AZ-900 Course for 2020 - NOV 2020 Updates

2. Describe Cloud Concepts (20-25%)

Now what Microsoft has done is split up the Azure fundamentals exam. What used to be in four sections is now divided into six. So two of the sections have been split into two, making them smaller but adding more content to each. As I said in the last video, you can go to the website yourself and examine the details. Now I will say in these videos, in this video and the next ones that follow, I am completely skipping over the content that's already in the course. And so there's going to be some areas that have had a lot of changes and some areas that have not had many changes. So the first section of the new exam,the September 15 exam, says to describe cloud concepts, which is worth 20% to 25%. In fact, we can examine that section of the exam objectives a little bit closer. It is quite similar to the existing exam objectives. There are only a few things that have been removed and added. One of the things that's been added is for me to have to describe to you the benefits of cloud computing. Now, throughout the course I've talked about how great Microsoft Azure is and how great cloud computing is. But first, consider why a company would want to abandon what they are currently doing, which is hosting their applications in their own environments and migrating and transferring them to the cloud. What are the benefits of that? Maybe the first benefit we should talk about is cost savings. There are both real cost savings, which is money in your pocket, and even accounting cost savings,which can save you on taxes, et cetera. And we'll talk about that. We've already covered in this course concepts such as the agility factor, high availability, and security. I want to talk a bit more about how great it is to have a global reach in the cloud as opposed to your own data center. And so we'll talk about that. So let's talk about the cost savings to start. I don't want to give you a false sense of how much money you're going to save. You know, big, sophisticated companies that spend millions of dollars a month on it are already doing their best to save money on that infrastructure. So they're doing a lot of things to try to save that money. Every month's situation is going to be different. Your situation, mine, and the next person's situation Microsoft has what's called a total cost of ownership calculator (TCO), and that's going to include all the factors that go into running your own server compared to the cloud costs. I ran a very simple sample in the total cost of ownership calculator. I said, what is the cost of running 25 Windows servers in virtual machines? And it did come out with $67,000 in savings compared to on-premises over five years. Now, there are a tonne of factors involved in that, but you're not saving 90%, and maybe you're not even saving50%, although it is probably possible to save something like 50%, more likely you're going to save 10% to 20%of your IT costs if you move to the cloud, depending on your own circumstances. Now, why are there cost savings? Well, first of all, there's the economies of scale that we've talked about in this course. The fact that Microsoft can run a server on a month-to-month basis cheaper than you They just can. They can purchase cheaper electricity, the Internet is cheaper, and the cost of cooling their data centres is cheaper. Their employees are managing more servers than your employees are. Everything is cheaper for them. So you can go online and get a four-processor server. I believe this is the D two instance type four, which can be had for as little as $187 US per month if you sign a three-year contract. And I'm not even talking about software licence hybrid benefits. So can you run a four-processor server for as low as $100 a month? $180 a month? Can you run ten of them for only $800 a month? No, you can't. The employee's cost alone is going to be exceeding that. Of course, Microsoft makes a profit on this somehow. So the cost savings are deducted by the fact that Microsoft is making a profit, but they're still cheaper than you. The other thing is that you can actually take actions to reduce your costs. So, as we talked about before in this course about elasticity and auto-scaling, this stuff can reduce your costs. So your development server can cost a fraction of what your current development server costs, or you can add servers to get higher performance, improve the customer experience, reduce the number of servers, and basically eliminate waste. The other thing I want to talk about in this section is the concept of global reach. And I mentioned before that how many regions Microsoft has currently is over 60 regions on almost every continent of the world. In places such as the Middle East, in South Africa and South America, China, Japan, right, eastern Europe, western Europe, you as a company, only the biggest,largest companies