in like this instead okay um and it really depends on what the thing wants so maybe in the older the older SDK it took a string but now it looks like it takes a a variable data type of azure location that's why I'm doing it this way okay um so that looks fine there the next part is Resource Group data so that looks very similar to our code here notice it's not doing a create or async update I mean that's probably one way of doing it and probably a good way of doing it make sure you put these semicolons on the end here um C really likes these some languages don't care but this one does and then it does it on the next step here so it does it here okay so it's still doing that operation so we'll paste that in and I don't know where it went didn't really go where I wanted to go we'll go ahead and paste that in again here and we'll hit enter so we have arm operation uh I don't feel like explaining this part but that's a feature of C coding uh that's like an interface I believe I think that's what they call it uh so we have to create or upsate uh update or async so wait until it's done uh pass in the resource Group name which is that up here and then pass in the resource Group data which is that here and so that takes care of this part okay so we've now replaced that part of the code um so that is fine that will create our Resource Group and the next thing we need to do is uh create our storage um our storage account so to be honest because this code is so hard to do I'm going to make it a lot easier for us I'm just going to wipe this part out because if we can just make a resource Group we've kind of done enough coding here but uh the whole process we went through in terms of of uh you know think like starting with a single file and having to work with it and then we moved over to the CD uh um uh uh GitHub codes spaces which is a cloud developer environment and we had to do some research this is totally normal this is what happens every single day so I'm really happy that we're able to uh show that even if it is a bit of a mess but let's go ahead and see if uh this works um the only thing I'm wondering is about this Azure location how does it know about it because we didn't have any requirement up here but we'll go ahead and we'll try to do a net run and it might complain about that so it says the variable subscription ID is assigned but the value is never used and that's true we don't actually ever use it anywhere here the variable storage name account is a sign but it's the value is never used and that's because we don't ever use these so um these are warnings they're not errors but I'm going to go ahead and delete this one up because we're actually not using a storage account name whoops that's a bit too much and we should probably be using a description ID but for the time being I'm going to comment that out I'm going to assume that it can in uh infer the subcription ID based on when we did the a login so we're going to go and go up here a bit it says the typ or name space aure location could not be found that's what I I thought was going to happen so how would we include that in here um we already have resource manager in here right we do and we're not really using these other ones anymore um so this one I'm not 100% sure so we'll say add meure location and we'll go back over to here because they this is the thing with tutorials they don't always tell you all of the code they're sometimes missing something so uh we need to go figure that out and I'm going to go back over here okay so it cannot be found and we'll use y old Google for this because it should be smart enough to do this it's not telling us here so we'll go and try chat GPT um Azure location is not found uh in my C script what package do I need to install you'd think it'd be the resource manager one okay just tell me what I want to install it does say Azure resource manager so coming back over to here in our code we have it right here and we have those two there yep I mean I'm pretty sure we installed that uh we probably still need the re resources one in so I'm going to bring that back whoops whoops whoops whoops and we'll go ahead and paste that in we'll save that um yeah this one's quite the pickle so the Azure location does not exist in the current context all right let me go figure it out okay all right so I'm not getting uh much luck here but I imagine that this might be actually olving as a string anyway I'm not 100% sure so I'm going to try to cheat and I'm going to try to make this a string and see what happens and it might work uh but I'm not 100% sure so I'm going to go ahead and just say um West us here I'm going to go ahead and comment this out and fingers crossed that it's going to let us do this programming is not always easy um it's it's sometimes like this it says the client does not exist in the current context the the name name wait until does not exist in the current context wow it's really making our lives super super super difficult here it's talking about these um and it's frustrating because it's not showing us in this code example all the stuff so I'm going to go ahead and copy this code example go back to chat gbt um uh uh can you show me what using statements are missing and should be added to get this code to work very very often programs do not show you all those things and it drives me crazy okay and it could be because like if you're using visual uh Visual Studio which is not the same thing as Visual Studio code it would automatically add those in there okay and so here it's saying okay we got to use models for Azure location okay but what about but what about um some of these other ones like well anyway we're going to go ahead and copy them in and we're going to give it a go we didn't have this Azure core here before that probably is very important so we go ahead and paste that in and I'm going to go ahead and uh do net uh package uh was it new or install or it's add Azure core we'll do that you know what if we did python or JavaScript we have been done this a long time ago but uh you know I would say that getting exposure to net is probably the best one for uh working with Azure here so I don't know if it installed all of these we'll try resources we probably don't need the model part um oh sorry this is resource manager resources and then we'll go here and we'll say resources models again I don't know if we really need all the the end ones like that I don't think so yeah there's no versions of it so probably the upper ones is the one that works we'll go ahead and try this again please please please work or give me something different the name client does not exist in the current context it is killing me this program client where is that here let's search for that let's look for that client right here client um well maybe it's because this one's named a bit differently so we're coming back to code this one's called client right here this one is called arm client so we'll just change this to client okay we'll save that we'll hit up please please work getting closer we have this wait until say what about wait until see if you figures that one out and it's telling me to use Azure in the top level that seems kind of uh exhaustive the wait until uh you need to include Azure name space okay I mean that doesn't sound right to me but we'll go ahead and do that anyway unless it's saying I mean if it's in that Nam space couldn't we just say Azure do wait until I'm not really sure but we'll go ahead people that are probably like better C programmers than me are just cringing watching me do this but go ahead and uh try to see if that we get that working here we still say run please tell me you don't need me to install Azure as well because we have it installed like 10 different ways please please please work it's taking time so I mean that's probably a good indication oh it worked okay so I'm going to go back over here I cannot believe that worked that was so so hard and we never even created a storage count within it so this one's called my SDK RG um so what we're going to do why does it say St oh because the comment still says that down here below so just say uh Resource Group here and for all our hard work let's save that so um we never have to look for that again it's trying to include a lot of junk in here um so I don't want all this stuff otherwise uh that'd be too much to commit so I'm going to go here and make a new dog ignore file dog ignore okay and I want to ignore this uh Bin directory and this probably object directory no just the bin directory um make sure we spell this right dotg ignore and in here I'm going to say ignore I want to ignore package. net bin uh and then Aster so it should ignore that entire directory if we go over here and we give this a refresh um just going to make sure this is all correct here there's a lot of stuff in here I don't think we should be seeing that much so I'm going to go here and do package. net for SL obj debug so I have a feeling that it's trying to include all this stuff in here there we go and so this looks a lot more manageable to me I don't know if we want to include uh this file this looks like it should be in there yeah I'm going to go ahead and just go ahead and add this code and we'll just say uh create an measure Resource Group using the C SDK if you were able to get to the end here pat yourself on the back because that was uh quite the challenge uh if you're just able to watch the video that's totally fine as well um here it should commit and push so I've pushed my code I'm going to go back over to um uh the the repo in GitHub so go back over here and I'm going to search for Azure what do we call this this is under exam Pro for you you it might be different I called it this here Azure SDK C I just want to make sure my code is here it is if you are trying to do this and you do not want to struggle you can go find my code and copy it here but again I'm just trying to get you exposure to this stuff I'm not trying to make you super programmers so it's not a big deal um we're done with this uh code space so I do want to shut it down and I don't do this very often with code spaces let's see if there's like shut down close stop okay here it is code spaces stop current codes space I'm going to go ahead and click that and notice that is now stopping the workspace that's going to stop the spend all right we're going to go over here this Resource Group has nothing in it but we'll go ahead and delete it and there there we go we'll go ahead and delete that and we're finally done I really didn't think it would take this long but anyway we are done and I'll see you in the next one [Music] okay all right so let's take a quick introduction into Azure resource manager which is short for arm and is a service that allows you to manage Azure resources and one thing that really confused me about the service when I first sted using Azure was that you couldn't just type in Azure resource manager and the reason why is because it's actually a collection of services and it makes up what we call this management layer it allows you to do things like create update delete resources apply management features such as access controls locks and tags uh writing infrastructure is code via Json templates and there are very specific features we're going to be looking at that make up the armed layer and it's going to be the following so you're going to be looking at subscriptions management groups resource groups uh resource providers resource locks Azure blueprints resource tags access control so also known as IM uh Ro base access controls Azure policies and arm templates uh I don't know why I don't have tenant in there I might have in another slide but it's not a big deal but that is what we're going to be covering in this Azure resource manager section all [Music] right so let's take a quick look at uh the use case for Azure resource manager and this is just to kind of give you a visualization because it is an abstract thing so I just want you to have some kind of picture in your head of what it is so here I have this diagram and just to follow up with this