10979A-ENU-TrainerHandbook.pdf

M I C R O S O F T10979A L E A R N I N G P R O D U C T Microsoft Azure Fundamentals MCT USE ONLY. STUDENT USE PROHIBITED O F F I C I A L Microsoft Azure Fundamentals MCT USE ONLY. STUDENT USE PROHIBITED ii Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links may be provided to third-party sites. Such sites are not under the control of Microsoft, and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein. © 2014 Microsoft Corporation. All rights reserved. Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty /Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners Product Number: 10979A Part Number: X19-81900 Released: 11/2014 MCT USE ONLY. STUDENT USE PROHIBITED MICROSOFT LICENSE TERMS MICROSOFT INSTRUCTOR-LED COURSEWARE These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. Please read them. They apply to your use of the content accompanying this agreement which includes the media on which you received it, if any. These license terms also apply to Trainer Content and any updates and supplements for the Licensed Content unless other terms accompany those items. If so, those terms apply. BY ACCESSING, DOWNLOADING OR USING THE LICENSED CONTENT, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT ACCESS, DOWNLOAD OR USE THE LICENSED CONTENT. If you comply with these license terms, you have the rights below for each license you acquire. 1. DEFINITIONS. a. “Authorized Learning Center” means a Microsoft IT Academy Program Member, Microsoft Learning Competency Member, or such other entity as Microsoft may designate from time to time. b. “Authorized Training Session” means the instructor-led training class using Microsoft Instructor-Led Courseware conducted by a Trainer at or through an Authorized Learning Center. c. “Classroom Device” means one (1) dedicated, secure computer that an Authorized Learning Center owns or controls that is located at an Authorized Learning Center’s training facilities that meets or exceeds the hardware level specified for the particular Microsoft Instructor-Led Courseware. d. “End User” means an individual who is (i) duly enrolled in and attending an Authorized Training Session or Private Training Session, (ii) an employee of a MPN Member, or (iii) a Microsoft full-time employee. e. “Licensed Content” means the content accompanying this agreement which may include the Microsoft Instructor-Led Courseware or Trainer Content. f. “Microsoft Certified Trainer” or “MCT” means an individual who is (i) engaged to teach a training session to End Users on behalf of an Authorized Learning Center or MPN Member, and (ii) currently certified as a Microsoft Certified Trainer under the Microsoft Certification Program. g. “Microsoft Instructor-Led Courseware” means the Microsoft-branded instructor-led training course that educates IT professionals and developers on Microsoft technologies. A Microsoft Instructor-Led Courseware title may be branded as MOC, Microsoft Dynamics or Microsoft Business Group courseware. h. “Microsoft IT Academy Program Member” means an active member of the Microsoft IT Academy Program. i. “Microsoft Learning Competency Member” means an active member of the Microsoft Partner Network program in good standing that currently holds the Learning Competency status. j. “MOC” means the “Official Microsoft Learning Product” instructor-led courseware known as Microsoft Official Course that educates IT professionals and developers on Microsoft technologies. k. “MPN Member” means an active Microsoft Partner Network program member in good standing. MCT USE ONLY. STUDENT USE PROHIBITED l. “Personal Device” means one (1) personal computer, device, workstation or other digital electronic device that you personally own or control that meets or exceeds the hardware level specified for the particular Microsoft Instructor-Led Courseware. m. “Private Training Session” means the instructor-led training classes provided by MPN Members for corporate customers to teach a predefined learning objective using Microsoft Instructor-Led Courseware. These classes are not advertised or promoted to the general public and class attendance is restricted to individuals employed by or contracted by the corporate customer. n. “Trainer” means (i) an academically accredited educator engaged by a Microsoft IT Academy Program Member to teach an Authorized Training Session, and/or (ii) a MCT. o. “Trainer Content” means the trainer version of the Microsoft Instructor-Led Courseware and additional supplemental content designated solely for Trainers’ use to teach a training session using the Microsoft Instructor-Led Courseware. Trainer Content may include Microsoft PowerPoint presentations, trainer preparation guide, train the trainer materials, Microsoft One Note packs, classroom setup guide and Prerelease course feedback form. To clarify, Trainer Content does not include any software, virtual hard disks or virtual machines. 2. USE RIGHTS. The Licensed Content is licensed not sold. The Licensed Content is licensed on a one copy per user basis, such that you must acquire a license for each individual that accesses or uses the Licensed Content. 2.1 Below are five separate sets of use rights. Only one set of rights apply to you. a. If you are a Microsoft IT Academy Program Member: i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. ii. For each license you acquire on behalf of an End User or Trainer, you may either: 1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User who is enrolled in the Authorized Training Session, and only immediately prior to the commencement of the Authorized Training Session that is the subject matter of the Microsoft Instructor-Led Courseware being provided, or 2. provide one (1) End User with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft Instructor-Led Courseware, or 3. provide one (1) Trainer with the unique redemption code and instructions on how they can access one (1) Trainer Content, provided you comply with the following: iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid license to the Licensed Content, iv. you will ensure each End User attending an Authorized Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized Training Session, v. you will ensure that each End User provided with the hard-copy version of the Microsoft InstructorLed Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware, vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Authorized Training Session, viii. you acknowledge that Trainers that are not MCTs will not have access to all of the trainer resources for the Microsoft Instructor-Led Courseware. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User attending the Authorized Training Session and only immediately prior to the commencement of the Authorized Training Session that is the subject matter of the Microsoft Instructor-Led Courseware provided. you may either: 1. you will ensure that each End User attending an Authorized Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized Training Session. If you are a Microsoft Learning Competency Member: i. . vi. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. or 2. If the Microsoft Instructor-Led Courseware is in digital format. you will only provide access to the Trainer Content to Trainers. vii. provided you comply with the following: iii. STUDENT USE PROHIBITED vii. and ix. you will only deliver a maximum of 15 hours of training per week for each Authorized Training Session that uses a MOC title. you will provide one (1) Trainer with the unique redemption code and instructions on how they can access one (1) Trainer Content. you will only provide access to the Licensed Content to those individuals who have acquired a valid license to the Licensed Content. and x. For each license you acquire on behalf of an End User or Trainer. you will ensure that each End User provided with a hard-copy version of the Microsoft Instructor-Led Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft Instructor-Led Courseware in the form provided to you. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware. you will only use qualified MCTs who also hold the applicable Microsoft Certification credential that is the subject of the MOC title being taught for all your Authorized Training Sessions using MOC. v. you will ensure that each Trainer teaching an Authorized Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Authorized Training Session. iv. or 3. you may install one (1) copy on up to three (3) Personal Devices.MCT USE ONLY. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is the subject of the Microsoft Instructor-Led Courseware being taught for your Authorized Training Sessions. you will only use qualified Trainers who have in-depth knowledge of and experience with the Microsoft technology that is the subject of the Microsoft Instructor-Led Courseware being taught for all your Authorized Training Sessions. ix. viii. provide one (1) End User attending the Authorized Training Session with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft InstructorLed Courseware. b. you will only provide access to the Microsoft Instructor-Led Courseware to End Users. ii. You may also print one (1) copy of the Trainer Content solely to prepare for and deliver an Authorized Training Session or Private Training Session. you will provide one (1) Trainer who is teaching the Private Training Session with the unique redemption code and instructions on how they can access one (1) Trainer Content. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is the subject of the Microsoft Instructor-Led Courseware being taught for all your Private Training Sessions. you may install one (1) copy on up to three (3) Personal Devices. i. You may not install or use a copy of the Trainer Content on a device you do not own or control. ii. and install one (1) additional copy on another Personal Device as a backup copy. you may access the Microsoft Instructor-Led Courseware online using the unique redemption code provided to you by the training provider and install and use one (1) copy of the Microsoft Instructor-Led Courseware on up to three (3) Personal Devices. viii. For each license you acquire on behalf of an End User or Trainer. iv. If you are an End User: For each license you acquire. you will ensure that each Trainer teaching an Private Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Private Training Session. v. you may install and use one (1) copy of the Trainer Content in the form provided to you on one (1) Personal Device solely to prepare and deliver an Authorized Training Session or Private Training Session. you will only provide access to the Licensed Content to those individuals who have acquired a valid license to the Licensed Content. or 3. vii. provided you comply with the following: iii.MCT USE ONLY. you will ensure that each End User provided with a hard copy version of the Microsoft Instructor-Led Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. you may use the Microsoft Instructor-Led Courseware solely for your personal training use. vi. ix. or 2. If the Microsoft Instructor-Led Courseware is in digital format. If the Microsoft Instructor-Led Courseware is in digital format. you will only provide access to the Trainer Content to Trainers. d. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User attending the Private Training Session. You may also print one (1) copy of the Microsoft Instructor-Led Courseware. you will ensure that each End User attending an Private Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Private Training Session. STUDENT USE PROHIBITED c. you will only use qualified MCTs who hold the applicable Microsoft Certification credential that is the subject of the MOC title being taught for all your Private Training Sessions using MOC. and only immediately prior to the commencement of the Private Training Session that is the subject matter of the Microsoft Instructor-Led Courseware being provided. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft Instructor-Led Courseware in the form provided to you. For each license you acquire. . e. you may either: 1. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware. you will only provide access to the Microsoft Instructor-Led Courseware to End Users. If you are a Trainer. provide one (1) End User who is attending the Private Training Session with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft Instructor-Led Courseware. which may be used only to reinstall the Trainer Content. and x. If you are a MPN Member: i. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. 2. Licensed Content based on the final version of the technology may not contain the same information as the Licensed Content based on the Pre-release version. 2. Microsoft product. or (ii) sixty (60) days after the commercial release of the technology that is the subject of the Licensed Content. share and commercialize your feedback in any way and for any purpose. 