are able to get data centres in all the places that they need them. As a result, any customer of any size, including myself and my few employees, can have servers running all over the world for pennies per hour. That's just something you're not able to do with the cloud, which it enables you to do. So those are the benefits of cloud computing. The next thing that's new in this Septemberexam are more categories of cloud services. So far, we've discussed infrastructure as a service, platform as a service, and software as a service in the existing content. The shared responsibility model is something I added in the newexam. Now, I did allude to this in the course, but it's got its own section here. Basically, as you compare those software platform and infrastructure as a service models to on-premises ownership of servers, Microsoft and your cloud computing provider take on more responsibility, the more abstract you get. And so your on-premises servers are completely controlled by you, including the locks on the door, the passwords on the machine, and the security of the network itself. But as you get into the cloud, even virtual machines have more security than your on-premises because it's managed by Microsoft, but you can still screw it up. So there are things you can do to open ports and to add unsecured listeners and things like that. Again, the higher up the abstraction level you go,the less likely you're able to screw that up. Next up, we'll talk about the serverless model. Now you may have heard the term serverless,or maybe you haven't heard the term, but it doesn't mean what you think it means. So it's not like there are no servers. There are still servers; you just don't have to deal with them. That's the best way I can think of to put it. So if you think about the platform as a servicemodel, you're still choosing the S One plan, the STWO plan, the P One plan, and you're still choosing plans. But in the service model, you don't in terms of access to the server, right? In a virtual machine, you have complete access to web apps. There is a console, there are logs. Do you get some access to the machine but not direct access? If you are in a service model, then you get even less access to the machine. Like I said, with the app service plan, you get to choose one, s Two.You have to deal with scaling if you want to go from one to another because you've got an increased demand. If you want to add instances, you have to set up scaling rules. So the serverless model means not worrying about your plan. Microsoft's going to run your workload and then they're going to charge you for how much it uses. It also means you don't set up the scaling plan. You don't have to check to see if the CPU is exceeding a certain amount. In some serverless services, you actually don't pay anything if your workload doesn't run. So if you have a database that's serverless and no database requests come in in a day, well,you get charged nothing for that day. If you've got a function and it runs under the free limit for functions,which is a million executions per month. So if your function runs less than a million per month, you don't get charged. These are some examples of serverless offerings. So we talked about functions. There's a container serverless. So, Serverless Kubernetes uses Azure container instances as an avirtual node every time it needs to run. It can just run for a few minutes in an ACI and then shut it down. And you're only paying for what you use. There are a couple of database serverless options. The Cosmo DB one is in preview. And finally, in this section,the types of cloud computing. Now, I mentioned public cloud, private cloud, and hybrid cloud in this course, but it did create some confusion and I want to redress that. So in the public cloud, in the case of Microsoft, Azureowns the hardware and they run it on their network. It's their infrastructure, their environment, it's all theirs. So they are letting you use their environment. It's the public cloud. You know, I said in the course that you can show up with a credit card or a method of payment and you can rent some of those services, and they're happy to rent them to you. In the case of the private cloud, it does look and act like a cloud, but usually you own, or at least lease, or have exclusive access to the hardware. So even if you're running it in your data center,if you have a hosting provider, you've got Azure Stackinstalled. It's a private cloud, it's all yours. No other customers are running on that hardware. There's no risk. This is a security model, effectively. And finally, the hybrid cloud hasn't changed. It's the same combination of a public and private cloud and the same solution. And so, if your private cloud is full, you need more storage, you need more compute, you can scale to the public cloud to get that extra. All right, so that's the end of the first section of the new requirements.