Tech think of azure resource manager as a gatekeeper and all requests flow through arm and it decides whether that request can be performed on a resource and so on the left hand side you have your requests and so requests could be happening in the Azure portal VI the Azure Powershell the CLI or the rest client which would be the API uh and then you can see the two middle ones would use the Azure SDK and in the middle that's the gatekeeper and so we have Azure resource manager that's going to work in conjunction with your authentication uh authentication which generally should be active directory I don't think you can swap that out for anything else and then on the right hand side you're going to get access to resources so this could be virtual machines containers databases and storage there's obviously a lot of uh Azure services but that is what it is in a [Music] snapshot so let's understand understand the concept of scoping because this is going to help you understand all the components that are involved with azurus resource manager so what is a scope a scope is a boundary of control for Azure resources and it is a way to govern your resources by placing resources within a logical grouping applying logical restrictions in the form of rules uh and so let's now go break down um what uh these Scopes are and so the first scope we're going to talk about is management groups and this is a logical grouping of multiple subscriptions uh just because you can have a lot of subscriptions in your account and you might want a subscription to um a collection of subscriptions to belong to some kind of domain so maybe it's for development or business or uh data Sciences whatever you want then you have a subscription and this grants you access to Azure Services based on a billing and support agreement um so the idea is that uh when you launch resources you're going to choose what subscription to go under it's just going to determine the billing okay under that um things you're going to pay for uh then you have re groups this is a logical grouping of multiple resources within a subscription then you have resources this is um the actual service itself like Azure virtual machine and I just want you to know that we're going to revisit the scope when we go look at ro-based access controls because that's going to really help it uh make a lot more sense okay but uh let's just go jump into some of these Scopes in specific and talk about them a bit [Music] more so let's take a look at arm templates uh and before we jump into it let's just make sure we're familiar with infrastructure is code cuz that's what arm templates are all about and this is the process of managing and provisioning computer center uh data centers such as Azure through machine readable definition files such as adjacent file and in this case an arm template because that's all it is ajason file and rather than physical Hardware configuration or interactive configuration tools and just to simplify that even further basically you're writing a script that's going to set up your cloud services for you and with iac's they usually come in two different flavors we have declarative that's where uh exactly what you write is what you get and imperative so you're going to generally Define what you want and then the service will guess uh what you want it's going to fill in the blanks to save you a lot of time writing those scripts uh and so uh arm templates are Json files that are def that Define Azure resources that you want to provision uh and Azure services that you want to configure and with arm templates they are going to be declarative so you get exactly what you define uh they're going to stand end up tear down or share entire architectures in minutes and they're going to reduce configuration mistakes and you know exactly what you have defined for a stack to establish an architectural Baseline for compliance so you definitely want to use Arm templates or IAC whenever you can and try to avoid using the console unless you're doing development or test workloads but let's just run through the big list of what you can do with an arm template I know this is a big boring list but let's just get it uh get through it as quickly as possible just so we know what we can do with armed templates so with armed templates that are declarative so what you see is what you get you can stand up tear down share entire environment minutes you can reduce configuration mistakes you can establish an architectural Baseline for compliance there uh modular so you can break up your architecture in multiple files and reuse them they're extendable so you can add Powershell and Bash scripts to your templates uh it has testing so you can use the arm ttk uh to test make sure exactly what uh what you've deployed is what you wanted um you have preview changes so before uh you create infrastructure via templates you see what it will create built-in validation so it will only deploy your template if it passes track deployments keep track of changes to your architecture over time policy is code so apply Azure policies to ensure you you remain compliant uh and then you have Microsoft blueprints which we we did Cover here uh which establishes relationships between resources and templates so it's just one step further where arm templates don't have any relationship with the resources where blueprints like a better version of arm templates and then you have cicd integration exportable code so exporting the current state of the resource groups and resources uh authoring tools I believe is the last on our list here so you can use Visual Studio code that has advanced features for authoring arm templates makes it a lot easier to write them so there you [Music] go okay so now what I want to do is cover infrastructure as code for Azure so there are two uh primary ways of doing infrastructures code we have arm templates the arm stands for Azure resource manager and the other one is azure biceps we're going to focus on the first one uh infrastructure as a code is the concept of um uh defining all your infrastructure as code uh and that might be confusing because that might sound like s the SDK or the CLI and uh it is confusing until you start working with it but the key difference is that when you use the CLI or the SDK uh to programmatically create resources they don't keep uh track of the State uh and so that is the key difference between that whereas if you ran a CLI command to create uh let's say a virtual machine and you ran it again with the same parameters and the same name it would attempt to create a second um virtual machine whereas with infrastructure as code if it's already there it's going to either update it or say hey you can't update it there's already one that exists so the idea is that um uh it's different in that process or in that sense uh there is a word for it um I believe the word is IDP poent uh I always have a hard time saying it but um that is the key difference between those programming methods and iic so what I want to show you is uh arm templates and um arm again stands for Azure resource manager it's part of resource groups so if we type in arm here we're not going to really get uh a service or anything like that we say azure or as your resource manager okay you're just not going to uh exactly get that because um it is it is something that's there but it really is talking about resource groups so when you deploy a resource Group it will always create an arm template for you no matter if you do click Ops um you'll always get an arm template and this is something that is very different from other providers so like when you use ads or gcp um when you launch a resource it doesn't necessarily will produce a uh a template for you but Azure is very unique in that sense that they will do that so what I want to do is I want to go ahead and explore some things with arm templates so you're very aware of how they work and I believe that uh there is a way to uh deploy if we type in template here there should be something like deploy a custom template whoops and that's how you would go about deploying a custom template and they actually already have some common templates here so maybe we can uh take a look at one as a quick start and try to understand uh what the templates look like another key difference between other cloud service providers is that it's not very common to write arm templates by hand um in fact it's very tedious and you would not necessarily want to do it as opposed to ads where you have cloud formation it's totally normal to do and that's why um having a layer on top of uh arm makes it so much easier like using again Azure bicep or terraform let's go ahead and create a Linux virtual machine here and notice that I select the template and it has some options here so um what I want to show you here this looks like the usual process for setting up a um a virtual machine but if we go here we can edit the template and then it's going to allow us to see what this template looks like so arm templates this is what it looks like and I believe that uh they're only Jason I kind of forget Let's go ask chat GPT so are arm templates uh in Azure only Jason or can they also be yaml the reason why I I don't remember is because I work with a lot of cloud service providers usually they'll provide both options um but generally uh I always remember that arm templates are only Json so there is no yaml support for it but of course you could use yaml locally and then convert it over back to Json but anyway so if we look at this here we have some things we have the schema that describes what the format of this Json should be um we have some metadata which probably gets autogenerated or is additional U information to attach the template we uh we have parameters so these are going to be values that we're inputting that allow us to uh make our template reusable and if we scroll on down um yeah we got variables which is probably um the modification of parameters and then we have our resources down below here and you know again if you've seen cloud formation templates or uh deployment manager gcp deployment uh scripts these are going to look very very similar so we we Define the type for the res ource uh we have a name for it then it has its properties uh and then it can depend on other resources to say what order uh they're performed in but anyway my point is is that uh this is a template and we can go ahead and actually uh deploy this template but I'm not that interested in that part of it because this is not that exciting what's more exciting is what happens when you do click offs so I'm going to go over uh over here and uh deploy a virtual machine m yeah I mean we could do virtual machine I'm just trying to think what's easier maybe we'll go ahead and actually do I've changed my mind we're going to actually go ahead and do uh storage accounts again I'm still in the free tier and I'm just trying to make things easy for you as well um and virtu virtual machines will spin up a lot of resources so maybe I don't want something that complicated uh for this example but what I want to do is I want to launch a virtual uh a storage account and then I want to see how we can look at the template and maybe we'll attempt to repport the template at at and then delete the storage account and recreate it so go here and I'm going to hit create and we're going to create ourselves a new Resource Group I'm going to call this Resource Group um uh my uh arm RG so arm for Azure resource manager and today it's really thinking I don't know if I'm having internet issues here or if it's just really complaining or if Azure slow Azure uh sometimes their UI is not always responsive and we have to give this a name of course we have to make sure this is very unique so I'm going say my um storage account a bunch of numbers and then my initials and it probably has too many letters so it's complaining there we go and I'll just let it choose whatever region wants we'll have it on standard that's totally fine I'm going to go ahead and go to review where we can see all of our options looks fine to me we'll go down the bottom hit create and we'll give it a moment here to create so I'll be back in just a second all right so that deployment is complete and what I'm interested in is checking out uh the resource Group but notice that when we've deployed this we have our inputs it shows us what we've inputed and we looked at the uh parameters of a template before so it is creating literally an arm template and then inputting the parameters it's showing this the outputs of uh that arm template and then here's the template itself so every time you deploy as your resources it is creating uh these IAC code for you and that is one of the greatest advantages of azure as much as I complain about Azure this is one of their really really good features and there's a few things you can do like it looks like we can add this to our library we can download this we can deploy it again let's go ahead I usually don't uh fiddle with these too much but we can um import this template and I can say uh my Resource Group but just remember you could have a lot of resources and really make that uh uh ret templated I'm going to choose the same um area here and this will just be version 1.0.0 down here I'm going to go to next it shows me the template next uh we can do some tagging I'm going to ignore that for now review and create and so now we have our own uh template so that's kind of cool um if we go back to here I'm not exactly sure where they oh we have to hit create maybe first it's not super clear but uh so that is now uh template has been saved but where did it save to uh just says it's a template spec it is really taking its time to load here okay and so we have our template here I'm not sure if we if we typed in templates here if they'd show up here they I guess they show up under template specs uh we'll refresh this not sure why it doesn't show up we know that we created it and you know I've said this in other videos where Azure doesn't always propagate things right away and you have to wait so you have to have confidence in waiting for things to show up an Azure so even though it's not here I know I created one okay so we go over here it says template spec succeeded so it really really I think it would show up here um and I I really want to prove that it will show up here eventually so what I'm going to do is just take a break and I'm going to give it like 10 15 minutes I'm going to give it a good chunk of time here and we'll come back and see if it appears um just to give you validation and confidence that patience always uh pays off here in Azure okay all right so I've waited a good chunk of time was just talking to Bo and um so I'm now I'm back and let's see if it is here we're going to give a refresh and look it's here so I told you you got to be really really patient with Azure it is really known for being slow for uh some particular resources and I when I say some I mean a lot so you know just have that patience there but anyway what I want to do is I'm going to open up another tab we're going to go back over every time I open that new tab and wants me log in that's great um but what I want to do is go over to our resource groups and we're going to go into that new one that we created and what I want to do is I just want to delete this resource here um and I want to see what happens if we attempt to redeploy our uh template there I assume we're going to have to I mean we don't have to delete this one but um I just want to remve it completely and just try utilizing an arm template so we'll give it a moment there and oh notice we have an upgrade button this is uh definitely new we might be going through our not sure why it's uh appearing all of a sudden I've actually never seen that button before so it's really interesting and NOP I guess it's just maybe after a while they just kind of poke you and over here we're getting our prompt so um it looks like we're starting to get some spend and you know I said earlier that Azure is really good about telling us about um alerts and things like that much better than other providers um and so you know here it's showing in Canadian dollars that uh we've already uh consumed half our spend not sure how I did that because I haven't really done a whole lot but um what we'll do is we'll try to figure out where that that uh free spend has been going um still again that's a lot um so maybe it's overestimating that or I left something running maybe that Kuan a cluster is still running I don't think so let's go double check and but anyway I wanted that to happen so I could go back and show a video of of that kind of stuff because all we created is a couple virtual machines and some other things yeah we don't have anything else running that should be costing us spend but we'll go take a look there and see what we can figure out so anyway I'm going to go back here give this a refresh and um that resource is gone what's interesting is it also got rid of the template why did it get rid of the template that that was something we created separately and so I guess it was linked to the resource Group and so that kind of defeats the purpose of us uploading our arm template so that's a shame um I guess what we could do is we could go and M I don't know we could go and use the custom provider and launch a template but there's not much interest in that so uh I'm not really interested in doing that yeah I think we're pretty much done here I think we've we've proved the point that Azure is really good at producing These Arm templates you're not going to want to write them by hand um you could ask CH PT to do it but I again I would probably not do that myself but I think that satisfies this video for arm templates so we'll see you in the next one okay [Music] all right so we looked at uh utilizing arm templates and I think it' also be really great to look at Azure bicep um because that is a more productive way to write infrastructure as code um and honestly I really like Azure bicep I think it's really really cool uh so what I want to do is I want to go ahead and go over back to GitHub we looked at creating a GitHub or creating a repoing GitHub uh back in our SDK video that was a really messy video I'm really hoping that it's not as crazy as that one but I don't like editing out any of the challenges uh here cuz I want to give you uh the full idea of of what it looks like when trying to work through these things what I'm going to do is go over to GitHub and you should of course go ahead and create yourself a GitHub account has a free tier uh and once you have your GitHub account we'll make a new repo I'm going to uh drop down uh here and go to exam Pro and of course you'll just have one name here if I have multiple accounts so there's a lot for me to create stuff in and what I'm going to do is make a new repo called um Azure bicep example you can call yours whatever you like I'm going to make this public so that you can see the code uh you can make yours private if uh private is available to you there but I'm going to make it public because if you want to go find this repo at exampro here and copy it and work with it you can so we're going to go ahead and use code spaces and codes spaces does have uh free credit usage you could do this locally um on your local computer but you'd have to install a bunch of stuff uh I like using Cloud developer environments and Azure does not have one built into their portal um most other ones do but I think the reason why Azure doesn't is because Microsoft owns GitHub and so you could just go over here and use code spaces instead so this to me is like using Azure okay so we're going to go ahead and create a uh code spaces on Main here and understand as long as the code space is running we are consuming uh so if you want to stop it you could always go up to to the command pallet here and we can just say uh stop or uh it's code spaces it should be there should be something here called stop um shut down I did this the other uh the other day when we did did that yeah it is code spaces whoops it's loading so it's it's bumping things out here but if we go code spaces there is an option to stop the current Works uh code space so I'm not doing that right now uh I want my theme to be dark so I'm going to go to this Cog down here go to themes go to color and we'll switch to um GitHub dark and we'll give it a moment to think because it's a bit slower loading I greatly greatly prefer git pod the reason I'm using Code spaces is because um the extensions are going to use the official ones with Microsoft and it's just going to be easier to show you this here in most other courses I use git pod um so anyway once that is loaded and we have changed our theme if that matters to you uh we're going to want to do some Azure bicep stuff so on the left hand side I want you to go to extensions and we're going to search Azure bicep I don't use Azure bicep a lot but I definitely know how to use it when we need to so I know they have a really good extension for it and it's like it writes code for you it was it's the nicest experience I've ever had with a um an i tool and this is the thing because Microsoft um built Visual Studio code and you know their they own GitHub they can have really amazing synergies for developers um so a lot of times I find it easier to work in vs code and use their extensions to interact with Azure than it is to use Azure portal itself and there are specific services like Azure functions where you really have to use Visual Studio code so it's essential that you get used to using uh Visual Studio code whether it's local or in a cloud developer environment so I'm installing that this Azure bicep um extension and this thing will help us write a lot of uh code um uh and it has like templates and other stuff like that so that's what I want to uh take advantage of it um I don't remember the extension for Azure bicep file so we'll just go to the Azure bicep website I'm sure they'll have like a quick start and we'll work through it here together so I want to go here and I just want to know what the extension is it's bicep so that's what it is so we're going to go here and make a new file we're going to call it main. bicep and something we didn't do before and this is what I wanted to do in the SDK one but we didn't actually have a use for it is there's probably like an Azure um like kit Azure tools there we go and this is something you might want to install a lot of these down below here see how there's like one for databases resources functions if you install tools it installs all these other ones you even have one for C tools and and um it's possible that uh yeah see like this this one will autocomplete Azure commands it'll do all sorts of fun stuff even for Azure storage and everything there's something but the reason we want Azure tools is because we can install Azure accounts and this will allow us to quickly log in to our Azure account remember before we typed in a login and then we had to get a device code and plug that in uh well if we have this installed uh we can just use the command pallet and log in very quickly and that's what I want to do here so I'm going to go to the bottom left corner I'm going to pull up command pallet and we'll try to do Azure signin now to be fair I mean this is not going to do much difference down here but I think it installed the um the CLI for us because before we had to manually install it right so we'll go here and we're going to have to choose device code we have signed into Azure Cloud let's try this one first see if that works and then we're going to say uh just so you know Azure has different ones there like Azure China Azure Germany Azure US Government so generally we always want to choose Azure unless you live in one of these other regions and you have to use that one and this is going to open up and we will sign in we can now close this window and I believe we are now logged into Azure also notice on the leth hand side we have this little Azure icon here on the left hand side it will allow us to see our resources we can also sign in from here we should be signed in maybe it didn't work I'll try