This post is about my thoughts about the book “Exam Ref AZ-305 Designing Microsoft Azure Infrastructure Solutions” written by Ashish Agrawal, Gurvinder Singh, Mohammad Sabir Sopariwala, and Avinash Bhavsar. Some specifications of this book are below:
Language | English |
Publisher | Pearson Education |
Author | Ashish Agrawal, Gurvinder Singh, Mohammad Sabir Sopariwala, Avinash Bhavsar |
Title | Exam Ref Az-305 Designing Microsoft Azure Infrastructure Solutions |
ISBN-13 | 9780137878789 |
Publication Date | November 2022 |
ISBN-10 | 0137878788 |
I decided to read this book to increase my skills in designing Microsoft Azure Infrastructure Solutions, and this book covered more than I expected. It taught me some interesting questions when designing a new Azure Infrastructure and essential concepts such as B2B, B2C, RPO, RTO, and RLO. Nevertheless, the book needed to correct a minor mistake of mentioning website links where these links could be modified anytime, and this is what happened with a few of the links recommended in the book. However, it did not impact the excellent quality provided in each chapter of the book where I decided to do a small summary and review of each one as follows:
Chapter 1:Design identity, governance, and monitoring solutions
From the beginning of the book, the authors made sure that the career focus of the book is for Azure Solutions Architects aligned with the primary goal of “… understanding of the Microsoft Azure platform, including networking, virtualization, identity, security, business continuity, disaster recovery, data platforms, and governance”. And also highlight how Microsoft Azure has been evolving, and the book could be outdated in some features or topics. From my experience, by analyzing the book in February 2023 and the publication date from November 2022, I consider the book still up-to-date and reflects many of the services of the Microsoft Azure platform.
Furthermore, this chapter mentioned the “Microsoft Azure Well-Architected Framework (WAF),” which made me understand that the book was already worthwhile once I learned that WAF is the first thing one should know when considering migrating to Microsoft Azure. And together with the five pillars of Reliability, Security, Cost optimization, Operational excellence, and Performance efficiency defined by the authors, and also with a great understanding of the phases of the cloud-adoption journey (Strategy, Plan, Ready, Adopt (Migrate, Innovate), Govern, Manage, Organize) one can design a satisfying architecture in Azure.
This chapter also covered platform logs generated by Microsoft Azure, Microsoft Sentinel tool to store collected data, Azure Monitor to log visualization and monitoring, and Azure Advisor, which is a tool providing a live health status for how the current Azure Cloud deployment follows the best practices of the Azure WAF. Also, This chapter makes one think about the scenario where one can think about some questions, such as Providing access to what users? Are they external or internal users? Will they use their own identities (Google or Facebook, for example) and also the type of users (Are they Business partners or end consumers?), User Directory and Management (the roles where each user is placed), Identity Providers Supported (an understanding of the identities such as are these users local users? What are the identity providers users? Single Sign-On (SSO) Support (can connect via Microsoft 365 application?) by doing a B2B collaboration (on-premises) versus AAD B2C (AAD is a cloud-native identity solution.)
Another interesting topic covered in this chapter is governance management which also gives one the hierarchy levels in organizing subscriptions and resources understanding by also providing important links such as the CAF enterprise-scale landing zone at https://learn.microsoft.com/en-in/azure/cloud-adoption-framework/ready/enterprise-scale/implementation for example, and from there I found this https://learn.microsoft.com/en-in/azure/cloud-adoption-framework/ready/landing-zone/
Furthermore, I especially liked the section “Recommend a user consent solution for applications where the authors covered an essential value for me while handling information which is to make sure about the need for either admin or user consent and the possibility of reviewing the defined consent established previously. As already mentioned, this chapter covered both business-to-business (B2B) and business-to-consumer (B2C) concepts that I studied deeper and sharing some links for those that can also be interested in these keywords:
Chapter 2: Design data storage solutions
How data is stored is a topic that I enjoy reading, working on, and studying about, especially in the current era where data is growing rapidly and exponentially. And the authors made sure that one does not forget the level of expertise of the AZ-305 exam and covered how to design data storage solutions and data integration on the Microsoft Azure cloud platform, database scalability solutions such as Azure SQL Database Serverless with the autopause that I did not know. This chapter follows by covering architecture pattern as sharding methodology, collection of databases deployed that shares resources allocated to the poll as elastic pool, data protection methods, data integration and data transformation service Azure Data Factory (ADF), Azure Data Lake, and some other topics that surprise me as the U-SQL which is a query language that blends SQL and C# to process both structured and unstructured data of any size and that some Microsoft Hadoop-based services do Data Analytics on the Azure cloud platform. Other solutions were covered: Azure Blob Storage, Azure Table Storage (NoSQL data store), and point-in-time restore feature.