3. Describe Core Azure Services (15-20%)

So the first section of the new AzureAZ 900 exam says to describe Core Azure Services. It's worth 15% to 20% of the exam. So here's a screenshot of the September 20 required elements. Also to keep in mind, I'm not going to cover what's already in the course, I'm only covering the new items. So in that first section, it says Core Azure architectural components. I do want to update you on the regions. I think in the course I mentioned, there were 54 regions. There are now 60 regions. And I'm not going to. I think they've stopped updating this number because they always add new ones and now they just put a plus sign. The old regions page has even gone. Here is the latest map showing you all of the North American locations. There's still one in Brazil, lots more in Western Europe and in other parts of the world just continuing to grow. New Zealand is coming soon. Israel, Spain, and Mexico. So many exciting new locations. One thing I didn't mention in the course until now is the concept of region pairs. So, despite there being 60 plus regions, actually, Microsoft treats them as a pair. So each region has another region which is considered a pair, almost always in the same geography because a lot of countries have data storage laws. And so if there's one region in Canada,there's a second region in Canada, et cetera. The data connection between the regionalpairs is the highest-speed one. So they're going to focus their investment on those pairs to make sure the data transfer has the lowest latency and highest throughput. When Azure does an Azure rollout for the newest version of the software, they only deploy it to one region and make sure it's working, test it, bring it back online, and they don't touch the other region until that's been confirmed. And if we're looking at a multiple region outage situation,which I don't recall ever happening, but if there were six regions going down at the same time, they're going to prioritise one region of each pair. So if you're going to do your deployments to Azure and you're going to want to do a multiregion deployment, it makes some sense that you deploy one to each region of a pair because there are additional availability benefits to deploying your applications to both regions of a pair. I'll give you an example of pairs. So the two Canadian regions are, of course, paired with each other. So if you deploy code to Canada Central, then the highest speed connection is with Canada East. When you use globally redundant storage, in fact, your data stored in Canada Centralis is backed up to Canada East. Europe is the same way. The United States is divided into east and west. It's not always going to have similar names like East US. Two has the central us with the pair. And not every country has more than one data center. So Brazil only has a single data centre and its region pair is the South Central US, which is also a regional pair with the North Central US. So Microsoft has two regions that are backing their data up to south Central US.Another thing I wanted to clarify is the definition of what a resource is. I've said this a lot. We've got resource groups and the Azure Resource Manager model. But what is a resource? A resource is effectively an instance of a service that you created that is yours to use and no other customers are using your resource. So when you create a virtual machine, that's a resource. A storage account is a resource network interface card as a resource and a public IP address as a resource. Anything that you create that is yours is a resource. Hopefully that makes sense. So what are those core resources? The course already covers virtual machines,virtual networks, databases, and all the cores. One thing that was not covered that was added in the September update is the Windows Virtual Desktop, a relatively new product. But it's basically a version of Windows that runs in the cloud. So, instead of having all of your software installed on your own PC, imagine having a virtual machine in the cloud where you could install all of your work files, Microsoft Outlook, Microsoft Word, and Adobe products, all of which were installed not on your local machine but in the cloud. And you just remote desktop into that in order to work. And so, no matter which device you log in to, your desktop is there. You can even use iOS and Android apps to look at your desktop. You can use any web browser to look at your desktop. And all of that is powered by Azure. So that's a core resource in Azure. And another one that wasn't mentioned in the database realm. It's called a SQL managed instance. So now you know that you can have SQL Server running in your own environment. You can have SQL Server running on an Azure virtual machine. However, if you want to get away from that, you can migrate to a sequel managed instance, which is fully managed by Azure. It's always going to be updated with the latest patches. It is the smallest number of code changes that you need to make to move SQL Server into Azure. Now, maybe you don't have to make codechanges for Azure SQL Database either, but the chances are even better that you won't make code changes with a SQL managed instance. This is a lot shorter. This was the second section. These are the updates to the September 20 requirements.

