Azure CLI

Microsoft Certified: Azure Administrator Associate–Exam Changes

March 26, 2019 Azure, Azure, Azure Administrator, Azure CLI, Certification, Cloud Computing, Infrastructure, Microsoft, Platforms No comments

Earlier during Microsoft Ignite 2019 conference, Microsoft Learning team has rolled out exams various role based certification exams for Administrators, Developers, Architects and DevOps engineers.

Initially there was a requirement for passing two exams: AZ-100 and AZ-101

  • AZ-100 – Microsoft Azure Infrastructure and Deployment
  • AZ-101 – Microsoft Azure Integration and Security
  • AZ-102 – (Upgrade Exam) – Microsoft Azure Administrator Certification Transition

As on 20th March, Microsoft has made announcement to simiplify these requirements by introducing a single exam, instead of taking two exams. Here is how it would look like. 

image

What’s included in AZ-103 ?

You can find them detailed out in  official exams page here, but I will give a quick list taken from the official page

Manage Azure subscriptions and resources (15-20%)

  • Manage Azure subscriptions
    • May include but not limited to: Assign administrator permissions; configure cost center quotas and tagging; configure Azure subscription policies at Azure subscription level
  • Analyze resource utilization and consumption
    • May include but not limited to: Configure diagnostic settings on resources; create baseline for resources; create and rest alerts; analyze alerts across subscription; analyze metrics across subscription; create action groups; monitor for unused resources; monitor spend; report on spend; utilize Log Search query functions; view alerts in Log Analytics
  • Manage resource groups
    • May include but not limited to: Use Azure policies for resource groups; configure resource locks; configure resource policies; implement and set tagging on resource groups; move resources across resource groups; remove resource groups
  • Managed role based access control (RBAC)
    • May include but not limited to: Create a custom role, configure access to Azure resources by assigning roles, configure management access to Azure, troubleshoot RBAC, implement RBAC policies, assign RBAC Roles
Implement and manage storage (5-10%)
  • Create and configure storage accounts
    • May include but not limited to: Configure network access to the storage account; create and configure storage account; generate shared access signature; install and use Azure Storage Explorer; manage access keys; monitor activity log by using Log Analytics; implement Azure storage replication
  • Import and export data to Azure
    • May include but not limited to: Create export from Azure job; create import into Azure job; Use Azure Data Box; configure and use Azure blob storage; configure Azure content delivery network (CDN) endpoints
  • Configure Azure files
    • May include but not limited to: Create Azure file share; create Azure File Sync service; create Azure sync group; troubleshoot Azure File Sync
  • Implement Azure backup
    • May include but not limited to: Configure and review backup reports; perform backup operation; create Recovery Services Vault; create and configure backup policy; perform a restore operation.
Deploy and manage virtual machines (VMs) (20-25%)
  • Create and configure a VM for Windows and Linux
    • May include but not limited to: Configure high availability; configure monitoring, networking, storage, and virtual machine size; deploy and configure scale sets
  • Automate deployment of VMs
    • May include but not limited to: Modify Azure Resource Manager (ARM) template; configure location of new VMs; configure VHD template; deploy from template; save a deployment as an ARM template; deploy Windows and Linux VMs
  • Manage Azure VM
    • May include but not limited to: Add data discs; add network interfaces; automate configuration management by using PowerShell Desired State Configuration (DSC) and VM Agent by using custom script extensions; manage VM sizes; move VMs from one resource group to another; redeploy VMs
  • Manage VM backups
    • May include but not limited to: Configure VM backup; define backup policies; implement backup policies; perform VM restore; Azure Site Recovery
Configure and manage virtual networks (20-25%)
  • Create connectivity between virtual networks
    • May include but not limited to: Create and configure VNET peering; create and configure VNET to VNET; verify virtual network connectivity; create virtual network gateway
  • Implement and manage virtual networking
    • May include but not limited to: Configure private and public IP addresses, network routes, network interface, subnets, and virtual network
  • Configure name resolution
    • May include but not limited to: Configure Azure DNS; configure custom DNS settings; configure private and public DNS zones
  • Create and configure a Network Security Group (NSG)
    • May include but not limited to: Create security rules; associate NSG to a subnet or network interface; identify required ports; evaluate effective security rules
  • Implement Azure load balancer
    • May include but not limited to: Configure internal load balancer, configure load balancing rules, configure public load balancer, troubleshoot load balancing
  • Monitor and troubleshoot virtual networking
    • May include but not limited to: Monitor on-premises connectivity, use Network resource monitoring, use Network Watcher, troubleshoot external networking, troubleshoot virtual network connectivity
  • Integrate on premises network with Azure virtual network
    • May include but not limited to: Create and configure Azure VPN Gateway, create and configure site to site VPN, configure Express Route, verify on premises connectivity, troubleshoot on premises connectivity with Azure
Manage identities (15-20%)
  • Manage Azure Active Directory (AD)
    • May include but not limited to: Add custom domains; Azure AD Join; configure self-service password reset; manage multiple directories;
  • Manage Azure AD objects (users, groups, and devices)
    • May include but not limited to: Create users and groups; manage user and group properties; manage device settings; perform bulk user updates; manage guest accounts
  • Implement and manage hybrid identities
    • May include but not limited to: Install Azure AD Connect, including password hash and pass-through synchronization; use Azure AD Connect to configure federation with on-premises Active Directory Domain Services (AD DS); manage Azure AD Connect; manage password sync and password writeback
  • Implement multi-factor authentication (MFA)
    • May include but not limited to: Configure user accounts for MFA, enable MFA by using bulk update, configure fraud alerts, configure bypass options, configure Trusted IPs, configure verification methods

Now that said. Wishing all the best to all exam aspirants who would want to become an Microsoft Certified: Azure Administrator Associate.