this one more time extension as your resources wants to sign in we'll say allow maybe it has to sign in separately I don't know we'll close this there we are so now we see our subscription we are in here which is great and we can see a bunch of our services um so you know if we had storage accounts and we do have some storage accounts we can see them here this one I think is for our uh Cloud shell that's why it starts with cs and it has a random number afterwards if we had virtual machines and other things we could see them here but yeah working with functions you often use them here um we could also probably right click this and create a resource and so here there's a lot of ways to uh create some stuff we create a resource Group and and some other particular things but uh yeah that's that's interesting I also wonder if like these are these are obviously uh things that were installed there could be other extensions that we didn't install like Azure uh machine learning service or other stuff that could end up showing up there on the left hand side so I'm just kind of scrolling through here seeing what might not be installed so Azure container apps was not installed or maybe it was and it's these other ones that have these little install words on here but anyway enough about that let's stay on track here and let's write some Azure biceps so now that we have uh that installed we want to start writing it so I just need to see a little bit of code to get a reminder here um so yeah if we start typing it should start suggesting and this is what we want to do is make a storage account so let's go ahead and start typing that in so I'm going to type in resource uh and so already notice that it is autocom completing and then uh let's just go check here so the next thing is going to be storage account and it should autocomplete so yeah I remember this being really good at autoc completing just give me two seconds and let's go figure that out one sec yeah so I'm looking at it here and it's supposed to just start autoc completing when we type so I'm not sure why it's not exact doing that we'll go back here sometimes Visual Studio code doesn't do what we want it to do which is totally fine storage account and it's not really autocom completing so I'm going to go ahead and save this for a second well there it's autoc completing so resource storage am I typing it wrong is it supposed to be uh with the resources no no it's this so it's really interesting that it's not Auto completing but we could just copy this in here okay I just wanted to show you how powerful it was cuz I was so impressed the first time I I saw it uh writing all the code for me which is um not what the other ones do that's for sure so we'll just paste this in here and if I put a period here yeah I guess I was expecting a little bit more from it um but uh whatever I guess we'd have to work with it a bit more to find out again I don't work with it every single day but I am always very excited to use it um but you know the thing that I want to uh take a look at is let's look at where the actual reference documentation is and so we'll go to Resource reference here on the left hand side and I'm really interested to see uh where everything is so if you know the resource type you can just type it here in the Le hand side that's fine so we have all our resources here on the left and so we are trying to create a storage account so we can go over here here and look for storage account so that be storage and storage accounts and so here it says to create a uh to create a resource add the folling to your Azure bicep so um just kind of getting familiar with it it looks like this is going to be its logical name and this is actually going to define the resource itself and these are all its properties and it looks like there are some that are required and some that are not so it looks like I think that if we can find this tab back I think we can name this whatever we want here this doesn't actually have to be called storage account so we can go here it's just a logical name that we reference within this resource so I can go here and say like storage account AB it shouldn't matter um what's really interesting up here is that it's going to looks like it's going to grab the resource Group ID and then what does it do here creates a deterministic hash based on the string so it uses the resource ID to make a random string and then it's going to say toy launch in the front of it so I don't want toy launch I'm just going to put in here bicep and so um I think we can do hyphens actually I don't think we can and so we should get an Azure storage account that's going to be bicep and some random value after this and then up here this is going to pull in the resource Group now what's interesting is we haven't created a resource Group it says return the current Resource Group scope so I'm not sure how this is going to work if we don't have an existing Resource Group but anyway we've written our Azure bicep and we probably want to go ahead and uh deploy this now so we could probably just type in bicep down below that's probably what the command is nope that's not what it is um maybe it's what is it I don't know so let's go over to um back over here for a second and let's see what the CLI commands are oh boy we'll say bicep CLI what is the commands just tell me what the commands are please we could use the command pallet because they're probably all there like if we're if we were to go into the command pallet and type in bicep like we get all those commands but I I really want to know what the um CLI commands are I really thought it would be bicep it is a z bicep of course so looks like we can do um a bicep and then just specify the template probably main is the default so if we do nothing or probably will pick that up I'm going to go ahead and type in that and so it's interesting we installed the extension and we were able to log in but we still don't actually have uh the CLI so it looks like we do actually have to install the Azure CLI in here which is fine it's always great to get more practice so we'll go ahead and type in Azure CLI install we'll go to the Microsoft learn website we will scroll to Linux we'll go to auntu Debian um because that's generally what G pod or code space is or what have you will be using we'll go down look for that one liner and we'll copy it we'll go back over to um code spaces we'll paste this in hit enter and that'll go ahead and install the uh Azure C now we are logged in in this um uh invidual Studio code and it could be storing the same credential files wherever on the local machine um so maybe we don't have to necessarily log in twice it might be also interesting to see where that um that file is so maybe we can go ask chat gbt where does um where does okay so when you log into the Azure CLI where does it store the credentials what folder and file on the Linux machine that's what we want to know MH and the only thing I don't like about ch BT is that you can't go away from uh this tab while it's generating and then sometimes it just uh gets a bit slow but it goes out to the Internet so I think that's the reason why it's uh been slower than previous I like previous models where it wasn't out on the internet because it could generate out faster but uh yeah this one's hanging on me so let's go to 3.5 let's just ask this one I want it fast okay so it's saying it's in the Azure folder so that's something that we might want to take a quick look at the Azure CLI is installed I'm going to just type in a um account um account list and see if we can list our accounts okay so we are not logged in so us logging in here uh wherever it's storing it's definitely not storing in the same place but let's go take a look at that Azure profile directory so I'm going to bump up the font a bit I realized it's really small and I'm going to go ahead and say CD and then make a Tilda that is above your tab key and you have to press shift to make it it's called a Tilda it's like a little squiggly we'll do a for slash I'm going to do period for a hidden folder and we're start start typing Azure and so that folder is there we'll hit enter I'm going to do LS to list out the contents and we have stuff here I can do LS hyphen LA to list it in a nice beautiful list and uh if we don't want no that looks fine and so I'm kind of interested where it's storing uh that configuration probably in the config directory so I'm going to just CD into config uh oh maybe it's not a folder I thought that was a folder it is not a folder okay so let's do cat to print out the contents cat stands for C Cate I think and so that doesn't store it does a does the a uh Jason file have it no that doesn't have it but to be fair we haven't logged in yet so maybe the file will appear after after we log in so that's okay what I'm going to do is go ahead and type in a login and we'll say use device code because I believe that's the flag we have to use and we'll go ahead and copy this link we'll go to the top here and paste it in to one of our available tabs we have to go back and uh provide this code and we'll go click next and we'll click on our account we'll say continue we'll go back over to here and we'll give it a moment to think there we go we are logged in so now what I want to do is type in LS and looks like there's more stuff there it looks like there is and did we have this before um let's see here one 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 11 12 yeah there's definitely more stuff here um the new thing that's here is Cloud's config so I'm just going to cat that let's see what's in there so least tells us this is our default subscription so we at least know where that's coming from let's cat the config let's see if anything's changed in there that's the same let's cat a Json Json there's still nothing in there so it'd be really nice to know exactly where it is normally other ones will tell you exactly where they are uh and you can literally open them up and see see the information there I guess we could also just cat out the session no nothing so anyway it is stored somewhere where it is I don't know does it really matter no but it's nice to know exactly where it is so that uh let's say you wanted to delete it off your computer or something but it's stored somewhere anyway um we are we should now be logged into Azure so we'll go ahead and type in Azure a bicep I still feel like it should have told us the commands even if we weren't logged in and I was hoping that it would print us out the sub commands let's try to do help and see if it actually does that okay so it does you just have to give it the help flag and so we have a few options we can do build a bicep file um build the bicep pramp file decompile so if we already had an arm template we could turn it back into a bicep file that sounds really cool I like that idea format a bicep file you know if there's something wrong with it it could tell us as the format's correct install uh the bicep CLI which I thought it already was installed let's go ahead and try that first because maybe that's why I couldn't just type in bicep okay so now what happens if I type in bicep no so why did I install it if it was already like that um bicep I'm hitting tab to autocomplete to see if anything's there bicep CLI well whatever I mean we kind of still already have it so that's totally fine so we'll go ahead and type in bicep a uh uh AZ bicep build and and it wants a file totally fine so we're going to give it a file um build the file build a file and print all of its outputs to SD out I don't think it matters if we print them out so before we do that I just did control C to uh break that we need to get back to our main folder so I'm doing CD dot dot and I'm doing LS where is this folder CD for uh Aster for uh for slash I'm so used to using git pod I can't remember where uh this directory is I'm just going to scroll up here and take a look it is workspaces okay so to get back to this folder okay we're going to go to CD slw workspaces I'm hitting tab to autocomplete and then this one's called Azure bicep um is really