Open in app

Sign in

Write

Sign in

Microsoft Azure Mind Maps

Kanchan Tewary
5 min readFeb 1, 2022

I had created these mind maps during my preparation for AZ-303 and AZ-304 exams. If you are planning to take up Azure Solution Architect Expert Certification, or, if you would like to have a quick high level overview of the platform, these might be handy.

Note: All of these may not strictly fall under the exam syllabus, but I found them relevant, for a more holistic understanding.

Storage

Storage, being the primary pillar for any IT architecture, is first on the list. In an Azure platform, first one would create a storage account, define the performance tier, create storage objects as required. Define storage access policies, access tier of the objects, a life cycle policy, replication option and define any data protection if required.

Compute

As we build new applications in cloud, or migrate on-premise workloads, we need to decide the compute architecture. There can be 3 hosting models namely IaaS, PaaS or SaaS. Virtual Machines, Microservices, containers, or serverless, what are the factors to consider? Let’s find out.

Authentication and Authorization

Authentication is about verifying the identity of an entity it claims to be. Authorization is the process about determining whether the authenticated entity is allowed to do a specific action or access specific data. In Azure, these two tasks are managed by Azure Active Directory.

Multi-factor Authentication (MFA), Single sign-on (SSO), security tokens are some authentication approaches.

Access control list (ACL) and Role based access control (RBAC) are the authorization techniques used. Attribute-based access control (ABAC) is a more fine-grained access control mechanism.

Data and Analytics

We would be talking about the databases and the services we have for data collection, process and analyze, gather insights. We can use visualization tools like Microsoft Power BI to create our dashboards and report the gathered insights.

Networking

Virtual Networks or VNet is the fundamental building block, enabling Azure resources to securely communicate between each other, with internet or on-premise applications. Now, there are 3 ways azure resources can communicate with each other: we can place all the resources in same virtual network, or through service endpoints, or we can connect two virtual networks through network peering. We need to set up either a VPN gateway (point-to-site or a site-to-site) or Azure ExpressRoute to establish connectivity with an on-premise network.

Azure creates default routes to route network traffic between subnets, connected virtual networks, on-premises networks, and the Internet. This can be overridden using custom route tables or BGP routes

Security

As more and more business applications are moving to cloud, cloud security has become a top priority. The key principles prescribed by Microsoft are as follows:

  1. principle of least privilege
  2. Classify and encrypt data
  3. Monitor and protect the network integrity of internal and external endpoints
  4. Protect against common attack vectors, such as distributed denial of service (DDoS)
  5. Identify and mitigate code-level vulnerabilities, such as cross-site scripting and structured query language (SQL) injection
  6. Model and test against potential threats

Monitoring

Monitoring is key to assess the health of cloud infrastructure and applications. Chiefly, insights on performance, cost, availability or security metrics is pivotal to the Operations. Apart from Azure monitoring tools, there are many 3rd party tools available as well (AppDynamics, Datadog, LogicMonitor).

Migration and BCDR

Azure Migration framework suggests four steps: assess, migrate, optimize and monitor, to ensure a successful migration. Now, for any application, we may have multiple options as we plan for a migration to cloud: rehost, refactor, rearchitect, rebuild or replace. During assessment, we can use Azure TCO Calculator to estimate monthly running costs in Azure versus on-premises (and hence cost savings).

IoT

Any IoT or Internet of Things platform requires four key sub-systems, IoT devices, a cloud gateway, a stream processing service, storage and finally a UI application for reporting and monitoring. There can be downstream business applications, which would take the telemetry data gathered from this IoT platform, gather insights and take actions. Optionally, we may have local edge computing devices. Not to forget, security plays a very important role in the architecture. Let us also find out, how we can achieve high availability and disaster recovery using the Azure platform.

Design Principles

Reference

Security design principles - Microsoft Azure Well-Architected Framework

Security design principles describe a securely architected system hosted on cloud or on-premises datacenters (or a…

docs.microsoft.com

Network security concepts and requirements in Azure

Network security could be defined as the process of protecting resources from unauthorized access or attack by applying…

docs.microsoft.com

What are Microsoft Azure monitoring tools?

By Azure monitoring tools are software meant to assist in the different aspects of cloud infrastructure management and…

www.techtarget.com

Azure Analytics Services | Microsoft Azure

"We've built rich data systems using SQL Server and Azure to make sure our customers have a trustworthy experience…

azure.microsoft.com

Azure Solutions Architect
Microsoft Azure
Az 303 Exam
Az 304 Exam

--

--

Kanchan Tewary

Written by Kanchan Tewary

464 Followers

Data Architect at IBM Consulting. Passionate about data and sustainability. LinkedIn: https://www.linkedin.com/in/kanchan-tewary-44612279/

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams