Azure Managed Identity
Scenario:
Let's consider a scenario where we have an WebApplication hosted on Azure VM and it R/W data from Azure SQL Database.
For more information Refer the Youtube video Below:
Q46-Q50(Not Important)
Q46. What is Web Role and Worker role in Azure? What is VM Role?
----------------------------------------------------------------------------------------------------------------------------
Q6. What is Web Role and Worker role in Azure? What is VM Role?
Answer:
Roles are like servers in layman terms, and they play a special role while being as servers.
There are 3 types of roles in Microsoft Azure:
Web Role
Worker Role
VM Role
Web Role – A web role is basically used to deploy a website, using languages supported by the IIS platform like, PHP, .NET etc. It is configured and customized to run web applications. Web role is a virtual machine instance running Microsoft IIS Web server that can accept and respond to HTTP or HTTPS requests.
Worker Role – A worker role is more like an help to the Web role, it used to execute background processes unlike the Web Role which is used to deploy the website. Worker roles can only communicate with Azure Storage or through direct connections to clients. its like a backend code running instance. eg Azure Functions, AKS (Azure K8s Services)
VM Role – The VM role is used by a user to schedule tasks and other windows services. This role can be used to customize the machines on which the web and worker role is running.
----------------------------------------------------------------------------------------------------------------------------
Azure Event Grid
Azure Event Grid
- It's a fully managed event routing service and is used in event driven architectures.
- It's a highly scalable, reliable and supports various messaging protocols like MQTT and Http.
- Typical usage includes:
- Event on Azure Blob Storage: For example, a new blob is added to Storage Account, and you want to emit an event and capture it in an Azure Function
- IOT Device: Event Grid can be used to integrate IOT devices to Azure services allowing you to react to data received from devices in real time.
- Application Integration: Can be used to integrate different application and services both with in Azure and External.
Unanswered
What is Managed Identity in Azure. Why it is famous?
Watch below video and get the answer - Azure Managed Identities - explained in plain English in 5 mins with a step by step demo - YouTube
====================================================================================
Q: What steps we can take in case of Azure Functions timeout?
Answer:
1. Increase the default timeout from 5mins to 15mins.
2. Use Durable functions. They help you to create stateful functions in stateless environment. They can be used to orchestrate the multiple functions. We need to smartly break the logic of function into multiple functions.
3. Better Plan: Think of switching to the premium plan with better configuration.
====================================================================================
Q: List down various access strategies in Azure. Also give the scenarios where you have used them?
IAM - Azure Identity and Access Management.
EntraID
Azure Policies
Key Vault
RBAC
Managed Identities - Managed Identities provide an automatically managed identity in Azure AD for applications to use when connecting to resources that support Azure AD authentication.
SAS(Shared Access Signature)
====================================================================================
Q: Difference between SAS and Access Keys/ Shared Access Policies. When to use which technique?
====================================================================================
====================================================================================
====================================================================================
Q41-Q45
Q41. What is NSG?
Q42. What is the difference between Azure Storage Queue and Azure service bus queue?
Q43. What are notification hubs?
Q44. What is CDN?
Q45. How to implement security in Azure.
================================================================================
Q41. What is NSG?
Answer:
NSG is network security group. it is a way to allow or deny network traffic to your network eg to your virtual machine.
NSG is a set of security rules which allow/ deny inbound/outbound rules.
Please note Security groups are tied to instance while ACL are ties to subnets
================================================================================
Q42. What is the difference between Azure Storage Queue and Azure service bus queue?
Answer:
Storage Queue:
1. There is NO ordering guarantee
2. Publisher subscription model is not available.
3. Queue size up to 500 TB
4. Dead lettering - Not supported. let say if a message is rejected by all then it will go to dead letter. there is no way to read it again.
5. Duplication detection NOT supported
Service Bus Queue:
1. FIFO ordering guarantee
2. Publisher subscription model is available.
3. Queue size could be 1GB - 80GB
4. Dead lettering is supported.
5. Duplication detection supported.
================================================================================
Q43. What are notification hubs?
Answer:
Notification HUB-- Azure Notification Hubs is a massively scalable mobile push notification engine for quickly sending millions of notifications to iOS, Android, Windows or Kindle devices, working with APNs (Apple Push Notification service), GCM (Google Cloud Messaging), WNS (Windows Push Notification Service), MPNS (Microsoft Push Notification Service)
================================================================================
Q44. What is CDN?
Answer:
A content delivery network, or content distribution network, is a geographically distributed network of proxy servers and their data centers. The goal is to provide high availability and performance by distributing the service spatially relative to end users.
Azure Front Door is the common use case to act as a CDN for static websites.
================================================================================
Q45. How to implement security in Azure.