2. or service that includes the feedback. Pre-release Term. technologies and services to use or interface with any specific parts of a Microsoft technology. if any. . Notices. You will not give feedback that is subject to a license that requires Microsoft to license its technology. the right to use. Pre-Release Licensed Content. Microsoft is under no obligation to provide you with any further content. without charge. We also may not release a final version. If you agree to give feedback about the Licensed Content to Microsoft. you will cease using all copies of the Licensed Content on the Pre-release technology upon (i) the date which Microsoft informs you is the end date for using the Licensed Content on the Pre-release technology.3 Redistribution of Licensed Content. whichever is earliest (“Pre-release term”). not the third party. it does not mean changing or modifying any slide or content. The Licensed Content may include third party code tent that Microsoft. either directly or through its third party designee. The Licensed Content is licensed as a single unit and you may not separate their components and install them on different devices. for the third party code ntent are included for your information only. and licenses regarding its use. Feedback. you give to Microsoft without charge. This Licensed Content subject matter is on the Pre-release version of the Microsoft technology.2 Separation of Components. If you are an Microsoft IT Academy Program Member. MPN Member or Trainer.MCT USE ONLY. If you elect to exercise the foregoing rights. Microsoft Learning Competency Member. You may customize the written portions of the Trainer Content that are logically associated with instruction of a training session in accordance with the most recent version of the MCT agreement. You also give to third parties. c. 2.5 Additional Terms. licenses to you under this agreement. you agree to comply with the following: (i) customizations may only be used for teaching Authorized Training Sessions and Private Training Sessions. LICENSED CONTENT BASED ON PRE-RELEASE TECHNOLOGY. These rights survive this agreement. and/or not using all the slides or content. STUDENT USE PROHIBITED ii. you may not distribute any Licensed Content or any portion thereof (including any permitted modifications) to any third parties without the express written permission of Microsoft. The technology may not work the way a final version of the technology will and we may change the technology for the final version. Upon expiration or termination of the Pre-release term. you will irretrievably delete and destroy all copies of the Licensed Content in your possession or under your control. b. conditions. Some Licensed Content may contain components with additional terms. Any non-conflicting terms in those conditions and licenses also apply to your use of that respective component and supplements the terms described in this agreement. For clarity. these terms also apply: a. including any Licensed Content based on the final version of the technology.4 Third Party Notices. any patent rights needed for their products. then in addition to the other provisions in this agreement. technologies. any use of “customize” refers only to changing the order of slides and content. 3. Except as expressly provided in the use rights above. If the Licensed Content’s subject matter is based on a pre-release version of Microsoft technology (“Pre-release”). or products to third parties because we include your feedback in them. and (ii) all customizations will comply with this agreement. and Microsoft is not responsible for the contents of any third party sites. you may use the Licensed Content only as expressly permitted in this agreement. not sold. APPLICABLE LAW. Upon termination of this agreement for any reason. remove or otherwise thwart any protections or disassemble the Licensed Content except and only to the extent that applicable law expressly permits. lend. see www. These laws include restrictions on destinations. including claims under state consumer protection laws. a. Microsoft reserves all rights not expressly granted to you in this agreement. The Licensed Content is licensed. you must comply with any technical limitations in the Licensed Content that only allows you to use it in certain ways. transmit.com/exporting. You may link to third party sites through the use of the Licensed Content. 9. or any changes or updates to third party sites. . • alter. This agreement. Unless applicable law gives you more rights despite this limitation. The laws of the state where you live govern all other claims. SCOPE OF LICENSE. remove or obscure any copyright or other protective notices (including watermarks). any links contained in third party sites. The third party sites are not under the control of Microsoft. link to or post. 7. 11. and in tort. • work around any technical limitations in the Licensed Content.MCT USE ONLY. The Licensed Content is protected by copyright and other intellectual property laws and treaties. SUPPORT SERVICES. Washington state law governs the interpretation of this agreement and applies to claims for breach of it. despite this limitation. Microsoft is providing these links to third party sites to you only as a convenience. TERMINATION. 5. or • reverse engineer. or make the Licensed Content available for others to access or use. we may not provide support services for it. LINKS TO THIRD PARTY SITES. you will immediately stop all use of and delete and destroy all copies of the Licensed Content in your possession or under your control. This agreement only gives you some rights to use the Licensed Content. make available or distribute the Licensed Content to any third party. and the inclusion of any link does not imply an endorsement by Microsoft of the third party site. Microsoft reserves all other rights. United States. end users and end use. STUDENT USE PROHIBITED 4. publish. branding or identifications contained in the Licensed Content. You must comply with all domestic and international export laws and regulations that apply to the Licensed Content. adapt. unfair competition laws. • copy. RESERVATION OF RIGHTS AND OWNERSHIP. reuse. you may not: • access or allow any individual to access the Licensed Content if they have not acquired a valid license for the Licensed Content. In doing so. decompile. sell. updates and supplements. Without prejudice to any other rights. print. 10. 8. The Licensed Content is subject to United States export laws and regulations. Because the Licensed Content is “as is”. copyright. Microsoft is not responsible for webcasting or any other form of transmission received from any third party sites. • modify or create a derivative work of any Licensed Content. 6. and any additional terms for the Trainer Content. regardless of conflict of laws principles. If you acquired the Licensed Content in the United States. Microsoft or its suppliers own the title. and other intellectual property rights in the Licensed Content. install.microsoft. • publicly display. Microsoft may terminate this agreement if you fail to comply with the terms and conditions of this agreement. EXPORT RESTRICTIONS. Except as expressly permitted in this agreement. For additional information. ENTIRE AGREEMENT. updates and supplements are the entire agreement for the Licensed Content. You may have other rights under the laws of your country. You may also have rights with respect to the party from whom you acquired the Licensed Content. If you acquired the Licensed Content in any other country. SPECIAL. 12. Microsoft n’accorde aucune autre garantie expresse. and o claims for breach of contract. La ou elles sont permises par le droit locale.00 $ US. Canada. LIMITATION DES DOMMAGES-INTÉRÊTS ET EXCLUSION DE RESPONSABILITÉ POUR LES DOMMAGES. or other tort to the extent permitted by applicable law. et. d’adéquation à un usage particulier et d’absence de contrefaçon sont exclues. It also applies even if Microsoft knew or should have known about the possibility of the damages. consequential or other damages. Toute utilisation de ce contenu sous licence est à votre seule risque et péril. YOU MAY HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT CANNOT CHANGE. some of the clauses in this agreement are provided below in French. Le contenu sous licence visé par une licence est offert « tel quel ». y compris les dommages spéciaux. EXONÉRATION DE GARANTIE. GUARANTEES. Vous ne pouvez prétendre à aucune indemnisation pour les autres dommages. certaines des clauses dans ce contrat sont fournies ci-dessous en français. OR CONDITIONS. • les réclamations au titre de violation de contrat ou de garantie. THE LICENSED CONTENT IS LICENSED "AS-IS" AND "AS AVAILABLE. aux services ou au contenu (y compris le code) figurant sur des sites Internet tiers ou dans des programmes tiers. MICROSOFT AND ITS RESPECTIVE AFFILIATES GIVES NO EXPRESS WARRANTIES.00. The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental." YOU BEAR THE RISK OF USING IT. STUDENT USE PROHIBITED b. LEGAL EFFECT. ITS RESPECTIVE AFFILIATES AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO US$5. This agreement describes certain legal rights. FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. YOU CANNOT RECOVER ANY OTHER DAMAGES. INCLUDING CONSEQUENTIAL. . LOST PROFITS. guarantee or condition. MICROSOFT AND ITS RESPECTIVE AFFILIATES EXCLUDES ANY IMPLIED WARRANTIES OF MERCHANTABILITY. INDIRECT OR INCIDENTAL DAMAGES. DISCLAIMER OF WARRANTY. content (including code) on third party Internet sites or third-party programs. de négligence ou d’une autre faute dans la limite autorisée par la loi en vigueur. ou au titre de responsabilité stricte. YOU CAN RECOVER FROM MICROSOFT. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so. Canada. indirects ou accessoires et pertes de bénéfices. strict liability. breach of warranty. que ce contrat ne peut modifier.MCT USE ONLY. Outside the United States. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS. This limitation applies to o anything related to the Licensed Content. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages directs uniquement à hauteur de 5. Vous pouvez bénéficier de droits additionnels en vertu du droit local sur la protection dues consommateurs. 13. Remarque : Ce le contenu sous licence étant distribué au Québec. Cette limitation concerne: • tout ce qui est relié au le contenu sous licence. les garanties implicites de qualité marchande. Please note: As this Licensed Content is distributed in Quebec. 14. the laws of that country apply. negligence. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. services. EFFET JURIDIQUE. accessoires ou de quelque nature que ce soit. il se peut que la limitation ou l’exclusion ci-dessus ne s’appliquera pas à votre égard. même si Microsoft connaissait ou devrait connaître l’éventualité d’un tel dommage. Si votre pays n’autorise pas l’exclusion ou la limitation de responsabilité pour les dommages indirects. Revised July 2013 . Vous pourriez avoir d’autres droits prévus par les lois de votre pays. STUDENT USE PROHIBITED Elle s’applique également. Le présent contrat décrit certains droits juridiques.MCT USE ONLY. Le présent contrat ne modifie pas les droits que vous confèrent les lois de votre pays si celles-ci ne le permettent pas. STUDENT USE PROHIBITED Microsoft Azure Fundamentals xi .MCT USE ONLY. Microsoft product groups.ba/ddamirblog. virtualization.com. From Sweden.. Microsoft Certified Technology Specialist (MCTS). Hyper-V. Warren .com and DatabaseJournal.o. and Microsoft Azure. Damir has more than 18 years of experience on Microsoft platforms. His articles have been published on ServerWatch. He also works as a consultant on IT infrastructure and messaging projects. Magnus Mårtensson – Technical Reviewer Magnus completed his Masters in Computer Science in 1999 and has more than 15 years of development consulting experience. many of which he has spent teaching and writing. His technical blog is available at http://dizdarevic. and the technical lead on many Windows 8 courses. He has been involved as a subject matter expert for many of the Windows Server 2012 courses. Andrew Warren has more than 25 years of experience in the IT industry. Marcin Policht – Subject Matter Expert Marcin Policht obtained his Master of Computer Science degree 18 years ago and has since then worked in the Information Technology field. Magnus was the first Microsoft Azure MVP in Scandinavia and was awarded MVP of the Year in 2012. Warren – Content Developer Andrew J. Marcin has been a Microsoft MVP for the last seven years. 7 years in a row. such as Windows ITPro and INFO Magazine. Microsoft events. security. and other customers. Bosnia and Herzegovina. in Sarajevo. An avid community enthusiast. and database management. The hosted lab solution runs in Hyper-V data centers and on Microsoft Azure. Martensson Consulting. he is one of the creators of the Global Windows Azure Bootcamp. which offers expert Windows Azure strategic.Content Developer/Subject Matter Expert. he runs his own IT training and education consultancy. He's also a frequent and highly rated speaker on most of Microsoft conferences in Eastern Europe. focusing primarily on directory services. Ronald Beekelaar – Technical Reviewer Ronald Beekelaar is a long-time Hyper-V MVP and MCT. Andrew J. Based in the United Kingdom. He also has been involved in developing TechNet sessions on Microsoft Exchange Server. and development advice all over northern Europe.o. architectural. Additionally. Marcin authored the first book dedicated to Windows Management Instrumentation and co-wrote several others on topics ranging from core operating system features to high-availability solutions. and virtualization. He has worked as a subject matter expert and technical reviewer on many Microsoft Official Courses (MOC) courses on Windows Server and Exchange topics. Their effort at various stages in the development has ensured that you have a good classroom experience. . Microsoft Certified Solutions Expert (MCSE). and has published more than 400 articles in various IT magazines. and he specializes in Windows Server®. which provides access to hosted online hands-on labs and demo environments for training centers. and a Microsoft Certified Information Technology Professional (MCITP). he runs his own company. virtualization. Damir is a Microsoft Most Valuable Professional (MVP) for Windows Server. Damir Dizdarevic – Subject Matter Expert/Content Developer Damir Dizdarevic is an MCT. Exchange Server. He is an international speaker and has given multiple TechEd presentations.Acknowledgements MCT USE ONLY. STUDENT USE PROHIBITED xii Microsoft Azure Fundamentals Microsoft Learning would like to acknowledge and thank the following for their contribution towards developing this title. He is the founder of Virsoft Solutions. an annual event that runs at over 130 locations worldwide on a single day. Ronald is a well-known trainer and presenter on the topics of security. He is a manager and trainer of the Learning Center at Logosoft d. system management. He has a great passion for learning and sharing his own knowledge. STUDENT USE PROHIBITED Microsoft Azure Fundamentals xiii Contents Module 1: Getting Started with Microsoft Azure Module Overview 1-1 Lesson 1: What Is Cloud Computing? 1-2 Lesson 2: What Is Azure? 