not autoc completing here today oh I spelled Azure wrong okay that explains that I'll go fix that in the um the git pod I'll just rename it but now we're back into here so um typing clear so we're going to go Azure bicep file and we're going to provide it main TF or I'm thinking terraform bicep we'll hit enter and so that's going to go ahead and build it um is misspelled or does not recognize is not recognized by the system um okay we'll type in LS I mean it's right there let's go back and and take a look at the documentation and see what it wants sometimes it might want um uh like the file information but I don't think so it just shows main bicep I'll copy this command oh I forgot the word build up here that's why so um it looks like it's now built and so we now have a main Json we'll take a look here it's generated us an arm template at least that's what it looks like y yep that's what it is so that looks pretty good um I'm noticing that yeah we have parameters up here so now we can go ahead and deploy this so it builds it see here uh we can build our build pram file not interested in that generate prams and install the commands to your CLI oh publish maybe that's it the publish command adds a module to the registry the Azure container registry exists I'm not sure if that's useful I think that's if we want to reuse a template for later kind of like how we had those template specs I think okay so if asure bicep just generates out the files I'd imagine that we just probably deploy it the regular way using arm templates so I'll be back in just a moment most other I tools like they'll let you build and deploy but maybe Azure bicep just compiles out templates just give me a moment yeah so I just quickly asked um chat gbt and yes it did confirm it I my suspicions were correct as your bicep is just draining out the resource template and it looks like we're going to have to deploy it the regular uh or oldfashioned way here um so now here's a question could we actually use um Visual Studio code to deploy this so if I right click this could we deploy somewhere with this so that's what I'm really curious about let me go find all right so I believe there's a few ways we can do this of course we could go and just deploy it the uh the oldfashioned way by using this AZ deployment group um I was looking around myself and I just typed in bicep here and I also noticed that they had um uh a deploy step so maybe it can do a direct deploy not maybe not through the CLI but maybe it can do it through Visual Studio code there should be one for arm templates in here it's not showing up I mean chat TBT seems to think that it can but maybe there is a another extension we're missing so let's type in uh Azure so we have Azure tools is there one for developer um let's go back here and take a look so there's one here it says Azure resource manager oh it's an extens well I thought that be installed ready then that would be a really useful one to have here so we'll say Azure resource manager I thought it was there but I didn't see it on the side so this seems like a really good plugin this is probably something I'd want to have let's go ahead and install this one 1.5 million views yeah I believe so it's by Microsoft I'm surprised it doesn't get installed with the tools oh it's in preview okay so I imagine when this is out of preview I bet when you install Azure tools it will uh be installed there now I've said previously if there's a preview tool you should should try to avoid it because it might not be there in the future um this one I think we can kind of get away with utilizing it it might be the future and it's no longer in preview so we'll go over back over to here and do we have any changes here no but if we go into our Command pallet let's type in arm deploy now it was saying that uh that something we could do as your resource manager uh install this extension type in arm deploy in our Command pallet we did that yeah so it doesn't show up so you know preview feature uh chbt might be telling us something else we are using 3.5 so it might not be telling us the full truth there and and I don't really see any changes on here so I guess we're not going to worry about that but I would like to try the um the bicep deploy so we'll type in just deploy here and scroll on down we have deploy bicep file let's see what happens if we do that and so please enter the name of the deployment sure we have to name the deployment good um create a resource Group because remember that we didn't specify Resource Group so we'll have to create one on the Fly here so let's do that we'll call this my bicep RG RG for Resource Group it's now going to go ahead and deploy that it says deploy failed uh provider subcription does not have the resource type resource groups okay that is something I was not expecting let's go let's go ask Chach BT and try to save us some time says check your bicep template file ensure that you have defined the resources correctly that is not useful um maybe it's because it's not registered so maybe when we use the CL uh when we use the the UI it will automatically register things when we use it but we create resource groups all the time so it's kind of surprising if that wouldn't be registered so we'll go over to our subscription and I'm just going to double check this here but I'm not sure if it's going to make a difference we'll over to our yeah we're in our subscription I'm looking for providers there it is resource providers sometimes there's like another extra um blade they call these blades over here by the way and so I was getting a bit confused and so Chachi BT is suggesting maybe resources is not registered which to me seems czy crazy oh it is it's right there uh so I'm not exactly sure what it's complaining about the other thing is that maybe Azure bicep isn't logged in so I mean that seems like a possible option so maybe we'll just go stick with uh the usual way which is using the Azure um the this Azure deploy method so I'm going to scroll back up here and we have this command now we did install in here uh in extensions or I think it it came installed was the Azure CLI and and what that will do is it when we write it out Azure CLI commands I believe it will autocomplete for us so here's scrapbooks for developing running commands with a CLI create an Azure CLI files and use the following features oh okay so there's actually a thing called an Azure CLI file that's new to me um but what we'll do is we'll go ahead and we'll just say um new file so we'll just say commands and I'll just put that there rename that like that that's what it's saying to do and you'll say uh deploy an arm template and we'll go back over here and we'll see if it starts to autocomplete so we have AZ uh deploy it's not really completing correctly as just demonstrated we'll go back over here and take a look at that again so yeah this one says demo. asli they're making a comment so Intel sense for commands and their arguments stiip and commands scrapbooks for uh developing running commands in the Azure CLI okay then work properly please maybe it's not installed oh we have to install it sorry I thought we already had it installed that's why so we'll go back over here and so now our common is showing up so we'll type a deployment um I mean we probably want to create right it will have to have a name so we'll just say my RG my bicep um deployment we'll probably have to have a location so let's just say probably should place it in the same place as this one this does not have a particular location so probably default to wherever the resource Group is yep so we'll say um it's East us there we go there's probably something else we need uh I'm not really sure let's go back and see what chat GPT was asking for uh the template of course um we'll say template and it technically is a file so we'll go here and say main J Json and by the way we could bring these down onto new lines with this backslash that allows us to have multiple lines in our bash terminal okay and it also probably wants the resource Group so we'll go here and type in resource it can't do multi-line it is not autocomp completing anymore Resource Group maybe we just hit the limit of it there uh so I I assume that it could handle multi-line but I guess when we're doing multi-line then uh the Intel sense the auto completion is it can't handle it so we'll go back over to here and I just forgot what we called that Resource Group we actually did create one uh but Azure bicep did fail the deploy because of some kind of permissions or settings so I just want to go quickly find that name again notice that sometimes an Azure you have to be patient super super super common uh to wait around for for Azure um because of propagations in their UI super common my internet's totally fine it's it's Azure and it's back here says an error occurred when trying to fetch resources additional details from the underlying API might be helpful are we having an issue with service so sometimes that happens so we go like uh Microsoft status page sometimes that happens and I got to walk away come back to my computer but uh maybe it's not because my internet seems to be funny so but if that's the case then oh yeah it's me I'll be back in a moment all right so uh my internet should be back here I'm just reopening my connection here to my code spaces and I'm going to go back over to here and we'll give it a refresh and so I guess that Resource Group did not create so we do definitely have to create a resource group first otherwise it's not going to know what to deploy into and I'm hoping that this uh reconnects or it's still running so but uh what I'll do here while we're waiting is I'm going to create a new Resource Group I'm going to call this one my bicep RG and we'll go ahead and review and create and we'll go ahead and create that we'll go back over to our other tab here I would really like it to reopen here um not sure what it's doing to figure this out going to go at the top just type in that previously working code space environment so it's here it is active I'm going to go back and say open in the browser notice you can launch this in Visual Studio code locally or if you want to use Jupiter Labs let's say you're doing something with AI or something or machine learning you could do that so this should open back up our environment there we go that's great and um so we created that new Resource Group that's called this here so I'm going to go ahead and copy that and I'm going to paste it into here sometimes it's good to put double quotations around these things I'm not doing that unless that gives us problems so I think this is everything we need we need to know um the resource Group uh it's probably recommended to provideed a name we'll have our location and our template file so I'm going to go ahead and copy this and fingers crossed this works uh of course we didn't really look anything up um oh this one says a deployment group create so maybe we should make sure that's correct but it did autocomplete create so maybe maybe that's okay well wait why is one deployment group wouldn't that create hold on we can hover over here and get some stuff manage the a your resource template uh deployment at the resource Group okay oh that's really cool if you hover over it tells you everything there well what happens if I take this name out then does this still complete starts a deployment at the subscription scope so maybe both both Works let's just see what happens it's really nice that it shows everything like that I really like that we'll go ahead and paste that in we'll hit enter and um it's showing we're missing an argument Resource Group arguments it doesn't like that one starts a deployment creates a deployment the resource Group okay so here we have a create and then we have starts a deployment the subscription scope creates a deployment at the resource Group from a local file template so it looks like if we already have one maybe this one would have created a resource Group for us so what I'm going to do is take this one out as I really thought we needed to have it but I'm going to