[AZ-900] Module 2: Core Azure services 정리

Top-down hierarchy of organization

-       Management groups: manage access, policy, and compliance for multiple subscriptions. 모든 subscriptions는 management group에 적용된 속성들 자동적으로 상속받음

-       Subscriptions: User accounts & resources를 group. 각 subscription은 리소스 생성&사용량의 한계가 정해져있음.

-       Resource groups: 리소스 그룹을 묶는 논리적 단위(리소스가 파일이라면 리소스 그룹은 폴더 느낌이다). 리소스 그룹 삭제 시 리소스들도 같이 삭제됨. Scope for applying role-based access control(RBAC) permissions

-       Resource: Azure가 제공하는 서비스 상품들

 

Azure region

Region: a geographical area on the planet that contains at least one but potentially multiple datacenters that are nearby and networked together with a low-latency network

 

Special Azure regions

US DoD Central, US Gov Virginia, US Gov Iowa and more: for U.S. government agencies and partners. screened U.S. personnel and include additional compliance certifications

China East, China North, and more: partnership between Microsoft and 21Vianet. Microsoft doesn't directly maintain the datacenters

 

Azure availability zones(AZ-data center)

• Physically separate datacenters within an Azure region
• set up to be an isolation boundary(하나가 다운돼도 다른 AZ는 작동)
• Availability zones are connected through high-speed, private fiber-optic networks
• Zonal services: pin the resource to a specific zone(VMs, managed disks, IP addresses)
• Zone-redundant services: replicates automatically across zones(zone-redundant storage, SQL Database)

 

Azure region pairs

paired with another region within the same geography

 

[강의에선…]--------------------------------------------------------

Availability option:

Single VM: VM 하나만 두는 것

Availability(Scale) Set: set duplicated server in same AZ(datacenter)

Availability Zone: launch two similar server in two AZ

Region Pair: ex) Singapore, Korea

 

Edge location: set mini data center

----------------------------------------------------------------------

 

Azure Active Directory(Azure AD)

: create, manager user, user groups, external identities, roles…

Authentication VS Authorization

Authentication: “Who” can login

To enhance security: password policy, Multi Factor Authentication, conditional access)

 

Authorization: “What” can be used. RBAC

Resource locks: protect from accidental delete. cannotDelete/readOnly

Tags: meta data

Policy: Azure Rule(1~2개) –너무 많으면-> Azure Blueprints

 

Subscription boundaries

• Billing boundary- generates separate billing reports and invoices for each subscription so that you can organize and manage costs
• Access control boundary- manage and control access to the resources that users provision with specific subscriptions

 

Important facts about management groups

• 10,000 management groups can be supported in a single directory.
• A management group tree can support up to six levels of depth. This limit doesn't include the root level or the subscription level.
• Each management group and subscription can support only one parent.
• Each management group can have many children.
• All subscriptions and management groups are within a single hierarchy in each directory.

 

 

 

이후의 내용은 다 Module 1 Product 부분 상세하게 서술되어있는 거라서 module 1 게시글을 살짝 수정함!