1-7 Lesson 3: Managing Azure 1-10 Lesson 4: Subscription Management and Billing 1-16 Lab: Use the Microsoft Azure Portal 1-21 Module Review and Takeaways 1-23 Module 2: Websites and Cloud Services Module Overview 2-1 Lesson 1: Create and Configure Websites 2-2 Lesson 2: Deploy and Monitor Websites 2-8 Lesson 3: Create and Deploy Cloud Services 2-13 Lab: Websites and Cloud Services 2-21 Module Review and Takeaways 2-25 Module 3: Virtual Machines in Microsoft Azure Module Overview 3-1 Lesson 1: Create and Configure Virtual Machines 3-2 Lesson 2: Configure Disks 3-12 Lab: Create a Virtual Machine in Microsoft Azure 3-18 Module Review and Takeaways 3-21 Module 4: Virtual Networks Module Overview 4-1 Lesson 1: Getting Started with Virtual Networks 4-2 Lesson 2: Creating a Virtual Network 4-5 Lesson 3: Implementing Point-to-Site Networks 4-8 Lab: Create a Virtual Network 4-12 Module Review and Takeaways 4-15 Module 5: Cloud Storage Module Overview 5-1 Lesson 1: Understand Cloud storage 5-2 Lesson 2: Create and Manage Storage 5-12 Lab: Configure Azure Storage 5-18 Module Review and Takeaways 5-20 .MCT USE ONLY. Module 6: Microsoft Azure Databases Module Overview 6-1 Lesson 1: Understand Relational Database Deployment Options 6-2 Lesson 2: Create and Connect to SQL Databases 6-5 Lab: Create a SQL Database in Azure 6-11 Module Review and Takeaways 6-14 Module 7: Azure Active Directory Module Overview 7-1 Lesson 1: Manage Azure AD Objects 7-2 Lesson 2: Manage Authentication 7-9 Lab: Create Users in Azure Active Directory 7-13 Module Review and Takeaways 7-16 Module 8: Microsoft Azure Management Tools Module Overview 8-1 Lesson 1: Azure PowerShell 8-2 Lesson 2: The Azure SDK and the Azure Cross-Platform Command-Line Interface 8-8 Lab: Using Microsoft Azure Management Tools 8-13 Module Review and Takeaways 8-16 Lab Answer Keys Module 1 Lab: Use the Microsoft Azure Portal L1-1 Module 2 Lab: Websites and Cloud Services L2-3 Module 3 Lab: Create a Virtual Machine in Microsoft Azure L3-7 Module 4 Lab: Create a Virtual Network L4-11 Module 5 Lab: Configure Azure Storage L5-17 Module 6 Lab: Create a SQL Database in Azure L6-21 Module 7 Lab: Create Users in Azure Active Directory L7-25 Module 8 Lab: Using Microsoft Azure Management Tools L8-29 MCT USE ONLY. STUDENT USE PROHIBITED xiv Microsoft Azure Fundamentals . • IT professionals who want to evaluate the use of Microsoft Azure to host web sites and mobile app back-end services. users. • Developers who want to evaluate the creation of Microsoft Azure solutions. and domain controllers. The audience will include: • Individuals who want to evaluate the deployment. . and course objectives. • Create and configure virtual machines in Azure. Course Description Note: This first release (‘A’) MOC version of course 10979A has been developed by using the features available in Microsoft Azure in October. or course 20533A: Microsoft Azure for IT Professionals.MCT USE ONLY. This course trains students on the basics of Microsoft Azure. suggested prerequisites. or database administrator. including tables and simple queries. • A basic understanding of Active Directory concepts such as domains. and Course Companion content on the Microsoft Learning site. The B version may also include new Microsoft Azure features. It provides the underlying knowledge that students will require when they evaluate Microsoft Azure as an administrator. • Database administrators who want to evaluate the use of Microsoft Azure to host Microsoft SQL Server databases. This includes some preview features. configuration. developer. 2014. • Windows Server administrators who want to evaluate the migration of on-premises Active Directory roles and services to the cloud. including audience. and administration of services and virtual machines using Microsoft Azure. Audience This course is intended for IT professionals who have a limited knowledge of cloud technologies and want to learn more about Microsoft Azure. • Describe the Azure Websites service and Azure Cloud Services. copy-edited content. STUDENT USE PROHIBITED About This Course xv About This Course This section provides a brief description of the course. and also provides the prerequisite knowledge for students wishing to attend course 20532A: Microsoft Azure for Developers. students will be able to: • Describe the various Azure services. and access these services from the Azure portal. This course lays the groundwork for further role-specific training in Azure. Microsoft Learning will release a ‘B’ version of this course with enhanced Microsoft PowerPoint slides. • An understanding of websites. Student Prerequisites This course requires that students meet the following prerequisites: • Professional experience in information technology. • Create and implement Azure networks. • A basic understanding of database concepts. Course Objectives After completing this course. configure. “Azure Active Directory" explains how to use Azure AD and Azure Multi-Factor Authentication to enhance security. Course Outline The course outline is as follows: MCT USE ONLY. Module 8. and how to use Multi-Factor Authentication and single sign-on (SSO). and monitor websites by using Azure. • Use Azure Active Directory (Azure AD). Module 5. It also explains how to use Microsoft Azure SQL Database to create. Module 2. Module 6. Module 7. and manage SQL databases in Azure. and directories in Azure AD. manage. It also describes the creation and deployment of Cloud Services on Azure. It describes how to use the Azure portal to access and manage Azure services. “Getting Started with Microsoft Azure" introduces students to cloud services and the various Azure services. configure. Microsoft Visual Studio. It also explains how to implement how to implement communications between your on-premises infrastructure and Azure by using point-to-site networks. “Websites and Cloud Services" explains how to create. and configure cloud storage in Azure.• Create and configure cloud storage in Azure. “Cloud Storage" describes the use of cloud storage and its benefits. and manage authentication. domains. and explains its use in managing Azure subscriptions. “Microsoft Azure Databases" describes the options available for storing relational data in Azure. It also explains the creation and configuration of virtual machines. • Manage an Azure subscription by using Azure PowerShell. and to manage Azure subscription and billing. Module 3. “Virtual Machines in Microsoft Azure" describes how to use Azure to deploy virtual machines on locally installed servers. It also explains how to create. It also describes the Azure Software Development Kit (SDK) and the Azure cross-platform command-line interface. “Virtual Networks" describes Azure virtual networks and explains how to create them. and the management of virtual machine disks by using Azure. “Microsoft Azure Management Tools" introduces Azure PowerShell. Module 4. STUDENT USE PROHIBITED xvi About This Course Module 1. It explains how to create users. and explains their benefits and uses. . integrate applications with Azure AD. • Use databases to store data in Azure. and the Azure command-line interface. training facility.exe. Additional Reading: Student Course files: includes the Allfiles. common issues and troubleshooting tips with answers.com. such as questions and answers. or Microsoft Press. detailed demo steps and additional reading links. when it is needed. • Resources: Include well-categorized additional resources that give you immediate access to the most current premium content on TechNet. Note: For the A version of the courseware.MCT USE ONLY. . the Companion Content will be published when the next (B) version of this course is released. and students who have taken this course will be able to download the Companion Content at that time from the http://www. and real-world issues and scenarios with answers. • Course evaluation: At the end of the course. which is essential for an effective in-class learning experience. best practices. easy-to-browse digital content with integrated premium online resources that supplement the Course Handbook. o Lessons: Guide you through the learning objectives and provide the key points that are critical to the success of the in-class learning experience. • Modules: Include companion content.microsoft. Companion Content is not available. you will have the opportunity to complete an online evaluation to provide feedback on the course.aspx site. tightly-focused format. MSDN. Please check with your instructor when the ‘B’ version of this course is scheduled to release to learn when you can access Companion Content for this course. a self-extracting executable file that contains all required files for the labs and demonstrations. However.com. Additionally. o Module Reviews and Takeaways: Provide on-the-job reference material to boost knowledge and skills retention. hands-on platform for you to apply the knowledge and skills learned in the module. To inquire about the Microsoft Certification Program. Additional Reading: Course Companion Content: Searchable. STUDENT USE PROHIBITED About This Course xvii Course Materials The following materials are included with your kit: • Course Handbook: A succinct classroom learning guide that provides the critical technical information in a crisp. and instructor. o Lab Answer Keys: Provide step-by-step lab solution guidance. which contain the review questions and answers. send an email to mcphelp@microsoft. they include Lab Review questions and answers and Module Reviews and Takeaways sections. for each lesson. o Labs: Provide a real-world. o To provide additional comments or feedback on the course.com/learning/en/us/companion-moc. send an email to support@mscourseware. Your MCT will provide details of how to acquire. STUDENT USE PROHIBITED xviii To complete the labs.About This Course Virtual Machine Environment This section provides the information for setting up the classroom environment to support the business scenario of the course. Virtual Machine Configuration MCT USE ONLY. set up. virtual. you will work on your computer to access Microsoft Azure. Microsoft Azure Pass This course contains labs which require you to access Microsoft Azure. or cloud-based) that has the following capabilities and software: • Internet connectivity • Internet Explorer 10 • Microsoft Visual Studio Express 2013 for Windows Desktop • Microsoft SQL Server Management Studio Express • Windows Web Platform Installer 5. You do not require any o virtual machines on the local computer. Software Configuration This course requires a computer (physical.NET Course Files The files associated with the labs in this course are located in the C:\Labfiles\LabXX folder on the student computers. Classroom Setup Each classroom computer will have the required software installed as part of classroom setup. .0 • Visual Studio Express 2013 for Web with Microsoft Azure software development kit (SDK) • Microsoft Azure SDK for . and configure your Microsoft Azure pass. STUDENT USE PROHIBITED 1-1 Module 1 Getting Started with Microsoft Azure Contents: Module Overview 1-1 Lesson 1: What Is Cloud Computing? 1-2 Lesson 2: What Is Azure? 1-7 Lesson 3: Managing Azure 1-10 Lesson 4: Subscription Management and Billing 1-16 Lab: Use the Microsoft Azure Portal 1-21 Module Review and Takeaways 1-23 Module Overview As organizations move their IT workloads to the cloud. • Manage Azure services from the Azure portal. IT professionals who plan to use Microsoft Azure must learn about the services that Azure provides. IT professionals must understand the principles on which cloud-solutions are based. you will be able to: • Describe cloud computing. • Manage your Azure subscription and billing. Objectives After completing this module. It also describes how to access these services from the Azure portal. and how to manage those services. and it explains the various Azure services. . and how to manage your Azure subscription and billing. This module provides an overview of Azure. and learn how to deploy and manage cloud applications. • Describe Azure and the various Azure services. and infrastructure. Specifically. services.MCT USE ONLY. you must decide which type best suits your needs. and networking. Based on their consumption of those resources. The charge might be based on a number of usage characteristics. • Describe public. STUDENT USE PROHIBITED 1-2 Getting Started with Microsoft Azure Cloud computing plays an increasingly important role in IT infrastructure. the power of virtual machines provisioned. . There are three main types of cloud computing models: public. Cloud computing applications are typically independent of an operating system. often but not necessarily over the Internet. Before you move to a cloud-based model. which abstracts physical hardware as a layer of virtualized resources for processing. • Identify the common types of cloud services. and they are available to users across a wide variety of devices. and hybrid.Lesson 1 What Is Cloud Computing? MCT USE ONLY. IT professionals must be aware of fundamental cloud principles and techniques. the cloud computing provider charges the users. you will be able to: • Describe key principles of cloud computing. and hybrid cloud solutions. From an administrative perspective. Many cloud solutions add further layers of abstraction to define specific services that can be provisioned and used. storage. private. or other factors. Overview of Cloud Computing Cloud computing is a term that describes the delivery and consumption of computing and application resources from a remote location. Each of these models provides different services based on your needs. memory. • Identify suitable uses for cloud services. private. and describes considerations for implementing cloud-based infrastructure services. Most cloud solutions are built on virtualization technology. This lesson introduces the cloud. • Be able to deliver multitenant services. cloud computing infrastructure should: • Be pooled. Therefore. • Allow rapid scalability. Lesson Objectives After completing this lesson. such as the volume of storage used. Users subscribe to cloud computing resources. Consumers generally access cloud services over a network connection. the National Institute of Standards and Technology has identified that the technologist exhibit the following five characteristics: • On-demand self-service. • Resource pooling. • Better flexibility and speed. usually either a corporate network or the Internet. Cloud services scale dynamically to obtain additional resources from the pool as workloads intensify. because it can host multiple virtual machines on a virtualization host. These factors help you to alleviate issues such as low system use. Cloud services generally include some sort of metering capability. . and virtualization technology. and need minimal infrastructure configuration by the consumer. A hardware pool might consist of hardware from multiple servers that are arranged as a single logical entity. Cloud computing provides pooled resources. • Measured service. typically without having to involve IT specialists. You can consolidate servers across the datacenter by using the cloud computing model. Metering makes it possible to track relative resource usage by the users. Cloud computing also enables you to access computing services irrespective of your location and the hardware that you use to access those services. you can increase resources’ flexibility and the speed of access to resources. you only pay for the services that you use. The advantages of cloud computing are: • Managed datacenter. • Server consolidation. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 1-3 Regardless of the specific technologies that organizations use to implement cloud computing solutions. • Rapid elasticity. elasticity. When you use the cloud computing model with products such as System Center 2012. and high operational costs. Cloud services are generally provisioned according to requirement. This enables users of cloud services to quickly set up the resources they want. • Broad network access. Note: As your use of resources increases. It is important to remember that with cloud computing. Cloud services can use a pool of hardware resources that consumers might share.MCT USE ONLY. With cloud computing. and release resources automatically when they are no longer needed. this can mean substantial savings on operational costs for most organizations. or subscribers of the services. inconsistent availability. the emphasis is on virtualization technologies that focus on delivering applications rather than on infrastructure. your service provider can manage your datacenter. Although the datacenter remains a key element in cloud computing. This obviates the need for you to manage your own IT infrastructure. you might take on a greater proportion of the hardware hosting your services until you have exclusive use of the physical server computer hosting your resources. • Lower operational costs. normally through a web browser or by installing a client-side app. Alternatively. as well as functional services for custom applications. the management of IaaS facilities is similar to that of on-premises infrastructure. Typically. PaaS offerings provide application programming interfaces (APIs). Typically. Azure provides PaaS services that simplify the creation of solutions such as web and mobile applications. PaaS encapsulates fundamental operating system (OS) capabilities. Typically. a retail organization might empower departments to provision their own database servers to use as data stores for custom applications. because the service provider handles these tasks. the organization might define a set of virtual machine and network templates that it can provision as a single unit to implement a complete. Examples of Microsoft SaaS services include Microsoft Office 365. For example. PaaS PaaS offerings consist of cloud-based services that provide resources on which developers can build their own solutions. users do not have to worry about issues such as updating applications and maintaining compliance. and Microsoft Dynamics CRM Online.Cloud Services Cloud services generally fall into one of the following three categories: • Software as a service (SaaS) • Platform as a service (PaaS) • Infrastructure as a service (IaaS) SaaS MCT USE ONLY. The primary advantage of SaaS services is that they enable users to easily access applications without the need to install and maintain them. IaaS IaaS offerings provide virtualized server and network infrastructure components that users can easily provision and decommission as required. if not most of your infrastructure to the cloud. pre-configured infrastructure solution. for a branch or store. Skype. thus possibly reducing management tasks and costs. and configuration and management user interfaces. A key point to note is that an infrastructure service might be a single IT resource—such as a virtual server with a default installation of Windows Server 2012 R2 and SQL Server 2014—or it might be a completely pre-configured infrastructure environment for a specific application or business process. Usually. including storage and compute. PaaS enables developers and organizations to create highly-scalable custom applications without having to provision and maintain hardware and OS resources. The main benefit PaaS provides to your organization is that you can shift much. Users can subscribe to the service and use the application. including all the required applications and settings. . IaaS facilities provide an easy migration path for moving existing applications to the cloud. STUDENT USE PROHIBITED 1-4 Getting Started with Microsoft Azure SaaS offerings consist of complete software applications that are delivered as a cloud-based service. MCT USE ONLY. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 1-5 Public, Private, and Hybrid Clouds Cloud computing uses three main deployment models: • Public cloud. Public clouds are infrastructure, platform, or application services that a cloud service provider delivers for access and consumption by multiple organizations. With public cloud services, the organization that signs up for the service does not have the management overhead that the private cloud model would require. This also means that the organization has less control of the infrastructure and services, because the service provider manages this for the organization. In addition, the public cloud hosts the infrastructure and services for multiple organizations (multitenant), so you might need to consider the potential data sovereignty implications of this model. • Private cloud. Individual organizations privately own and manage private clouds. Private clouds offer benefits similar to those of public clouds, but are designed and secured for a single organization’s use. The organization manages and maintains the infrastructure for the private cloud in its datacenter. One of the key benefits of this approach is that the organization has complete control over the cloud infrastructure and services that it provides. However, the organization also has the management overhead and costs that are associated with this model. • Hybrid cloud. In a hybrid cloud, a technology binds two separate clouds (public and private) together for the specific purpose of obtaining resources from both. You decide which elements of your services and infrastructure to host privately, and which to host in the public cloud. Many organizations use a hybrid model when extending to the cloud; that is, they begin to shift some elements of their applications and infrastructure to the cloud. Sometimes, an application and its supporting infrastructure are shifted to the cloud, while the underlying database is maintained within the organization’s own infrastructure. This approach might be used to address security concerns with that particular database. Microsoft cloud services provide technology and applications across all of these cloud computing models. Some examples of Microsoft cloud services are: • • Microsoft public cloud services: o Azure. Azure is a public cloud environment that offers PaaS, SaaS, and IaaS. Developers can subscribe to Azure services and create software, which is delivered as SaaS. Microsoft cloud services use Azure to deliver some of its own SaaS applications. o Office 365. Office 365 delivers online versions of the Microsoft Office applications and online business collaboration tools. o Microsoft Dynamics CRM Online. Dynamics CRM Online is the version of the on-premises Microsoft Dynamics CRM application that Microsoft hosts. Microsoft private cloud: o Hyper-V in Windows Server 2012 R2 combines with System Center 2012 R2 to create the foundation for building private clouds. By implementing these products as a combined solution, you can deliver much of the same functionality that public clouds offer. • The Microsoft hybrid cloud approach: o Microsoft provides a number of solutions that support the hybrid cloud model, by enabling you to: MCT USE ONLY. STUDENT USE PROHIBITED 1-6 Getting Started with Microsoft Azure  Back up an on-premises cloud application to a service provider.  Manage, monitor, and move virtual machines between different clouds.  Connect and federate directory services that allow your users to access applications that are constructed across a combination of on-premises, service provider, and public cloud types. Discussion: How Will Your Organization Use Cloud Computing? Consider how the various cloud computing scenarios might benefit your organization. Be prepared to discuss this with the class. Question: How will your organization use cloud computing? MCT USE ONLY. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 1-7 Lesson 2 What Is Azure? Azure is the public cloud services offering from Microsoft. Microsoft datacenters deliver Azure services over the Internet. Customers can subscribe to a variety of the Azure services that run in these datacenters, typically at a cost lower than they might incur if they purchased or hosted their own hardware, or built their own services and software. Individuals, customers, and Microsoft partners can use several methods to access Azure–based services. Partners have access to programs such as Microsoft Azure platform Cloud Essentials for Partners and Cloud Accelerate. Both customers and partners can access resources through MSDN and through the Microsoft BizSpark program, each of which provides a predefined amount of resources and services to build solutions. This lesson provides an overview of Azure and its services. Lesson Objectives After completing this lesson, you will be able to: • Describe Azure. • Describe the available Azure services. Overview of Azure Azure is a collection of cloud services that you can use to build and operate cloud-based applications and IT infrastructure. A global network of datacenters host Azure services. Microsoft technicians manage these data centers on a 24-hours-a-day basis. Azure offers a 99.95 percent availability service level agreement (SLA) for computing services. Azure services enable you to: • Create and operate cloud-based applications by using a wide range of commonly used tools and frameworks. • Host workloads in the cloud on Azure PaaS services and IaaS infrastructure that comprise virtual machines and virtual networks. • Integrate cloud services with on-premises infrastructure. To use Azure services, you require a subscription. You can sign up for a subscription as an individual or as an organization, and then pay for the services you use on a usage-based cost basis. Note: Microsoft Azure was formerly known as Windows Azure. Additional Reading: To download the Microsoft Azure free trial, go to http://go.microsoft.com/fwlink/?LinkID=517412. Available Azure Services There are four categories of Azure services: compute, data services, app services, and network services. Compute MCT USE ONLY. STUDENT USE PROHIBITED 1-8 Getting Started with Microsoft Azure • Websites. You can use website services to develop and deploy more secure and scalable websites, including integration with many source control technologies. Microsoft Azure supports many languages including ASP.NET (sometimes known as classic ASP), PHP, Node.js, and Python. You can also deploy a choice of SQL Server databases, or deploy MySQL. There are several open source applications, templates, and frameworks available in the Web App Gallery. These include CakePHP, DotNetNuke, Drupal, Django, Express, WordPress, and Umbraco. • Cloud services. Provides a platform that can host web applications and web services. Cloud services use a modular architecture that allows you to scale your application to larger sizes while minimizing costs. • Virtual machines. You can build virtual machine instances from scratch, or by using templates. You also can build them on your own site, and then transfer them to Azure (or the other way around). Virtual machines can run a variety of workloads, including many Microsoft-certified workloads such as SQL Server, SharePoint Server, and BizTalk Server. • Mobile services. You can use these services to build mobile phone apps, including storage, authentication, and notification services for Windows apps, Android apps, and Apple iOS apps. Data Services • SQL Database. Azure includes a SQL Database offering. SQL Database provides interoperability, which enables customers to build applications by using most development frameworks. • Storage. You can use the storage service to create and manage storage accounts for blobs, tables, and queues. • Microsoft Azure HDInsight. Microsoft Azure HDInsight is the Hadoop-based solution from Microsoft. Hadoop is used to process and analyze big data. • Recovery services. You can back up directly to Azure. You can configure the cloud backups from the backup tools in Windows Server 2012 R2, or from System Center 2012 R2. App Services • Media Services. You can use media services to create, manage, and distribute media across a large variety of devices such as Xbox, computers running the Windows operating system, MacOS, iOS, and Android. • Messaging. The Microsoft Azure Service Bus provides the messaging channel for connecting cloud applications to on-premises applications, services, and systems. • Microsoft Azure AD. This is a modern, Representational State Transfer-based (REST-based) service that provides identity management and access control capabilities for cloud applications. It is the identity service that is used across Microsoft Azure, Office 365, Microsoft Dynamics CRM Online, Windows Intune, and other non-Microsoft cloud services. Microsoft Azure Active Directory (AD) also can integrate with on-premises Active Directory deployments. MCT USE ONLY. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 1-9 • Visual Studio Online. You can use Visual Studio online to create and manage team projects and code repositories. Visual Studio online enables you to write and deploy a variety of different types of apps, including those for Windows Phone and Windows Store, desktop apps, web apps, and web services. • CDN. The Azure Content Delivery Network (CDN) allows developers to deliver high-bandwidth content by caching blobs and static content of compute instances at physical nodes throughout the world. • Scheduler. This provides a mechanism to schedule jobs within Azure. • BizTalk service. This service provides supporting tools that allow developers to build solutions that connect services and systems with disparate data formats and protocols. Network Services • Microsoft Azure Virtual Network. You can use the Microsoft Azure Virtual Network (Virtual Network) to create a logically isolated section in Microsoft Azure, and then connect it securely either to your on-premises datacenter or to a single client machine, by using an IPsec connection. Note: The next topic discusses Virtual Network in more depth. • Microsoft Azure Traffic Manager. You can use Microsoft Azure Traffic Manager (Traffic Manager) to load-balance inbound traffic across multiple Azure services. This helps ensure the performance, availability, and resiliency of applications. Note: Azure is continually being improved and enhanced, and new services are added on a regular basis. Additional Reading: For a full list of services currently available in Azure, go to the Microsoft Azure website at http://go.microsoft.com/fwlink/?LinkID=517413. Lesson 3 Managing Azure Azure provides web-based portals in which you can provision and manage your organization’s Azure subscriptions and services. These portals provide the initial environment in which you will work with Azure, and it is important to know how to navigate and use the portals to manage Azure services. Lesson Objectives After completing this lesson, you will be able to: • Explain how to use the Azure management portal. • Explain how to use the preview Azure portal. • Use the new Azure management portal preview. • Describe the available client-based Azure management tools. The Azure Portal The existing Azure management portal is the primary user interface for provisioning and managing Azure services. It is implemented as a web application, and it requires that you sign in using a Microsoft account or an organizational account that is associated with one or more Azure subscriptions. Additional Reading: To sign in to the Azure management portal, go to http://go.microsoft.com/fwlink/?LinkID=517414. MCT USE ONLY. STUDENT USE PROHIBITED 1-10 Getting Started with Microsoft Azure The Azure management portal consists of a page for each Azure service. It also includes an All Items page in which you can view all provisioned services in your subscriptions, and a Settings page in which you can configure subscription-wide settings. Provisioning Services You can provision a new instance of a service by clicking the New button on any page. Most services provide a dialog box in which you can enter the user-definable settings for the service before creating it. Service provisioning is performed asynchronously, and an indicator at the bottom of the page shows current activity. You can expand this indicator to show a list of completed and in-process tasks. Managing Services Your provisioned services are listed on the All Items page and on each service-specific page. The list shows the name, status, and service-specific settings for each service. You can click a service name in the list to view the dashboard for that service instance, where multiple tabbed sub-pages enable you to view and configure service-specific settings. In most cases, you make changes to a service by using the dynamic toolbar of context-specific icons at the bottom of the sub-page. MCT USE ONLY. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 1-11 Adding Co-Administrators When you provision an Azure subscription, you are automatically designated as the administrator for that subscription, and you can manage all services and settings for the subscription. You can add coAdministrators in the Settings tab of the management portal by specifying the email address of each user to whom you want to grant administrative privileges. Note: The email account is the Microsoft account assigned to the user. The Preview Azure Portal Although the existing Azure management portal still provides the primary user interface for managing Azure services, a new version of the portal is available in preview form. The Preview Azure portal represents a significant change in the way that developer and operations (dev/ops) tasks are performed in Azure. Additional Reading: To view the preview Azure portal, go to http://go.microsoft.com/fwlink/?LinkID=517415. Note: You can accomplish most tasks in both the current portal and the Preview (new) portal. However, the Preview portal does not include certain tasks, and you must perform these in the existing portal. In addition, some new preview features are only available in the Preview portal. Portal Elements and Concepts The Preview portal contains the following user interface (UI) elements: • Startboard. The home page for your Azure environment, conceptually similar to the Start screen in Windows. You can pin commonly used items to the Startboard to make it easier to navigate to them. By default, the Startboard includes tiles that show global Azure service health, a shortcut to the Azure gallery of available services, and a summary of billing information for your subscriptions. • Blades. Panes in which you can view and configure details of a selected item. Each blade is displayed as a pane in the user interface, and it often contains a list of services or other items that you can click to open another blade. In this way, you can navigate through several blades to view details of a specific item in your Azure environment. These navigations through blades are referred to as journeys. You can maximize and minimize some blades to optimize screen real estate and simplify navigation. • Hub Menu. A bar on the left side of the page, which contains the following icons: o Home. Returns the page to the left so that the Hub Menu and Startboard are visible. o Notifications. Opens a blade on which you can view notifications about the status of tasks. o Browse. Starts a journey to view details of a service in your Azure environment. o Journeys. Lists recent blades that you have viewed, enabling you to quickly navigate back to them. Then click ALL ITEMS and note that the storage account is listed on this page. Start Internet Explorer. Then. 3. Enables you to create a new service in your Azure environment. at the bottom of this pane. and sign in using the Microsoft account that is associated with your Azure subscription. Then view each of the tabs for the storage account. enter the following details. on the SUBSCRIPTIONS tab. At the bottom of the page. 5. Click the Back icon on the left to return to the storage page. click QUICK CREATE. in the panel that appears. and at the bottom of the page. 8. note the getting started information.com. Provides details of charges and remaining credit for your subscriptions. Billing is also available on a resource group basis. Demonstration Steps Use the Azure Management Portal 1. you will see how to: • Use the Azure management portal. click Portal. click the ADMINISTRATORS tab and verify that your Microsoft account is listed as the service administrator. note the details of your subscription. Conversely. STUDENT USE PROHIBITED 1-12 Getting Started with Microsoft Azure You can switch to the Preview portal from the existing portal by clicking your account name and then clicking Switch to new portal. Then. 9. 4. which is animated to show that an action is in progress. Demonstration: Navigating the Portals In this demonstration. and then click the AFFINITY GROUPS tab and note that this is where you can add affinity groups to your subscription.microsoft. to switch to the existing portal from the Preview portal. On the storage page. On the page for your storage account.o Billing. In the services pane on the left. browse to http://azure. 7. click SETTINGS (you may need to use the scroll bar for the pane). On the left side of the page. 2. and click CREATE STORAGE ACCOUNT: o URL: Enter a unique valid value o LOCATION / AFFINITY GROUP: Select the location that is closest to your geographic location o REPLICATION: Locally Redundant 6. • Use the Preview Azure portal. . wait for your storage account status to become Online. o New. On the settings page. click NEW. Ensure that you are signed in to your local host. note the Active Progress indicator. Then click the name of your storage account. click STORAGE. click the Azure Portal tile in the Startboard. noting that the context-aware tool bar at the bottom of the page changes to reflect the current tab. note the pane that contains icons for each service. MCT USE ONLY. Note that the currently open blades are replaced with a new blade that shows your storage accounts. and refresh the page. noting that it has been automatically assigned to a resource group named Default-Storage-SelectedRegion. note the information about the new website. and in the New pane. and then on the Hub Menu. Review the status of the storage service in your selected region. 3. 9. and then select the location nearest to you. 4. Note that the page scrolls to view the Startboard. click the Pin blade to Startboard icon and note that a tile for this blade is added to the Startboard. and in the resulting Service health blade. 6. enter the name Demo-Web-App and click OK. click your storage account. switch to the tab containing the full Azure portal. and then click Switch to new portal. 7. but the blades that you opened remain open. o Add to Startboard: Selected 11. Then on the Create resource group blade. 10. Wait for the website to be created. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 1-13 Use the Preview Azure Portal 1. click BROWSE. At the top of the blade for your storage account. and then click Storage. On the Storage blade. click JOURNEYS. note the status for each region. and then click Create a new resource group. note the status for the individual Azure services. . click NEW. When the new portal is loaded. In Internet Explorer. click HOME. click your Microsoft account name. valid URL o WEB HOSTING PLAN: Use the default plan o RESOURCE GROUP: Click the default resource group name. On the Hub Menu. and click Create: o URL: Enter a unique. click Service health. This opens a new tab in Internet Explorer. 5. On the Storage blade. 8. noting the service health of the Azure datacenters and the billing status for your subscription. At the top right of the Microsoft Azure management portal. click Get started. Then in the Website blade. and then in the blade for the website (which opens automatically after the website is created). 12. and in the list of journeys. and then click the region in which you previously created a storage account. view the details of your storage account. o SUBSCRIPTION: Your subscription o LOCATION: Click the default location. Click the Service health tile.MCT USE ONLY. enter the following settings. 2. Then close the Journeys pane and note that the blades you opened to check the status of the storage service in your selected region are reopened. In the Hub Menu. view the tiles in the Startboard. Note: If the Welcome to Microsoft Azure dialog box appears. Note that the website you created in the new portal is listed in the all items page. On the Hub Menu. and then click Storage. click Website. and on the blade that is opened. However. Additional Reading: The Azure Tools are part of the Azure SDK for . SQL Server Management Studio You can use SQL Server Management Studio to connect to an Azure SQL Database Server and manage it in a way similar to how you manage SQL Server instances. Examples include the development of Azure cloud and mobile services. by importing modules of encapsulated code called cmdlets. and in many cases. Windows PowerShell Windows PowerShell provides a scripting platform for managing Windows. Azure PowerShell is the primary PowerShell library for managing Azure services. these are the primary management tools for service provisioning and operations.NET web applications.microsoft. .com/fwlink/?LinkID=517416. Azure Tools for Visual Studio MCT USE ONLY. it is common to want to automate Dev/Ops tasks by creating re-usable scripts. The ability to manage SQL Server instances and SQL Database servers by using the same tool is useful in hybrid IT environments. which you can download from Microsoft Azure Downloads: http://go. including Azure. so you must perform most tasks by executing Transact-SQL statements. You can use Visual Studio.Client Tools The Azure portals provide a graphical user interface for managing your Azure subscriptions and services. You can extend this platform to a wide range of other infrastructure elements.NET. and Windows PowerShell to manage some aspects of your Azure subscription and services.microsoft. Additional Reading: You can find a link to the latest version of Azure PowerShell at http://go. STUDENT USE PROHIBITED 1-14 Getting Started with Microsoft Azure Developers can use Azure Tools for Visual Studio to develop Azure projects.com/fwlink/?LinkID=517416. and ASP. Developers can use the tools to run and debug projects locally before they publish them to Azure. many of the graphical designers in SQL Server Management Studio are not compatible with SQL Database. and you can install it by using the Microsoft Web Platform Installer. However. or to combine management of Azure resources with management of other network and infrastructure services. Note: You also can use the SQLCMD command-line tool to connect to Azure SQL Database servers and execute Transact-SQL commands. SQL Server Management Studio. MCT USE ONLY. and the Web Platform Installer checks for this during installation. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 1-15 Azure PowerShell includes the following modules: • Azure. you will need only the Azure PowerShell library. A set of cmdlets for managing authentication and execution context. and other aspects of the directory from Windows PowerShell. In many cases. A core set of cmdlets for managing Azure services. A set of cmdlets for managing resource groups. you must install the Microsoft Online Services Single Sign-In Assistant.NET Framework 4. • AzureProfile. The Azure PowerShell module has a dependency on the Microsoft . . Note: If you plan to implement Active Directory (AD) in Azure. you can install the Azure AD PowerShell library to manage users. • AzureResourceManager. groups.5. Before you can install the Azure AD module. and to whom it is reported. explains how to manage subscription features. and administrative roles in Azure. STUDENT USE PROHIBITED 1-16 Getting Started with Microsoft Azure . change billing for a subscription. or change Service Administrator. A subscription helps you control how your resource usage is reported. There is one account administrator for each Azure account. billed. including the billing for it. or other factor. Lesson Objectives After completing this lesson. among other tasks. Administrative Roles There are three Azure administrative roles. MCT USE ONLY. Note: The Account Administrator for a subscription is the only person who has access to the Account Center.Lesson 4 Subscription Management and Billing It is important that you understand how to manage your subscription. and provides an overview of subscription billing. It is important to understand the difference between accounts. This enables the account administrator to create subscriptions. • Understand current Azure subscription pricing. and Administrative Roles Your Azure subscription is related to your Azure account and administrative roles. Each of your subscriptions can have a different billing and payment setup. • Manage an Azure subscription. regional office. • Explain the Azure pricing calculator. and the subscription ID is often required for some operations. project. you will be able to: • Describe the available Azure subscriptions. The account administrator is allowed to access the Account Center. Subscriptions. These are: • Account administrator. Accounts. • Use the Azure billing workspace. This lesson describes the various Azure subscription options. Every cloud service belongs to a subscription. They do not have any other access to services in that subscription. This enables you to have different subscriptions and different plans by department. A subscription enables you to organize your access to your cloud services and resources. Accounts and Subscriptions An Azure account determines how your Azure usage is reported. cancel subscriptions. subscriptions. • Navigate the Azure billing workspace. and paid for. Demonstration Steps 1. 2.com. You only pay for the services you use. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 1-17 Additional Reading: You can access the Azure Account Center from the Microsoft website: http://go. there are three pricing options. At the bottom of the screen. Demonstration: Managing a Subscription In this demonstration.MCT USE ONLY. storage. in the Microsoft Azure management portal. Choose this option if you want a flexible pricing plan. and Active Directory. In Internet Explorer. The service administrator is able to access the Azure Management Portal for all subscriptions in the account.com/fwlink/?LinkID=517418. you will see how to manage Azure subscriptions. By default. including limits on cloud services and virtual machines.microsoft. You may cancel this subscription at any time. click SETTINGS. 4. Azure Pricing At the time of writing.microsoft. • Service administrator. Additional Reading: For further information about this plan. click ADD. You can have up to 200 co-administrators for each Azure subscription. type User1@Contoso. It is important to note that usage quotas apply to this plan. 3. . but it cannot change the association of subscriptions to Azure directories. You can only make payments by using credit or debit cards. the user account associated with this role is the same as the Account Administrator when your subscription is created. In the settings pane. There is one service administrator for each Azure subscription. including usage quotas.com/fwlink/?LinkID=517417. visit the Azure website: http://go. This role has the same functions as the Service Administrator. Select the check box next to your subscription in the SUBSCRIPTION list below. 5. These are: • Pay-as-you-go. in the EMAIL ADDRESS box. and then click OK (the check box). in the navigation pane. In the Specify a co-administrator for subscriptions dialog box. • Co-administrator. click the ADMINISTRATORS tab. To work with the same resellers from whom you currently purchase Microsoft software under the Open Volume License Program. the Microsoft Partner network. Microsoft also provides a number of benefits to members of specific programs.com/fwlink/?LinkID=517421. such as MSDN. This can make it easier to accommodate unplanned growth. based on their services usage. You must purchase Azure in Open credits from your vendor. Additional Reading: For more information about licensing Azure in the Enterprise. Additional Reading: The Azure pricing website can be accessed at: http://go. • Partner.microsoft. you can use the Microsoft Azure pricing calculator. • BizSpark. Within the calculator are nodes for determining the cost of the various Azure services. Pricing Calculator When you plan the cost of your Azure subscription. Customers who select this option can use the Enterprise Portal to administer their subscription. cannot be procured using Azure in Open.microsoft. Services that are not eligible for use with monetary commitments. Partners receive monthly credits toward their Azure subscription and receive access to resources to help expand their cloud practice. This option is best suited to large organizations that sign an Enterprise Agreement (EA) and make an upfront commitment to purchase Azure services. STUDENT USE PROHIBITED 1-18 Getting Started with Microsoft Azure Enterprise agreements.• Buy from a Microsoft Reseller. Additional Reading: For further information about this plan.microsoft. visit the Azure website: http://go. You can apply Azure in Open Licensing credits towards any Azure Service that is eligible for monetary commitments.com/fwlink/?LinkID=517419. and BizSpark: • MSDN. visit the Microsoft Azure website: http://go. These are: • Websites • Virtual machines • Mobile services . Members receive monthly credits toward their Azure subscription. when purchased online.com/fwlink/?LinkID=517422. Additional Reading: For more information about members’ benefits.com/fwlink/?LinkID=517420. You can then activate your subscription using those credits. such as Azure Rights Management Services and Azure Active Directory Premium. Customers are also billed annually. Members receive monthly credits toward their Azure subscription.microsoft. you can select this option. • MCT USE ONLY. visit the Azure website: http://go. bandwidth. • Download usage details. SQL Server. backup size. you can view the following information: • Subscription status. . You can then choose the appropriate level for import and export. machine learning. You can configure the following parameters for each of the nodes: • Websites. and then adjust the parameters of the service that you require. virtual machines. cache options.com/fwlink/?LinkID=517423. and the support options. and then configure the size. • Edit subscription details. and then configure the required sites. and support options to determine the cost. and support options. go to http://go. Select between Free. You can download your usage history into a CSV file. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 1-19 • Cloud services • Data management Additional Reading: To view the pricing calculator. SQL database number and sizing.MCT USE ONLY. Zone redundant. You can also use the full calculator node for more complex Azure subscriptions. We recommend that you do this. • Cloud services. Choose the size of your Web and Worker role instances. bandwidth. SQL database size. • Mobile services. and then select the appropriate SQL Server database size. bandwidth. and a summary of billing information. and Standard models. Linux. and Standard mobile services. on the OVERVIEW tab. bandwidth. To calculate your Azure subscription cost. the notification hubs. you can proceed to purchase and provision the subscription. Geo redundant. site recovery options. Shows the current credit remaining. The calculator will then determine the likely cost.microsoft. Once you have selected and configured your Azure subscription services. the appropriate bandwidth. Selecting this option moves the focus to the BILLING HISTORY tab. Shared. select the appropriate node. Basic. • Data management. Select between Locally redundant. BizTalk Server. and Readaccess Geo redundant options. and Oracle Software virtual machine types. and support options to determine the expected cost. Select between Windows. This node enables you to select individual services and their configuration options from across all available Azure services. Enables you to change your preferred payment method for the selected subscription. • Change payment method. Choose between Free. Billing Workspace You can view and manage the charges for your Azure subscription from either the portal or the Preview portal. • Virtual machines. From within the portal. Enables you to change the subscription name and associated service administrator email account name. and support. It also provides links to additional information. 6. At the top right of the Microsoft Azure management portal. 3. On the subscriptions page. Demonstration: Using the Billing Workspace In this demonstration. and then click Switch to new portal. click BILLING. 5. Enables you to cancel your subscription. To access the billing workspace from the Preview portal. If prompted. STUDENT USE PROHIBITED 1-20 Getting Started with Microsoft Azure 1.microsoft. This opens a new tab in Internet Explorer. Additional Reading: For further information on interpreting your Azure bill. click BILLING in the navigation pane. click View my bill. If you receive an error. Then review the summary of usage and billing that is displayed. . you will see how to manage Azure billing. at the top right of the Microsoft Azure management portal. In Internet Explorer. Demonstration Steps MCT USE ONLY. click your subscription name. This opens a new tab in Internet Explorer. and then select your subscription. click your subscription. Note: You access the billing workspace from the main Azure portal. You can change the subscription billing address. try this step again.com/fwlink/?LinkID=517424. A summary screen appears. In the navigation pane. Close Internet Explorer. Click your account name in the Azure portal window.• Change subscription address. • Cancel subscription. and then click View my bill. 4. click your Microsoft account name. 2. click your Microsoft account name. visit the Azure website: http://go. sign in using the Microsoft account credentials associated with your Azure subscription. In the Billing list. You can use the BILLING HISTORY tab to review previous usage and view your current status. Exercise 1: Add a Co-Administrator Scenario You will begin by adding a new co-administrator to your subscription.com. Connect to the Azure Portal. • Display billing data for your Azure subscription. browse to http://azure. 2. Estimated Time: 20 minutes Sign in to your classroom computer by using the credentials your instructor provides. and sign in using the Microsoft account that is associated with your Azure subscription. Results: After you complete this exercise.microsoft. you have decided to familiarize yourself with the Azure Portal. and then select SUBSCRIPTIONS. Add a co-administrator with the following email address: admin@contoso. In the Azure portal. you will be able to: • Add a co-administrator to your Azure subscription. you should have successfully added a co-administrator to your Azure subscription. The main tasks for this exercise are as follows: 1.  Task 2: Add a co-administrator 1. Switch to Internet Explorer. 2.  Task 1: Connect to the Azure Portal 1. 2. Add a co-administrator.com. If necessary. select SETTINGS. 3. Sign in to your computer. start Internet Explorer. . STUDENT USE PROHIBITED Microsoft Azure Fundamentals 1-21 Lab: Use the Microsoft Azure Portal Scenario To start investigating the use of Microsoft Azure to provide cloud-based services. Objectives After completing this lab.MCT USE ONLY. click Portal. View billing period. click your subscription. 2. sign in with the Microsoft account associated with your subscription. Download the usage details for your subscription. Results: After you complete this exercise. On the subscriptions page.  Task 2: View billing period 1. Then review the summary of usage and billing that is displayed. The main tasks for this exercise are as follows: 1. click your Microsoft account name. View subscription usage. . 3. and then click View my bill. STUDENT USE PROHIBITED 1-22 Getting Started with Microsoft Azure 1. 3. Close the current Internet Explorer tab. 2.  Task 1: View subscription usage MCT USE ONLY. at the top right of the Microsoft Azure management portal. If necessary.Exercise 2: View Billing Data Scenario You will now view associated billing information for your subscription. In Internet Explorer. Once you have reviewed the CSV file. close it. you should have successfully viewed your Azure subscription billing data. 2. MCT USE ONLY. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 1-23 Module Review and Takeaways Review Questions Question: What are the three categories of cloud services? Question: What are the four Microsoft Azure service categories? . STUDENT USE PROHIBITED .MCT USE ONLY. including WordPress. Cloud services use a modular architecture that enables you to scale your application to the largest desired sizes while possibly minimizing costs. you will be able to: • Create and configure websites using the Azure portal. To host applications in Azure. you can choose from a wide range of common web apps.MCT USE ONLY. • Deploy and monitor websites on Azure. Alternatively. Objectives After completing this module. Cloud services provide a platform that can host web apps and web services. and Umbraco. . • Create and deploy cloud services on Azure. STUDENT USE PROHIBITED 2-1 Module 2 Websites and Cloud Services Contents: Module Overview 2-1 Lesson 1: Create and Configure Websites 2-2 Lesson 2: Deploy and Monitor Websites 2-8 Lesson 3: Create and Deploy Cloud Services 2-13 Lab: Websites and Cloud Services 2-21 Module Review and Takeaways 2-25 Module Overview Microsoft Azure provides a specialized website service that you can use to host any website without having to configure a virtual machine or associated platform software. This module describes the Azure Websites service and Azure Cloud Services. you can upload a custom web app from Visual Studio 2013 or another web developer tool. you can use Platform as a service (PaaS) as an execution model. Drupal. If you create an Azure website. or Azure Cloud Services. • Create and configure a website. consider the level of control and scaling flexibility you seek. you have maximum control over the operating system and supporting software. Comparing Azure Websites. except that the servers are at Azure datacenters and not on-premises. Webjobs enables you to schedule regular jobs and batch jobs easily. you must invest the time to update and maintain the infrastructure you create. This approach is therefore commonly used to migrate an on-premises web app into Azure with as little modification as possible. If you choose to host a web app in virtual machines. and the languages and frameworks that you want to use. . you must provision new virtual machines to host the new instances of the application. • Explain how to create a website using the Azure portal. you will learn about Azure Websites and how this differs from PaaS cloud services and web apps hosted on Azure Virtual Machines. you will be able to: • Describe Azure Websites. Note: Azure Websites also supports Azure Webjobs. Lesson Objectives After completing this lesson. Azure Websites Instead of using Virtual Machines.Lesson 1 Create and Configure Websites MCT USE ONLY. such as Internet Information Services (IIS) or the Apache HTTP Server. deploy. and scale enterprise-grade web apps. and compare it with Azure Virtual Machines and Azure Cloud Services. you could install a specific version of PHP on Apache. To select the option that best suits your needs. If you want to scale out the application. However. You can host supporting servers. This scenario is very much like running a traditional web farm to host your web app. When necessary. Azure Websites. and Azure Cloud Services If you want to host a web app in Azure. Virtual Machines Because a virtual machine in Azure can include a web server. For example. you can use them to host web apps. Azure Websites is a fully managed PaaS cloud service that enables you to quickly build. in the same Infrastructure as a service (IaaS) cloud service. You also will learn how to create and configure Azure Websites. STUDENT USE PROHIBITED 2-2 Websites and Cloud Services In this lesson. • Explain how to configure and scale a website using the Azure portal. you can choose to use Azure Virtual Machines. Azure Virtual Machines. such as SQL Servers or host databases on other virtual machines. alternatively. you can scale out the web app by using load balancing. you can choose to host your web app in the Azure Websites service. js. you can scale out by installing a website in multiple instances. Cloud Services You also can choose to build a web app as an Azure PaaS cloud service. However. Shared (Preview). and Standard. Note: The last lesson of this module discusses Azure Cloud Services. Alternatively. Word Press. go to http://go. you can select among three options to create your website: • Quick Create. you can only scale the website as a single component. and by using Azure load balancing or Azure Traffic Manager to distribute traffic. you have a large degree of control over scalability with PaaS cloud services.com/fwlink/?LinkID=517425. Create a Website in the Portal You can create your new Azure Website in several ways. Note: This option is the one most similar to using the Preview portal to create your website. You can connect to the web servers that host your PaaS cloud service by using RDP. Each tier provides for differing numbers of websites. Because you can scale each role independently by specifying the number of role instances. and one or more worker roles. You can scale up an Azure website by changing tiers. and Python. You also cannot gain Remote Desktop Protocol (RDP) access to the web server. and meets many other performance-affecting criteria. Additional Reading: To learn more about the four tiers.MCT USE ONLY. Scaling up increases the traffic a single instance of the site can service. Node. supports different storage capacities.com/fwlink/?LinkID=517426. which run background tasks. Basic. This option enables you to configure the website options manually during creation. go to the Microsoft Azure Websites Pricing Details webpage: http://go. If you are using the portal. After you create a new Azure website. If you use the Preview portal. including Drupal. You can build custom web apps to host in Azure Websites by using ASP. You can use Azure SQL Database or SQL Server on a virtual machine to host an underlying database.NET. which includes the application’s user interface.microsoft. You can use either of the Azure portals to complete the task by using a graphical wizard. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 2-3 Additional Reading: To read more about Webjobs.microsoft. . you can either upload a custom web app or choose from a wide range of popular general purpose web apps. A PaaS cloud service consists of at least one web role. PHP. and others. Note: Azure Websites is offered in four tiers: Free. Umbraco. you must configure the options to create your website manually. but multiple regions provide for greater flexibility. such as WordPress. Note: The Region field is referred to as Location in the Preview portal. which you then can customize within the selected framework. requests. If you have an existing web hosting plan. select the appropriate website. you can choose to create a new web hosting plan. such as GitHub or Microsoft Team Foundation Server. you can deploy sites in regions that are closest to the users of that site. From the initial view. • WebJobs. you can configure and scale it by using either portal. STUDENT USE PROHIBITED 2-4 Websites and Cloud Services • Custom Create. because you can quickly create your new website. These options are: • URL. click WEB SITES. Alternatively. depending upon the portal you use.MCT USE ONLY. • Web hosting plan. Note: You can use WebJobs to script programs to run on your website. Configure and Scale a Website in the Portal Once you have created your Azure Website. • Region. you can select it. . you can see a summary of usage. For example. Displays a summary of activity and options. If you plan to migrate an existing site. and errors. In the results pane. When you deploy your website to any one region. You then can select the appropriate tab to configure and manage the website: • Dashboard. The exact procedure varies. this option enables you to create or associate a SQL database or MySQL database. You must specify a unique name. Provides more detailed statistics about website usage. This is helpful. Note: In the Preview portal. Azure has multiple global regions. • Monitor. you must configure a number of options during creation. • From Gallery. This option enables you to create a new website with one of several frameworks. Creation Options Irrespective of the option you choose to create the website. you can select from predefined hosting plans within the UI. Using the Portal From within the portal. on the navigation bar on the left. it is accessible globally on the Internet. Custom Create also provides you with the ability to specify multiple source control options for your website deployment. This is the URL by which your website is known and accessed. Enables you to view and configure WebJobs. MCT USE ONLY. Python version. o Certificates. platform. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 2-5 • Configure.  Medium. This option enables you to define the instance count and size. Each of the plan modes supports a different set of features and capabilities. If you want to use Contoso. Azure initially assigns one with the suffix azurewebsites. the URL would be Contoso. o Site diagnostics. Basic. and Standard hosting plan modes. you can configure that with the domain names option. PHP version. Plans in the Free and Shared modes run on a shared infrastructure with sites other customers create. web sockets. Note: Some of these options only become available with certain scaling options. including: o Web hosting plan mode.htm. Enables you to define virtual directories and their relative paths within your website. Java version.azurewebsites. o SSL bindings. Options available depend upon the selected web hosting plan mode.NET Framework version. • Scale.5 GB memory. Enables you to configure options for your website. This option allows you to choose between the Free. and always on. Supports two cores and 3. o Domain names. Default. Shared.75 gigabytes (GB) of memory.net. You can configure a number of website options to scale your website. . Plans in the Free and Shared modes support limited capacity tuning.net. or tier. managed pipeline mode. Enables you to configure and manage certificates used for SSL encryption. For example. The Basic mode enables you to choose between three instance sizes:  Small. and have fewer restrictions. Plans in the Basic and Standard modes run on resources that are dedicated to your sites. Enables you to configure how you use SSL with your domain names.com.html and Index. if you used the name Contoso. o Capacity. This includes the . Scaling your Azure websites involves two actions: o Changing your Web Hosting Plan mode to a higher level of service. You can enable and configure options for application logging. These sites will have strict quotas for resource utilization.  Large. including: o General. Specifies which default documents are used on your website. o Default documents. You can enable and configure options for web server logging. o Application diagnostics. Supports a single core with 1. o Virtual applications and directories. You can assign your own custom website domain name. Supports four cores and 7 GB memory. o Configuring certain settings after you have switched to the higher level of service. For example. Note: The website creation process can take several minutes. If you choose CPU. On the toolbar. Demonstration Steps Create a new website in Azure by using the Preview portal 1. 3. click BROWSE. and usage data. Specify a location near you. type Contoso####. You can configure an automated backup and an associated schedule. Connect to the portal. You can only back up the website in the standard web hosting plan. • Linked Resources. where #### is a unique number. Demonstration: Creating and Configuring a Website In this demonstration. You can change and then reset the publish profile. you will see how to: • Create a new website in Azure by using the preview portal. Add a new website. Start Internet Explorer.microsoft. You can choose between several pricing tiers to select the plan that best suits your requirements. Type a valid unique website name. you can view summary. you can configure: MCT USE ONLY. 4. From within the Preview portal. 6. a green smiley face is displayed. you must configure the thresholds for automatic scaling to occur and the number of resultant instances. . For example. Select the appropriate website from the returned list in the Websites blade on the right. You can use this option to link resources such as databases and storage to your website.The Standard mode enables you to choose between the same instance sized as basic.com. 5. • View scaling and configuration options in the portal. • Backups. 2. Note: If the name is valid and unique. and then click Websites. Using the Preview Portal The procedure and options available for configuring your website from the Preview portal are different. and browse to http://azure. and sign in using the Microsoft account that is associated with your Azure subscription.  The instance count. and change the web hosting plan. Note: You can also create a new web hosting plan. monitoring. but additionally. • Browse the new website from the Preview portal. from the navigation bar on the left. STUDENT USE PROHIBITED 2-6 Websites and Cloud Services  A schedule for scaling. Switch to new portal. In the blade for the selected website. click More. get the publish profile.  The scaling metric (none or CPU). View scaling and configuration options in the portal 1. Click DISCARD. keeping the portal tab open. refresh the webpage. Leave the portal open. 6. adjacent to SCALE BY METRIC. Select WEB SITES. 5. Internet Explorer shows the default webpage. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 2-7 Browse the new website from the Preview portal 1. 7 GB memory). Scroll through the available options on the CONFIGURE tab. Scroll through the available options on the SCALE tab. 2. When the website creation is complete. click STANDARD. click Browse. In the INSTANCE SIZE list. click your new website. click CPU. 3. and in the web sites pane. . 4. 9. in the website blade. 8. 10. Close the Internet Explorer tab. Under capacity.MCT USE ONLY. Under web hosting plan mode. 7. Click the DASHBOARD tab. click Large (4 cores. and then close the tab containing the new portal. 