Top-down hierarchy of organization
- Management groups: manage access, policy, and compliance for multiple subscriptions. 모든 subscriptions는 management group에 적용된 속성들 자동적으로 상속받음
- Subscriptions: User accounts & resources를 group. 각 subscription은 리소스 생성&사용량의 한계가 정해져있음.
- Resource groups: 리소스 그룹을 묶는 논리적 단위(리소스가 파일이라면 리소스 그룹은 폴더 느낌이다). 리소스 그룹 삭제 시 리소스들도 같이 삭제됨. Scope for applying role-based access control(RBAC) permissions
- Resource: Azure가 제공하는 서비스 상품들
Azure region
Region: a geographical area on the planet that contains at least one but potentially multiple datacenters that are nearby and networked together with a low-latency network
Special Azure regions
US DoD Central, US Gov Virginia, US Gov Iowa and more: for U.S. government agencies and partners. screened U.S. personnel and include additional compliance certifications
China East, China North, and more: partnership between Microsoft and 21Vianet. Microsoft doesn't directly maintain the datacenters
Azure availability zones(AZ-data center)
- Physically separate datacenters within an Azure region
- set up to be an isolation boundary(하나가 다운돼도 다른 AZ는 작동)
- Availability zones are connected through high-speed, private fiber-optic networks
- Zonal services: pin the resource to a specific zone(VMs, managed disks, IP addresses)
- Zone-redundant services: replicates automatically across zones(zone-redundant storage, SQL Database)
Azure region pairs
paired with another region within the same geography
[강의에선…]--------------------------------------------------------
Availability option:
Single VM: VM 하나만 두는 것
Availability(Scale) Set: set duplicated server in same AZ(datacenter)
Availability Zone: launch two similar server in two AZ
Region Pair: ex) Singapore, Korea
Edge location: set mini data center
----------------------------------------------------------------------
Azure Active Directory(Azure AD)
: create, manager user, user groups, external identities, roles…
Authentication VS Authorization
Authentication: “Who” can login
To enhance security: password policy, Multi Factor Authentication, conditional access)
Authorization: “What” can be used. RBAC
Resource locks: protect from accidental delete. cannotDelete/readOnly
Tags: meta data
Policy: Azure Rule(1~2개) –너무 많으면-> Azure Blueprints
Subscription boundaries
- Billing boundary- generates separate billing reports and invoices for each subscription so that you can organize and manage costs
- Access control boundary- manage and control access to the resources that users provision with specific subscriptions
Important facts about management groups
- 10,000 management groups can be supported in a single directory.
- A management group tree can support up to six levels of depth. This limit doesn't include the root level or the subscription level.
- Each management group and subscription can support only one parent.
- Each management group can have many children.
- All subscriptions and management groups are within a single hierarchy in each directory.
이후의 내용은 다 Module 1 Product 부분 상세하게 서술되어있는 거라서 module 1 게시글을 살짝 수정함!
'STUDY NOTE > MS' 카테고리의 다른 글
[AZ-900] 합격 후기 뒷북 둥두루둥둥 (0) | 2021.06.29 |
---|---|
[AZ-900] Module 1: Cloud concepts 정리 (0) | 2021.05.09 |
[AZ-900] 얼렁뚱땅 자격증 공부 (0) | 2021.05.08 |