4. Describe core solutions and management tools on Azure (10-15%)

So the third section of this exam says "describe coursesolutions and management tools" and is worth 10% to 15%. On screen is a screenshot of the requirements from the September 2020 updates. Most of these requirements are in the existing AM, but there are a few new ones that have been added. And so in this video we're going to only talk about the new ones. In that first section, it says "Core Solutions in Azure." One of the new core solutions in Azure is called Azure Sphere. The Azure Sphere is depicted on the screen; it is a tiny silicon chip designed to be installed in Internet of Things devices. So if you have an Internet connected fridge or a soccer ball or any other light bulb or any other device that connects to the Internet, if you're the manufacturer of that, you can purchase these chips from chipmakers, install them in your device, and you have a secure way of connecting to the cloud. The chips themselves have an operating system installed on them called Sphere OS. It is a Linux-based operating system, of course, designed to run on a chip and in the cloud. Microsoft is providing various security services for this in Azure. And so if you're an app developer and you're going to have to communicate with these watches or fridges or things, security is going to be one of your top concerns because there are billions of these devices out there and you're not going to be able to update them very easily. So, having a secure thing where one service can talk to those billions of devices is sort of the foundation of what Azure Sphere is. Now, in the artificial intelligence realm, At Microsoft, previously talked about machine learning and cognitive services, but they've added the concept of the Azure bot service. It's been around for a few years now. It's basically what's called a chatbot. So if you have been to a website or Facebook Messenger or any type of thing where you can have a conversation with an application but not a person, that is a chatbot. Now, these are natural language queries, which means you can write them in your own speech and the application tries to understand what it is that you're talking about and give an intelligent answer. There are a couple of different techniques or styles of this. One of these is to interface with the database on the back end, you know, sort of infer what they're trying to say through this language interpretation and then go and look up the instructions just like the screenshot shows the package delivery. The other one would be like a frequently asked question where the chatbot can look at your website and find all the information about your hours of operation,your location, what products you have, etc. And it gets all the information. And then if someone says, "What time are you open till tomorrow?" The chat bot already knows the information because they interpreted it from your website. DevOps is now a thing that's had a couple of developments in the last couple of years. Microsoft purchased a company called GitHub in 2018. They pretty much left it alone, which is great because developers have loved GitHub and were afraid Microsoft was going to change it. It is what I would consider to be the most popular place to store your company's programming source code online. Now, that doesn't mean it's public. A lot of companies have private repositories. I've worked in companies in the past that have private code repositories. As a result, you have the option of keeping it private for only your employees or making it public. And that's one of the things that spurs the open source movement. Microsoft itself puts a lot of its code on GitHub. And you'll see throughout various courses that I have that I even refer people to go to GitHuband look at the samples that Microsoft themselves provide. GitHub can tie right into your development tools, most of them, including Visual Studio. As a developer, you can save your code in the cloud with a single click of a button. GitHub is based on the GitSource Control language, which coincidentally was invented by Linus Torvalds, who also invented Linux. So Git is another contribution from this brilliant eye to the world. GitHub recently added something to GitHub called GitHub actions. And this allows you to runautomations based on certain events. As a result, when you check in a piece of source code, you can have a script and automation run that performs a variety of tasks. So what do you want to happen when somebody checks in an update to the existing source code? Well, this spurs the concept of continuous integration or continuous deployment, where as soon as the source code is checked in, it's compiled and then it's deployed to a website. And so you check in some code and then, within five minutes or less, you've got that code published on a website where you can see that it works. You can also run tests against that code and a number of other actions. So GitHub Actions can push coderight into an Azure web app. So that is one thing they want you to know. Another section of this part of the exam talks about management tools. So in this course we've already talked about PowerShell and CLI and Portal and Cloud Shell. One thing that has been added is the Azure Mobile app. So did you know there's both an Android and an iOS mobile app for Azure? You can log into your Azure account using that and look at your applications, web apps, and virtual machines, stop and start them. You can see the graphs, see how they've been running, how healthy they are, et cetera. So you can be at dinner with your spouse and then get a call saying this VM needs to be restarted. You don't have to log into the Portal, you don't have to run home to your computer, just pull out your phone, log into Azure on the mobile app, and you can interact with that virtual machine without missing dessert. Another type of management tool is called Arm templates. Arm stands for Azure Resource Manager, and that is the underlying deployment model within Azure. So some years ago, Microsoft moved from the Azure Service Management ASM model to the Classic model and now to this new model. And now, pretty much, that's your main choice. So there is a layer that runs underneath all the tools that you know, and that is called Arm. So here's a diagram for Microsoft's website. We can see that Arm is featured prominently in the middle of the graph. And any actions you take at the top level in the portal within PowerShell or CLI, the mobile app, or even any of your own programming code, they all go through Arm. Before the file gets uploaded, the machine starts, stops, creating, and the web app gets updated. Arm is the management layer that runs in front of everything. When we're talking about Arm with Azure, sometimes we're talking about Arm templates. And so Microsoft stores your commands as what are called JSON files. And so this is a text-based file. It is readable, but it's very computery. It's got a standard format. We can see one on screen. So I can look at this and I can actually tell you what's happening here's.I put some boxes around it. This is a storage account that's being created, including a container. So there's a container that's also being created along with the storage account. And if you send this file, not a snippet of it, but the full file to the Azure Resource Manager, this storage account will be created and the container will be created. So that's the update dates for this section of the exam for September 2020.