go and see what happens if we do this the template resource location at line 12 uh line 17 is not is invalid the template function Resource Group is not expected at this location um okay it's it's not there I didn't put it in the template so okay well what I'm going to do is undo and type in group so I guess you got to be really careful when entering stuff in because it's going to give you some trouble and this one looks a little bit more normal with the group create so we have template file Resource Group I don't know if it needs a name so maybe I'll just take the name out and then we'll try this one and we'll hit enter and unrecognized arguments no location well I mean this one has it and this one doesn't okay we'll take the location out we'll try this well I guess we don't have to specify a location because we've already created the resource Group that's why so we'll try this again makeing a lot of trouble here but it's a good way to learn this is how you should learn and this is this is what Cloud's like just moing around till get till we get it to work and then hopefully it's it's the right way um so this is going to go ahead and run and we'll wait here I'm not going to make you uh watch watch it here I'll be back uh here in a moment okay all right after a little bit of waiting um our terminal has produced some stuff for us so it's suggesting it probably created the resource so we're in good shape let's go back over to Azure and we're going to go into our bicep RG and we now have our resource so we've success successfully used um as your biceps so let's go ahead and delete this Resource Group we are all done here um we're going to go ahead and commit what we have so that uh any future folks that are trying to do the same thing as us can just go get that code base uh good stuff here go ahead hit commit sync the changes we'll say okay that will push the changes excellent and I'm going to want to stop this workspace we'll open up the command pallet we'll say stop uh so say code spaces stop Cod C spaces stop current workspace there we go and that will stop the current workspace so that is all good right there um and I'm going to fix the name here because it really should be named correctly so that you can easily find it in the future just be more patient and make sure you don't make mistakes and try to fix them the best you can but yeah that is azure bicep and we'll see you in the next one okay [Music] all right so we are back we showed you how to uh utilize an arm template as your bicep I want to show you another way to do infrastructures code that's very popular and it's with a uh third-party um uh technology called terraform super popular because terraform can work with every single cloud provider and it's simply the most popular I tool um and it doesn't get a whole lot of attention with Azure so I figured we should throw that in in here because you're most likely to encounter it uh on the job as Azure bicep and arm templates aren't as used as much as terraform surprisingly so what I want to do is go over to um GitHub and we're going to make another repo if it will let me see where that button is sometimes it's a bit funny so I'll go to the top right corner create a new repo there's lots of ways to create repos in here going to go to exam Pro I'm going to make sure I type Azure right this time we'll say Azure terraform example I'm making mine public you can make yours private um again it's better for you to make it private because that way you might uh you won't expose information by accident and not sure why this looks a little bit different maybe GitHub just changed something on me but what we'll do because there used to be like a a code button here maybe because I didn't create the read me that's why normally supposed to have a readme I'm going to go ahead and just click that button to create the read me commit that and oh unexpected what are you talking about well now it is here so I think GitHub is just having some hiccups anyway we have a code code button here we'll go ahead and create our code spaces and we'll launch that up and we're going to have to go install the terraform CLI so I'm going to look up terraform CLI install and we'll go to the hashy cor website hash car is what makes terraform and somewhere in here they'll have one for Linux we'll go over here and we need to follow these commands here very straightforward not a a oneline command but they have additional commands here for security purposes so uh this environment's opening let's go to the bottom left corner and we'll pick out a nicer theme we'll choose a uh GitHub dark I'll just bump up the font a little bit and we'll go back over to here and we'll copy the installation command so we're uh uh copying the first one here we say allow okay we'll try this again and is not letting me copy paste sometimes you got to go up to this clipboard make sure it allows it is on continue copy right click there we go and this is going to install um usually it's good practice to do an update on your packages we didn't do that for the other the Azure CLI but very common practice on Linux do that so that's what they're doing first then we'll go over here and we will grab the gpg key um gpg is a security key that does something this output is normal you should be seeing this why it prints it like that I don't know but I know it's okay you can ignore it we will paste in the next one and that one was weird that didn't look right so I'll try this one more time paste it again hit enter oh I had to hit control C when you see this like this here it usually means it's expecting more input so I had to do um contr C on my keyboard that's when that shows up so I'm going to try that one more time I think what it did was when I hit up it it broughten that stuff so we'll go back over here I know it's a bit finicky it's a bit frustrating and so this looks normal this is what I want it's confirming the key so verify the so download the key and then verify it's fingerprint and then the next thing we can do is this will install the source for hashy Corp so it can actually install the p package and notice that sometimes when you copy paste you get some funny stuff so you got to be really careful with your copy paste okay I'm just going to type clear here I'm going to try this again copy right click paste there we go okay so now it's acting normally you know I've been coding for 20 years and copy and paste gets me all the time it's uh not much you can do about it now we can go ahead and install it so I know that's a lot of steps we probably could have just ran this and it probably would have worked okay also knows here it accidentally downloaded this weird file I'm going to go ahead and delete that not sure why it did that but make sure you don't end up with junk files by accident so now terraform is installed so uh terraform the way it works is you have the terraform command we hit hit enter here I recently did a terraform boot camp so terraform is fresh in my mind whereas you notice Azure bicep was a bit more Rusty but we'll go ahead and make a main.tf file that is how we create a terraform file we'll go to extensions on the left hand side there's probably a terraform extension and here is one um this there's this one and this one this one is by Anton and I know Anton he's super nice and then we also have uh the official one we'll go the official one here today sorry Anton don't get upset with me they're both great I just chose the official one for this uh video demonstration Anton's um maintains uh the terraform modules for ads and a lot of other stuff so he he's very good at terraform but now that we have this installed it should gives us some syntax highlighting and autoc completion um and so uh what we need to do is we need to get some code now the reason I like Azure bicep is because it really does generate everything in place but with terraform you have to do a little bit of work we're going to type in terraform registry and this is where um we can find everything so here it's the registry. terraform doio and we're going to go to Providers providers is our established connection to our specific provider we're going to choose Azure and in here in the top right corner they have this purple button and it's going to give us the code that we need to start working with we're going to go ahead and copy this and we're going to go over here back to our code we'll paste it into our main TF file so what this is going to do it's going to say install the the uh the ads or sorry the Azure RM provider so that we can interact with Azure through terraform and then we can configure Azure down here below normally the way it works for uh configuration if we go to documentation it will tell us in the first page how do we establish a connection so we can authenticate using the Azure CLI which is something that we have done we can also use a manage service or a service principle um so I mean the the azure C is the easiest way to do it at some point you will have to learn how to create a service principle so I kind of want to do that like that's kind of what I'm preferred to do at this at this stage here um but uh I have to make sure that this makes sense so service principal and client secret so this would be with a password so let's click into this one and I'm just trying to see where the syntax is here I'm just looking at the code so first log into here here create rbac no no I'll just do it the easy way I won't make it too complicated for everybody here I'll just use the Azure U the Azure CLI so what we'll do is we'll need to go ahead and install the Azure CLI so you probably know by this routine now so we'll go Azure CLI install and we'll go over here and we'll go down we'll go to the Ubuntu Debian and we'll scroll on down grab the single line go back over to code spaces which is here we'll drag this up we'll go ahead and paste this in and we'll hit enter and that will install us the Azure CLI won't take too long but it will get installed here in a moment and so I'm thinking that if the CLI is installed it should automatically or uh it should already know how to deploy um so while that is installing let's go back over to uh the terraform registry and we'll look at um uh trying to launch something in Azure so if we click back and we go back to the documentation it has all the resources here on the uh uh left hand side so we've been doing storage accounts quite a bit here so I'm just going to look for that on the left hand side there so we'll type in storage here and we'll go into storage and in here I'm looking for a storage account so it's right here and we have some example code so this is going to create us a resource Group and then a storage account so we'll copy this code and we'll bring it on over to here and we'll just paste it on below I'm going to have to jump this down a couple sizes here so I can see what I'm doing and so we'll paste that on in there and so now we have our uh Resource Group with a logical name of example um I'm going to rename this to be something other than this so we'll say uh my uh terraform RG I don't want West EUR Europe I want uh something in North America West us is that what it would be I'm not sure if this will actually autocomplete for me if it messes up it'll throw an error we need to give this a name so we will provide uh some name here we're not doing complex terraform of course you can pass in parameters with separate files and variables we didn't do that with uh bicep either um that's something we would do at a more advanced level but let's go ahead and change this name here and we'll put something else in so we'll say um uh my storage account bunch of numbers and then AB okay so this should work replication doesn't need to be on RGS but that's still fine it's a standard that's fine I guess we have some tags we don't need tags but that's fine so now what we'll want to do is go down below here and we'll have to do an ay login sorry I meant to say ay login hyphen hyen Ed device code okay and so we'll have to go to this address down below and we'll open it on one of these other tabs we don't care