Azure Cosmos DB–Multi Master

October 8, 2018 .NET, .NET Core, .NET Framework, ASP.NET, Azure, Azure CLI, Azure Cosmos DB, CosmosDB, Data Consistancy, Data Integrity, Microsoft, Multi-master, Performance, Reliability, Resilliancy, Scalability, Scale Up No comments

During the Ignite 2018, Microsoft has announced the general availability of Multi-Master feature being introduced to Azure Cosmos DB to provide more control into data redundancy and elastic scalability for your data from different regions with multiple writes and read instances.

What is Multi-Master essentially?

Multi-master is a capability that provided as part of Cosmos DB, that would provide you multiple write regions and provides an option to handle conflict resolution automatically through different options provided by the platform. Most of the major scenarios you would encounter the conflict can be resolved with these simple configurations.

A sample diagram depicting a use case of load balanced web app writing to respective regional master:-

image

With multi-master, Azure Cosmos DB delivers a single digit millisecond write latency at the 99th percentile anywhere in the world, and now offers 99.999 percent write availability (in addition to 99.999 percent read availability) backed by the industry-leading SLAs.

image

Wow! That’s an amazing performance Cosmos DB guarantees to provide so that your mission-critical systems will have zero downtime, if they start using Cosmos DB.

 

How to Enabled Multi-Master support in your Cosmos DB solutions?

Currently multi-master can only be enabled for new Cosmos DB instances using “Enable Multi-Master” option in Azure Portal or through PowerShell or ARM templates or through SDK.

These options are detailed below with necessary examples:

1.) Azure Portal – Enable Multi-region writes and Enable geo-redundancy

image

2.) Azure CLI 
Set the “enable-multiple-write-locations” parameter to “true”

az cosmosdb create \
   –-name "thingx-cosmosdb-dev" \
   --resource-group "consmosify-dev" \
   --default-consistency-level "Session" \
   --enable-automatic-failover "true" \
   --locations "EastUS=0" "WestUS=1" \
   --enable-multiple-write-locations true \

3.) AzureRM PowerShell
In AzureRM PowerShell cmdlet – Set enableMultipleWriteLocations parameter to “true”

$locations = @(@{"locationName"="East US"; "failoverPriority"=0},
             @{"locationName"="West US"; "failoverPriority"=1})

$iprangefilter = ""

$consistencyPolicy = @{"defaultConsistencyLevel"="Session";
                       "maxIntervalInSeconds"= "10";
                       "maxStalenessPrefix"="200"}

$CosmosDBProperties = @{"databaseAccountOfferType"="Standard";
                        "locations"=$locations;
                        "consistencyPolicy"=$consistencyPolicy;
                        "ipRangeFilter"=$iprangefilter;
                        "enableMultipleWriteLocations"="true"}

New-AzureRmResource -ResourceType "Microsoft.DocumentDb/databaseAccounts" `
  -ApiVersion "2015-04-08" `
  -ResourceGroupName "consmosify-dev" `
  -Location "East US" `
  -Name "thingx-cosmosdb-dev" `
  -Properties $CosmosDBProperties

4.) Through CosmosDB SDK
Setting connection policy in DocumentDBClient and set UseMultipleWriteLocations to true.

ConnectionPolicy policy = new ConnectionPolicy
{
   ConnectionMode = ConnectionMode.Direct,
   ConnectionProtocol = Protocol.Tcp,
   UseMultipleWriteLocations = true,
};
policy.PreferredLocations.Add("East US");
policy.PreferredLocations.Add("West US");
policy.PreferredLocations.Add("West Europe");
policy.PreferredLocations.Add("North Europe");
policy.PreferredLocations.Add("Southeast Asia");
policy.PreferredLocations.Add("Japan East");
policy.PreferredLocations.Add("Japan West");

Azure Cosmos DB multi-master configuration is the game changes that really makes it a true global scale database with automatic conflict resolution capabilities for data synchronization and consistancy.

In my later sessions I will write examples to cover how conflict resolutions can be configured and used in realtime scenarios.

Useful Refs:

Getting Started with Azure CLI 2.0

September 30, 2018 Azure, Azure CLI, Azure Cloud Shell, AzureRM.PowerShell, PowerShell No comments

Older days we used to manage azure resources through AzureRM PowerShell modules . This was very much flexible for any Azure Administrator or Developers to run Automated Deployments to Azure Resource Manager resources.

Azure CLI  is the next improved version with simplified cmdlets to make life easier and it is cross-platform.

You can use Azure CLI in two ways:

  1. Azure Portal – Through Azure Cloud Shell
  2. PowerShell module

Installation Steps:

  • Download Azure CLI designed for Linux/Windows/MacOS based on your OS.
  • Install image and follow the steps.

 

image

image

  • Verify the Installation by executing cmdlet [  az –version  ]
az –-version

image

Running the Azure CLI from PowerShell has some advantages over running the Azure CLI from the Windows command prompt, provides additional tab completion features.

Now let us try logging in to Azure using Azure CLI. There are various ways of logging in, for this article I would try simple web login using az login command.

Execute the following cmdlet to login to Azure:

az login

The Azure CLI will  launch your default browser to open the Azure sign-in page. After a successful sign in, you’ll be connected to your Azure subscription.  If it fails, follow the command-line instructions and enter an authorization code at https://aka.ms/devicelogin.

Create a azure resource group and verify:

az group create –name "thingx-dev" –location "southcentralus" 
az group list --output table

 

Hope that is helpful for you to get started with Azure CLI. To learn more about Azure CLI cmdlets : https://github.com/Azure/azure-cli