5. Describe general security and network security features (10-15%)

So next up, we're going to talk about security. Section four of the exam, which is worth 15% of the exam, describes general and network security features. So this is one of those sections that has been split. It used to be in one section but has now been split into two. So the general and network security features are what are on screen. Now some things have been removed from this. We're not going to cover that here. But there are a couple of new topics, and we'll talk about those. Azure security features that are in this new version of the exam requirements were not in the last one. The first one is Azure security center.So the Azure Security Center is basically a security system that can monitor and protect your systems, whether they are running inside of Azure or outside of Azure. So it's basically a dashboard for security. It has the benefits of not only strengthening your security but protecting you against active threats and being able to get you from where you are up to speed to a secure position faster. So I looked at Azure SecurityCenter against my own account. This is a training account, but my overall secure score is 22%. So it's quite poor. So I can do better than that. But this tool, the Azure SecurityCenter, is going to help me. So I've got the security score but haven't turned on any compliance features. If you scroll down a little bit, you can see there are recommendations. There are twelve high-severity ones and two medium- and low-severity ones. So I need to get in there and have a look at that. That's the security center. Now related to that but separate, is called Azure Sentinel. I love that name, Sentinel. It reminds me of that classic movie, The Matrix. Now Sentinel basically takes in the log files from various resources. It can actively analyse them for any particular threats. And then you can go back yourself, run queries on thoselogs and find security incidents, whether someone has been trying to log in, a lot of failures on this, etc. You can group those together in an incident, and there's some type of orchestration and automation. So if you find security holes, you can use Sentinel to push out fixes to those environments. One, this is a security feature. It's called Azure Dedicated Host. So Dedicated Host takes the private cloud concept and applies it to the public cloud. So you can basically reserve hardware specifically for your use. Now when you're reserving a virtual machine, a virtual machine is like a single apartment inside of an apartment building, where the apartment building represents the physical server running in the Azure environment. And your apartment is just a one-sliver of that full server. Well, if you were to then purchase your own apartment building, then you could have as many apartments as you want and be assured that no one else is using those apartments. Maybe I'll stretch that analogy as far as it goes. So basically, it's just like having a hosted environment. It's hardware dedicated to you. It's not cheap; there is some expense to it. But basically, once you've reserved a physical machine,you can deploy multiple virtual machines upon it for free to the limit of that machine. Now, the machine itself costs money, but deployingVM to it doesn't cost you any additional money. Now, on the topic of network security, so this was general security, I'm talking about network security. I did mention in the course the concept of defence in depth, but it didn't have this name. I called it. Security by layers. And so I took this slide from the course, apologising that it's cut off at the bottom. But you've got various layers of the network stackfrom the data layer and the application layer, down to the computing layer, the networking layer, the physical premises, like the firewalls, and even your identity. I found this chart on a Microsoft website that sort of shows you that it's not just a single checkbox to say that you're secure or not secure. You can mix and match various things together. You've got DDoS protection plus a firewall, plus a private network link, plus identity management, log management, et cetera, role-based access control. You're basically going to mix and match many of these, not all of them, but many of them together to make yourself a secure environment. So it's not just one check mark and you're done. And that was a short one. That was the update for the general number security section of this exam.

ExamSnap's Microsoft AZ-900 Practice Test Questions and Exam Dumps, study guide, and video training course are complicated in premium bundle. The Exam Updated are monitored by Industry Leading IT Trainers with over 15 years of experience, Microsoft AZ-900 Exam Dumps and Practice Test Questions cover all the Exam Objectives to make sure you pass your exam easily.