about and we'll go back here and grab the code we'll say next and we'll click this we'll say continue great we'll go back over to here and so we have ADD your Cloud we are now logged in so we should be able to deploy to terraform it should know that we're going to deploy to that subscription remember earlier we checked the um that Azure file uh in our uh Azure config I'm just going to show you really quickly Tilda sl. aure tab tab tab and we're going to look in the config directory it wasn't that one maybe it was something else Cloud's config and that's how it knows what subscription is going to Target where those credential files are somewhere in that folder we still don't know and uh the terminal's kind of messing up here there we go I had to just kind of wiggle it to get it to act normally and so what I want to do is type A terraform and nit so that's going to install the terraform plugins the actual Azure provider for us to establish connection I'm going to type a terraform plan that's how you um determine if your plan will work it says insufficient feature blocks at least one features block are required what the heck is a features block I don't I don't remember there being one there uh there before maybe it just wants us to remove the configuration complet completely let's see if that works um no it wants it so we'll go back here I don't remember there being a features block before but again things change all the time on uh on me here and so we'll go back to the provider it doesn't show anything here go back to the documentation features the features block allow configuration behavior for the a provider for more information go to the dedicated page sounds good to me and here it says uh this allows different users to select behaviors they require for example some users may wish to use the OS dis virtual machine While others might want to do other stuff so here looks like you're supposed to have a features block and then there are some settings you can set um additional settings so that's kind of cool uh I don't remember that before but let's just give it empty features because I don't really want to uh do anything fancy okay we'll go ahead and save and we'll say terraform plan we'll give it a moment here it's thinking it's really thinking that's a good thing right and usually doesn't take this long um what is going on here I'll be back in a moment okay all right so I thought there might be an issue with it but we had to wait a very long time and it says insufficient feature blocks um so at least one features blocks are required so I guess there's no way around it we have to include a feature so I guess I'll carefully look here and figure out what it wants um so here's all possible uh features they say they're all optional then why do I have to why do I have to provide one if if they're all optional okay well if there was one that we're going to do let's go ahead and grab the resource Group because we are using it we are technically creating a resource Group um so maybe that's a good idea to um have that one in there really surprised that we have to but whatever so it says prevent deletion if contains resource uh false I mean you might want it true but the thing is we're doing this temporarily and I want to be able to tear things down and I don't want to have any prevention on so we'll go ahead and try terraform plan again maybe it'll be faster that'd be really nice and we did do what it asked us to do so and again I'm going to spare you the waiting I'm just going to uh pause oh no there we go so what it's done is it's saying um and I'll just zoom out a bit more so it's a bit easier or Zoom back so the way it works is when you run it it's going to say yeah we are going to create these resources to see those pluses that's what it's going to go ahead and create and there might be even more than what you expect there to be um but nope it's it's good so now that we're ready we can go ahead and do a terraform apply terraform apply it's going to ask us to confirm it'll say like yes or no we'll definitely say yes we'll give it a moment okay other providers like adus and gcp are a lot more responsive I think it's just the time it takes to go talk to Azure we'll type in yes we'll give it a moment here again it's thinking it's thinking and it's creating the resources great so I'll be back here when it's done it might just take a couple minutes might take 30 seconds but I'll be back when it is uh created all right so like about a minute took to create um so what we'll do is we'll go take a look at and by the way we really don't want to um um we really don't want to uh leave this you really want to stick with this and uh after we deploy it so we can tear it down because the state file is all here so when you use um uh arm uh as your arm templates and bicep with which just produces arm templates the state of the the infrastructure is on the cloud provider so Azure has uh the Azure resource manager and it stores some kind of state file you don't see it we don't know what format it's in um uh but with terraform because it is an agnostic provider uh it stores the state file here now we could use ter from cloud which has a free tier and we could put it up there but uh for our purpose we just have it in here you do not want to commit this ever to your repo it could have sensitive information in it so just be aware of that in fact we should have an ignore file in here so that we not running into problems so I'm going to go ahead here and just type in get ignore it's probably the first thing we should have done but uh you know sometimes we do things out of order here get ignore uh terraform so we'll just go grab that because it'll give us the best stuff GitHub has a um a recommended ignore file we'll go ahead and copy that and we'll go back here and paste this in here and Save it and that way um that state file will not be part of the source code so notice it's not going to commit it but the lock file will be there which is fine let's go over to uh Azure and make sure that that resource was created so if we go to storage accounts we have an additional one there my uh storage account Etc it's there so um it's there so if we were to lose that state file we would actually have to manually delete the resource Group because it would no longer be able to track it but we do have the state file here and so we can go ahead and delete those resources so we'll go ahead and type in terraform destroy and we'll hit enter and that will um tear down terraform okay we'll give it a moment it's just thinking it is thinking real hard there we go we'll type in yes and we'll have to wait for it to destroy the resource I'll see you back here when it's done destroying okay all right so after a short little wait there uh that stuff has been torn down I'm going to go ahead and commit these files so uh changes we'll just make a quick commit message there we'll sync those changes we'll say okay make sure those changes get pushed if you need to look at my code it's going to be in that repo so just go back and look for it on the GitHub exam proo aure bicep example um yeah we're good there let's make sure we just uh turn off this workspace here so we'll say stop okay and we have now stopped this workspace we are in good shape and we'll see you in the next one [Music] okay all right so um I've been in the free tier here and I've been Gathering a bit of spend while just clicking through resources I was actually surprised how much spend uh has occurred considering I haven't really done anything but let's go take a look at in our subscription and see if we can figure out what's going on with our spend here uh of course you know if you are in your paid tier that could be problematic uh but I'm hopefully you are utilizing the free tier just as I am um and also we might be bringing through the free tier quicker because they're not treating um not giving us the free uh the free tier usage and they're just treating everything as as if it's it's fully paid so here it says we have2 200 remaining out our $500 still I find that kind of crazy we have spending rate and forecast uh cost of course we have no cost so we're probably more interested in usage but let's go take a look and see what's been causing this issue so we'll go into uh here into our cost analysis and there is there is really no real cost it's more just like us using uh resources so I'm trying to make sense of this it Mak it's a lot easier when it's real money and not uh pretend money so we'll have to see here we'll go cost by resource let's see if we can make sense of this breakdown and uh I mean these are all under a dollar so I'm not exactly sure what it means here so this is not going to be very useful in our free tier maybe what we can do is go over uh to back over to uh our subscriptions here because really we shouldn't really have any kind of spend it's uh I think it's Azure tricking us because I know all the resources we've been spitting up and they're not uh we have not had them up for very long and there's no way they could be uh uh as much as it's reporting here so maybe a better thing might be usage uh if usage gives us some indication here I rarely ever have free tier so it's not always very clear to me uh what's going on here and so what we're seeing here is this is the um uh the quotas or usage of resources so if you were to exceed this you might have to uh request a a quot increase so this is not uh that useful uh this is more about current usage and usage there so yeah I'm not 100% sure where um uh free spend occurs so just give me a moment and I'll go find out okay all right so um Microsoft is suggesting some things here I don't necessarily mean that I believe that this is where it is but let's go take a look and see if they're being honest with us here so we're in our subscription and it's suggesting that we go over to where um spending r forecast so that's what we were on earlier if we go back over to the right tab it was we go back over to overview it was this here we go to view details and I was trying to break it down a different way okay so we'll go back over here cost by resource show the cost of individual resources uh top free services by usage uh this only uh this area only appears for free count so if you don't have a free count the isn't shown well I'd love to see that that sounds very useful to me so let's see if we can I'm going to close this tab it keeps messing me up if we can see that [Music] here I mean I'm not really seeing that here all right let me really carefully read it okay all right I think what it's saying is that on that overview page it'll have that on the right hand side I don't think I saw saw that but I was going pretty darn quick so to be fair it could be my fault and we're just going to go back to subscriptions here on our overview it's over here so we'll view all free uh uh Services they say this only is provided in our free services for 12 months so no this is talking about all usage over uh over 12 months and uh we can sort this based on usage I suppose and we're only seeing usage here so you can see that we're not really uh utilizing much like Cosmos DB has a free tier that's something we spun up earlier virtual machines has a free tier I don't think AKs has a free tier but where is all this money going that's what I want to know how do we go from $500 to $200 in a day uh it's oh your remaining $200 of free credits expire in ETC maybe we only get 200 free maybe it's not $500 and I'm just I'm just crazy um let's go ask chbt how many credits do I get in Azure for the first 30 days maybe it's just 200 I mean that sounds more reasonable than 500 I think I'm just uh kind of forgetting I remember gcp once had like a lot of free credits like thousands and uh chat GPT is really taking their time here so let's go out to the internet and oh no here we go it's $200 okay so all right our spend isn't crazy it's just down by a little a little amount of money it's still not showing us what is fully outstanding again it's so hard to see this when the spend is so low so I guess we really are not spending a whole lot there