Answer:
There are multiple ways by which we can implement security in Azure
1. RBAC - role base access control
2. NSG - network security group
3. API management - Authentication
4. key vault - for storing keys
5. AAD - Azure Active Directory/ EntraID
6. SAS - Shared Access Signature.
7. Managed Identities
================================================================================
Q36-Q40
Q36. What is partition key in CosmosDB?
Q37. What are the benefits of moving to the cloud?
Q38. Give some auto scale rule criteria in azure?
Q39. Input and output parameter in azure functions?
Q40. How azure marketplace subscription priced?
==============================================================================
Q36. What is partition key in CosmosDB?
Answer:
We need to partition/shard such datasets into smaller chunks and then each partition can act as a database on its own. Thus, a large dataset can be spread across many smaller partitions/shards and each can independently execute queries or run some programs.
==============================================================================
Q37. What are the benefits of moving to the cloud?
Answer:
1. Cost: Pay only for what you use so its cost effective.
2. Scaling: Scale up is quite easy.
3. Disaster recovery
4. Security: Pre decided layout for security in place.
5. Minimized physical maintenance.
Features of azure
1. Ask for what you need and when you need.
2. Scale out/in. scale up/down based on your needs in minutes.
a. Scale out – adding more resources.
b. Scale up- improve resource type.
3. Pay as you consume.
4. Focus only on your needs not on hardware specs
Every unit is measurable. Means you know where you are spending.
==============================================================================
Q38. Give some auto scale rule criteria in azure?
Answer:
Percentage CPU
Network In
Network Out
Disk Read Bytes
Disk Write Bytes
Disk Read Operations/Sec
Disk Write Operations/Sec
CPU Credits Remaining
CPU Credits Consumed
==============================================================================
Q39. Input and output parameter in azure functions?
Answer:
Input and output parameters are optional. They are if for particular trigger function needs something as input and if you want something to return as output. Input and output parameters could be various azure resources like Azure storage, Azure SQL DB and Document DB
==============================================================================
Q40. How azure market place subscription priced?
Answer:
There are multiple models on pricing:
1. Usage based per hour: Some services like Virtual machine are charged hourly.
2. Usage based per unit: services like api are charged per usage.
3. BYOL: Few are charged as per BYOL Model - Bring your own lincence.
4. Free: No charge for these services.
5. Free trail services: Remained free for some time.
6. Monthly Fee: You will be charged fixed per month.
==============================================================================
Remember2
You can submit messages to a queue or topic for delayed processing; for example, to schedule a job to become available for processing by a system at a certain time. This capability realizes a reliable distributed time-based scheduler.
Scheduled messages do not materialize in the queue until the defined enqueue time. Before that time, scheduled messages can be canceled. Cancellation deletes the message.
You can schedule messages either by setting the ScheduledEnqueueTimeUtc property when sending a message through the regular send path, or explicitly with the ScheduleMessageAsync API. The latter immediately returns the scheduled message's SequenceNumber, which you can later use to cancel the scheduled message if needed. Scheduled messages and their sequence numbers can also be discovered using message browsing.
=================================================================================
Get a specified secret from a given key vault.
The GET operation is applicable to any secret stored in Azure Key Vault. This operation requires the secrets/get permission
GET {vaultBaseUrl}/secrets/{secret-name}/{secret-version}?api-version=7.1
===================================================================================
Soft delete for blobs protects your data from being accidentally or erroneously modified or deleted. When soft delete for blobs is enabled for a storage account, blobs, blob versions, and snapshots in that storage account may be recovered after they are deleted, within a retention period that you specify.
If there is a possibility that your data may accidentally be modified or deleted by an application or another storage account user, Microsoft recommends turning on soft delete
==================================================================================
To move the data from on premises to azure which resides in a Mongo DB database, we would need to move it to a Cosmos DB account. You can use Azure Database Migration Service to perform an online (minimal downtime) migration of databases from an on-premises or cloud instance of MongoDB to Azure Cosmos DB's API for MongoDB.
==============================================================================
#!/bin/bash
# Reference: az cosmosdb | https://docs.microsoft.com/cli/azure/cosmosdb
# --------------------------------------------------
#
# Create a Table API table
#
#
# Variables for Cassandra API resources
uniqueId=$RANDOM
resourceGroupName="Group-$uniqueId"
location='westus2'
accountName="cosmos-$uniqueId" #needs to be lower case
tableName='table1'
# Create a resource group
az group create -n $resourceGroupName -l $location
# Create a Cosmos account for Table API
az cosmosdb create \
-n $accountName \
-g $resourceGroupName \
--capabilities EnableTable \
--default-consistency-level Eventual \
--locations regionName='West US 2' failoverPriority=0 isZoneRedundant=False \
--locations regionName='East US 2' failoverPriority=1 isZoneRedundant=False
# Create a Table API Table
az cosmosdb table create \
-a $accountName \
-g $resourceGroupName \
-n $tableName \
--throughput 400
Subscribe to:
Comments (Atom)