Chapter 3: Design business continuity solutions
From this chapter, I learned the concept of recovery objects (recovery time objective [RTO], recovery level objective [RLO], and recovery point objective [RPO]) for the different Azure, hybrid, and on-premises workloads. By considering and having the knowledge that the majority of enterprises have a well-established business continuity (BC) and disaster recovery plan (DR), the book prepares one to design a solution for designing for failure”, the Azure Site Recovery (ASR) as recommended for application-level protection and recovery, the different Azure offers to replicate the data as Locally redundant storage (LRS), Geo-redundant storage (GRS), Zone-redundant storage (ZRS), and of course the Azure Backup service. Furthermore, this chapter also covers the need to understand the recovery solutions for containers, Velero as an open-source community tool, the three essential characteristics of a highly available system (Redundancy, Monitoring, Failover), and finally, some hints of gathering requirements such as downtime acceptance, availability requirements, budget investments to secure the infrastructure and risk analysis.
Chapter 4: Design infrastructure solutions
This chapter focuses on choosing the exemplary computing service aligned with a sustainable Azure spend by considering the importance of the VM sizing plays in it. Thus, it covers container-based compute solutions to run containerized Azure Container App, Azure Kubernetes Services (AKS) (as of today AKS is free, and one pays only for the agent nodes within your clusters), and Azure Container Instances (ACI) and the two most popular serverless compute options in Azure which are Azure Functions and Azure Logic Apps. Also, it presents a summary of the five R’s of migration dispositions as Rehost (lift-and-shift migration as migrate an application as-is), Refactor (aim to make an application to fit a PaaS-based model), Rearchitecth (to handle applications that are not compatible or not cloud-native), Rebuild (creation of a recreation of a new codebase aligned with a cloud-native approach), and Replace (replacing legacy workloads with new solutions) when using Azure Migrate services.
Furthermore, by exploring the advantages of speed and agility of Cloud computing, this chapter also covers changing from the traditional N-tier monolith approach to re-architect applications to adapt to a modern cloud-native design as microservices-based architecture and the Twelve-Factor app (and more here https://12factor.net/) as in the video below:
The book finishes with exploring topology concepts for Azure enterprise deployments with the three keys concepts of Azure virtual networks, Hub-and-spoke network topologies, and Azure Virtual WAN topologies and also a glimpse of the native PaaS Azure Bastion as an option to secure RDP/SSH connectivity while attempting to connect to the VMs.
Then, my book review is finished here. Follow below some additional links provided by the book:
List of URLs
Chapter 1: Design identity, governance, and monitoring solutions
https://www.microsoft.com/en-in/security/business/identity-access/azure-active-directory-pricing
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles
https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/
https://learn.microsoft.com/en-us/azure/architecture/framework/
https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings?tabs=portal
https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
https://learn.microsoft.com/en-us/azure/active-directory/cloud-sync/what-is-cloud-sync
https://github.com/Azure/Enterprise-Scale/blob/main/docs/ESLZ-Policies.md
https://learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal
Chapter 2: Design data storage solutions
http://<<YourStorageAccountName>>.blob.core.windows.net
http://<<YourStorageAccountName>>.file.core.windows.net
http://<<YourStorageAccountName>>.table.core.windows.net
http://<<YourStorageAccountName>>.queue.core.windows.net
https://azure.microsoft.com/en-us/pricing/hybrid-benefit/
https://docs.microsoft.com/en-us/azure/data-factory/connector-overview
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-rehydration?tabs=azure-portal
Chapter 3: Design business continuity solutions
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-faq
https://docs.microsoft.com/en-us/azure/storage/common/storage-disaster-recovery-guidance
https://docs.microsoft.com/en-us/azure/backup/archive-tier-support
https://docs.microsoft.com/en-us/azure/storage/common/storage-disaster-recovery-guidance
https://azure.microsoft.com/support/legal/sla/storage/
Chapter 4: Design infrastructure solutions
https://docs.microsoft.com/en-us/azure/api-management/api-management-policies
https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/virtual-machine-recs
https://docs.microsoft.com/en-us/azure/architecture/best-practices/caching
https://docs.microsoft.com/en-us/azure/event-grid/compare-messaging-services
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/resources/tools-templates
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/migrate/azure-best-practices/
https://docs.microsoft.com/en-us/Azure/cloud-adoption-framework/migrate/Azure-best-practices/
https://docs.microsoft.com/en-us/Azure/dms/dms-tools-matrix
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-tcpip-performance-tuning
https://docs.microsoft.com/en-us/azure/virtual-network/security-baseline
Hi! I am Bruno, a Brazilian born and bred, and I am also a naturalized Swedish citizen. I am a former Oracle ACE and, to keep up with academic research, I am a Computer Scientist with an MSc in Data Science and another MSc in Software Engineering. I have over ten years of experience working with companies such as IBM, Epico Tech, and Playtech across three different countries (Brazil, Hungary, and Sweden), and I have joined projects remotely in many others. I am super excited to share my interests in Databases, Cybersecurity, Cloud, Data Science, Data Engineering, Big Data, AI, Programming, Software Engineering, and data in general.
(Continue reading)