we can go back to notifications and see it uh I mean it did show up here notifications and notifications is taking time here to today that's great come on notifications you can do it it's really not appearing here today and I can't go back there we go yeah so I guess maybe it wouldn't show up there maybe it would show up in the advisory so um uh most providers have advisories and that's maybe where that popup came from so we'll go back to subscriptions I think I saw it here on the left hand side we had like uh ad recommendations and we have none right now okay so that's okay um all I wanted to know was do we know where we can see our spend and apparently in the free tier we can go over here uh and see stuff since we're not in the pay tier there's not a whole lot of information that is interesting that we can see but maybe make note of this that when you want when you are in your first 12 months of your account go over here and check and just uh see what your utilization is looking at and just be very aware of what you have access to so clearly we have Cosmos DB we have storage we have some virtual Machines of very particular sizing we get some SQL database which is really nice uh public IP addresses this is something that was not charged for uh previously I don't know when Azure started charging for it but all providers now charge for ipv4 uh addresses um so that's another additional uh expense cognitive Services which we do a lot in the AI 900 so that's a lot of AI stuff you got a load balancer for free which is nice um um and a bunch of databases down here below and more virtual machines so one's probably L Linux one's probably windows so a lot of fun stuff there but anyway hopefully that gives you an idea of spend a little bit more but of course it' look a lot nicer if we had more spend and maybe I'll make a separate video showing uh more spend okay see you in the next one ciao so asure monitor is uh quite a beefy service there's a lot going on in it and so it's a comprehensive solution for collecting analyzing acting on tele data from your cloud and on- premise environment so here's an example of one of the things it can do which is provide you a visual dashboard but it can create smart alerts automate actions log monitoring and a lot of different things and many Azure Services by default are already sending their data to Azure monitor so you can use it right away now I just want to introduce you to the concept of the pillars of observability this isn't a thing specific to Azure but it's something that in devops that you need to understand and it's just going to help you contextualize the offerings of azure Monitor and other cloud service providers so what is observability that is the ability to measure and understand how internal systems work in order to answer questions regarding performance tolerance security and faults with a system and application and in order to uh obtain observability you need three things you need metrics logs and traces uh and you have to use them together using them in isolate does not gain you a observability so let's go Define those three things the first thing is metrics and that is a number that that is measured over a period of time if we measured the CPU usage and aggregated it over a period of time then we would have the average CPU metric then you have logs these are text files where each line contains event data about what happened at a certain time and then you have um traces and this is a history of requests that is that is uh that travels through multiple apps and services so we can pinpoint performance or failures and I like to make the joke that it looks kind of like the Triforce observability once you've constructed it there at the end [Music] let's look at the anatomy of azure monitor which is a little bit complex but I'm sure we can work our way through it so the first thing is that we need uh sources of data so these this is what uh what data can be sent into Azure so you probably want application data operating system data uh data from Azure resources at your subscription level your tenant level which is going to be associated with active directory and custom sources and once you get those into Azure monitor you have to store them somewhere you're going to put them in logs and monitors and these are just data stores that are within Azure monitor that you're going to be able to work with and once you have that data in there you're going to be able to leverage different services that do different things um and so we will call these functions so you can perform insights uh visualizations uh analysis uh response and integration so what we' look at insights uh we're getting insights into our virtual machines our containers our applications uh for visualization you might be making d dashboards uh you could be using powerbi or creating workbooks for analysis you might be using the log analysis or the metrical analysis tools for responses uh you might want to create alerts or start Auto scaling and for Integrations you might want to use logic apps or export apis to connect things up so there you go I want to quickly touch on log analytics uh and so this is a tool used to edit and run queries within Azure monitor logs and and so the idea is it kind of looks like um something you use to connect to a database cuz it really is structured like a database with tables and columns and things like that and it has this uh its own query language called kql and the idea is that you input uh um your queries and it's going to Output results for you and that's something we're going to look uh in Greater detail is that uh kql language so that we know how to use that panel let's go talk about [Music] workspaces so um when you use log analytics you're going to probably want a workspace and this is a unique environment uh for Azure monitor log data each workspace has its own data repository and configuration and data sources and solutions and are configured to store their data in a particular workspace so it's really interesting because if you go over to Azure monitor you can use uh uh log analytics without creating a workspace but I believe that if you want to um uh isolate a lot of your data and uh install like maybe like collect data outside of a your services for other things you're going to need a workspace and it's going to also have a lot more robust options so that's something you're going to end up doing is uh creating work spaces and it's a good habit to do um but there's not a lot to talk about there but let's move on to actual the query language which is really the meat of log analytics let's take a look here at Azure alerts and this helps us uh be notified when there are issues found within the infrastructure or application and this allows us to identify and address is before the users of your system notice them and so they come in three flavors we got metric alerts log alerts and activity log alerts and when alert is triggered you can be notified or have it take action so here is kind of the anatomy of an alert and we have the alert rule this defines who we should monitor like the the service and uh like the the definition of when it is triggered which is going to be the next part here so a resource such as a virtual machine uh designated as a Target resource will emit signals so it's going to be em emitting a data payload and it could be of the following types it could be a metric a log activity log application insights you can kind of see how that ties to the types of alerts then you have the criteria or logical uh tests this gets evaluated and determines are we in a triggered state it could be like percentage CPU greater than 70% then you have your Action Group which contains actions um and those actions uh will be uh performed when it is triggered and actions could be things like run uh run an automation run book use Azure functions itsm logic app web hooks or secure web hook on the other side there we have um this box over here and this is all about the state of your alert and so we have monitor condition Al Alert state so monitor condition is set by the system and Alert state is set by the user but the idea that is there is so you can Define where it is because you might want to uh have a history of saying okay I've resolved this issue so I'm marking this as closed and that' be like an alert State there um and so there you go [Music] let's take a look here at application insights and this is an application Performance Management Service so it's an APM and it's a subservice of azure monitor let's talk about what apms are so these are monitoring and and um uh they do monitoring and management of performance and availability for software apps APM strives to detect diagnosed complex application performance problems to maintain an expected level of performance so why use application insights will automatically text performance anomalies and includes powerful analytics tools to help you diagnose issues and to understand what users do with your app designed to help you continuously improve performance and usability works for apps for.net node GS Java python hosted on on premise hybrid or any uh public cloud and I know that it works for uh other ones that are not part of the supported languages so there's one for Ruby but the thing is is like um Azure is only providing official support for a bunch of languages but you might still have libraries out there for them and it integrates with your devops processes and can monitor analyze uh Telemetry from mobile apps by integrating with visual studio app center and if you're running an app you definitely want to have an APM installed if you ever use data dog or Skylight or New Relic that's what apms are or what those um providers offer but let's take a closer look here and this is kind of an example of uh an application and what you're going to see is that we have a front end a backend and workers just to kind of represent uh how you can instrument your applications and when we say instrument it just means install like this piece of code that runs on it to send data back to uh application insights uh and the idea is that when you instrument it you're just installing the instrument uh package STK or in some cases you can just turn it on where it's supported so you don't necessarily uh have to install it an app you might just press a button and it will uh install it within uh Azure services and there's many ways that you can view your telemetry data so the idea is that the agent send that information to application insights and then you're going to be able to leverage that in alerts powerbi Visual Studio rest API continuous exports a lot of a lot of services can ingest application sit so apps can be instrumented from anywhere so if if you running on AWS you can install it on your servers there when you set up application sites monitoring for your web apps you create an application site resource in Microsoft Azure so it's a physical resource and you open this resource in the Azure portal in order to see and analyze Telemetry collected from your app and the resources identified by the instrumentation key also known as the I key and I just got a big old list here just to tell you all the things you can do with it so what does application Insight monitor well request rates response time failure rates dependency rates response times failure rates exceptions page views load performance Ajax calls user and sessions count performance counters host Diagnostics diagnostic Trace uh logs custom events metrics uh uh so there you go that's a big old list and on the right hand side is where can I see my Telemetry and we saw a little list but let's go through the big list and that's uh smart detection manual alerts application map profiler user uh usage analysis diagnostic search for instance data metrics Explorer for aggregated data dashboards live metric streams analytics Visual Studio snapshot debugger powerbi rest API continuous export and there you go so you can see that it can collect and you can use it in a lot of places definitely definitely install if you're using or you running a web application