2. In the Portal. com/fwlink/?LinkID=517427. including: o Visual Basic o Visual C# o Visual C++ o Visual F# o JavaScript Additional Reading: Visual Studio 2013 is available in several different editions. There are several ways that you can create and publish website content. You also must create and publish website content to your Azure website. For more information about these editions. • Explain how to publish an Azure website by using Visual Studio. including those for Windows Phone and Windows Store. you then can create and publish the content that you want to make available in the new website. • Explain the process of deploying an Azure website.Lesson 2 Deploy and Monitor Websites MCT USE ONLY. • Describe how to monitor websites in Microsoft Azure. STUDENT USE PROHIBITED 2-8 Websites and Cloud Services Once you have created your Azure Website. You can write the code using a number of programming languages. You have several options for creating and publishing content to an Azure Website. These include the following: • Microsoft Visual Studio 2013.microsoft. desktop apps. This lesson describes the processes for creating. . and deploying website content to Azure websites. you must deploy the website to make it available to your users. you will be able to: • Describe the available options for creating Azure website content. publishing. You can use Visual Studio 2013 to write and deploy a variety of different types of apps. and web services. web apps. It also describes the options that you can use to monitor those websites. Options for Creating and Publishing Website Content Using the Azure portal to create a website is the start of the process for making the website available and useful for its users. Lesson Objectives After completing this lesson. After you have created and published the website content. go to the Compare Visual Studio Offerings website: http://go. including: o Empty site o Starter site o Bakery o Photo gallery o Personal site Once you have created the website using WebMatrix. including templates that are focused on particular businesses. including Gallery Server Pro o Tools. It enables you to create. You can use the Gallery to create and publish your website content when you create your Azure website. • The Azure website gallery. like BugNET. and Orchard CMS o Forums. such as phpBB and MonoX o Galleries. To do this.com/fwlink/?LinkID=517428. It supports a range of programming languages and provides a simple interface for website deployment. and then sign into Azure with your subscription account. Once you select the appropriate template. you can easily publish it to your production Azure website. There is. a coffee shop website template. OpenX. including: o App frameworks. CakePHP. You can then click the option New. a bakery template. You then can select from a range of templates that best suit the purpose of your website. start WebMatrix. WordPress. You can select from templates are provided in a number of categories. for example. . A variety of templates is provided. and templates for personal websites and photo galleries. Azure presents you with a wizard interface to complete the creation process. such as Bottle. This tool is available for download from within the Azure portal.microsoft. To create a website using WebMatrix. including Ghost. You can also select from many other website templates. click the FROM GALLERY option.MCT USE ONLY. and maintain your Azure websites. and Django o Blogs. and use a range of templates to create and deploy your website. publish. Additional Reading: You can find more information about WebMatrix from the WebMatrix website: http://go. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 2-9 • Microsoft WebMatrix. when you initially create your website in the Azure portal. and Open Web Analytics. Note: You can also choose to install an appropriate edition of Visual Studio 2013 manually. it will automatically install Microsoft Visual Studio 2013 Express for Web edition. such as: o  No authentication  Individual user accounts  Organizational accounts  Windows Authentication Host in the cloud/Create remote resources. and database options. • Create your app. depending upon the edition of Visual Studio. you can publish it to Azure by using the Publish Web Wizard. After you have published your website app. launch Visual Studio and choose to create a New Project. You can then select the type of app that you wish to use on your website. Visual Studio can create your website when you publish it. • MCT USE ONLY. you must firstly install the Azure SDK. and the destination URL. and then publish those changes to the production environment.NET Framework version o Authentication options. This option varies. but might include: o . To use Visual Studio to publish your website content.NET web app. The subsequent options that you must configure vary depending upon the type of app you initially select. . Note: It is not necessary for you to create your website within the Azure portal before you create the app. you must define the site name. After you have created your app. you can publish to an existing website. an ASP. You can use this option to create the website during the publish process. To create the app. Note: You can use the Preview option to view your website app before you actually publish the app. You can use Visual Studio to make any required changes to the website app. user credentials to authenticate with the website. You must specify the server name and port.Publish a Website from Visual Studio Using Visual Studio to publish your website involves the following high level steps: • Set up the development environment. It is enabled by default. region. If you choose to create the website during publishing. for example. STUDENT USE PROHIBITED 2-10 Websites and Cloud Services Deploy the app to Azure. which appears automatically. you will need to maintain the content. When you install the Azure SDK. Alternatively. site name. Web Deploy lets you deploy changes directly to the virtual machine that is running the web role.NET webpage: http://go. Note: It is not necessary to package and publish the entire Azure app every time you want to update your web role.com/fwlink/?LinkID=517429. Web Deploy is sometimes compared with other deployment tools.NET websites on the Get started with Azure Websites and ASP. Additional Reading: Read more about Web Deploy at http://go. Web Deploy is faster than FTP. • Convenience.MCT USE ONLY. We recommend that you use this tool to deploy web apps to Azure websites. and XCOPY.com/fwlink/?LinkID=517430. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 2-11 Additional Reading: You can read more about how to use Visual Studio to publish ASP.microsoft. Deploy a Website with Web Deploy Web Deploy is a technology with client-side and server-side components that synchronizes both content and configuration values with web servers.microsoft. . It also supports configuring permissions on files. Consequently. Web Deploy supports publishing over HTTPS. Web Deploy offers a number of benefits over these other technologies. You can use Web Deploy to: • Deploy websites from development environments to staging and production web servers. such as FTP. you can have your web role changes available in the cloud for testing without waiting to have your application published to a deployment environment. • Security. • Migrate content from one web server to another. Web Deploy integrates with Visual Studio and WebMatrix. you can use Web Deploy to publish changes for your web roles. Note: FTP is an older but widely used protocol for uploading web apps to web servers. Web Deploy can publish databases to SQL Server. When developing your Azure web app. • Integration. MySQL Server. including: • Speed. Web Deploy enables you to make these changes incrementally. RoboCopy. and other databases. After you publish your app to a deployment environment. • Http 401 errors. . if users request webpages that do not exist. Number of Http "406 Not Acceptable" messages sent. Receiving Alerts MCT USE ONLY. Number of Http "403 Forbidden" messages sent. select the appropriate website. By doing this. • Data Out. you can better plan for increasing. Number of Http "3xx Redirection" messages sent. for example. • Http Redirects. The websites also might generate errors. • Http Client Errors. you can enable and receive alerts based on the selected website monitoring metrics. Number of Http "404 Not Found" messages sent. • Http 404 errors. • Data In. You can use the Monitoring node within the Azure portal to check resource consumption. You can also choose to have an email sent when the alert is triggered. A count of client requests to the website. You can do this in the Monitoring section of the CONFIGURE page. A measure of data received by the website from clients.Monitoring Websites Running websites consume resources and incurs costs. The following list describes the metrics that you can view in the chart on the Monitor page: • CPUTime. On the SETTINGS page of the portal. or decreasing. • Requests. From within the portal. A measure of the website's CPU usage. Number of Http "2xx Success" messages sent. you then can create a rule to trigger an alert when the metric you choose reaches a value that you specify. • Http 403 errors. STUDENT USE PROHIBITED 2-12 Websites and Cloud Services In Standard website mode. A measure of data sent by the website to clients. To enable alerts. • Http 406 errors. and then click on the MONITOR tab. you must first configure a web endpoint for monitoring. Number of Http "401 Unauthorized" messages sent. • Http Server Errors. Number of Http "5xx Server Error" messages sent. Number of Http "4xx Client Error" messages sent. website usage. • Http Successes. You can use the ADD METRICS option to enable additional monitoring options. • Guest operating system. In this lesson. You will also see how to configure Cloud Services and deploy the cloud service code your developers create. Comprises application files and configuration data. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 2-13 Lesson 3 Create and Deploy Cloud Services Azure provides three execution models for applications: Virtual Machines. Websites. defined in the service configuration file. A virtual machine on which your application code and role configuration run. and cloud services. you will be able to: • Describe Microsoft Azure Cloud Services. Role instance. You can define multiple roles to distribute processing and enable flexible scaling of your application. or perpetual tasks that require no user input or interaction. The following list defines the key characteristics and components of an Azure cloud service. Apps hosted within worker roles can run asynchronous. Lesson Objectives After completing this lesson. o Worker role. This is the operating system installed on the role instances (virtual machines) on which your app code runs. the code and its configuration together constitute an Azure cloud service. long-running. you are able to deploy a multi-tier web app. • Describe how to create a cloud service in Microsoft Azure. Provides a dedicated IIS webserver that hosts front-end web apps. A cloud service can have two types of roles: o Web role. • Deploy cloud services within Microsoft Azure. . Components of a Cloud Service A cloud service consists of one or more web roles and/or worker roles. What Are Cloud Services? When you create an app and run it in Microsoft Azure. • Describe how to scale your Microsoft Azure Cloud Services. • • Cloud service role. each of which has its own application files and configuration.MCT USE ONLY. By creating a cloud service in Azure. Note: A role can have multiple instances. you will see how Azure Cloud Services differ from Azure Websites and Azure Virtual Machines. access to your cloud service is maintained at least 99.95 percent of the time. when you deploy two or more role instances for every role. To show your cloud service's dependencies on other resources. Environment in which you can test your deployment before you promote it to the production environment.net). • • Minimal versus verbose monitoring: o Minimal monitoring uses performance counters gathered from the host operating systems for role instances (virtual machines). The .csdef file. • Azure Service Level Agreement (SLA). This file. myservice. such as an Azure SQL Database instance. o Verbose monitoring collects extra metrics from performance data in the role instances. Conversely. STUDENT USE PROHIBITED 2-14 Websites and Cloud Services Deployment environments.net).cloudapp. defines the service model. The production environment URL is based on the domain name system (DNS) prefix assigned to your cloud service (for example. o Service configuration file. your cloud service's GUID identifies it in URLs (GUID. • Link a resource. o A production environment.cscfg file provides configuration settings for your cloud service and individual roles. In this environment. This is enabled by default for a cloud service. To promote a deployment in the staging environment to the production environment. You can scale out a cloud service out by increasing the number of role instances (virtual machines) deployed for a role. you can swap the deployments. The . you can scale in a cloud service by decreasing role instances. To deploy an app as a cloud service in Microsoft Azure. This enables you to perform closer analysis of activities and problems that occur during app processing.cloudapp. • Scale a cloud service. This guarantees that. Azure Diagnostics. Note: You must enable Azure Diagnostics for cloud service roles for verbose monitoring to be available. Enables you to collect diagnostic data from apps running in Azure.• • Cloud service components. o Service package. Note: You can maintain deployments in both staging and production. Cloud service deployment. Microsoft Azure offers two deployment environments for cloud services: o A staging environment. • MCT USE ONLY. known as a . You do this by switching the VIP addresses by which the two deployments are accessed.cspkg file contains your app code and the service definition file. This is an instance of a cloud service deployed to the Azure staging or production environment. you can link the resource to the cloud service. Note: The two environments are distinguished only by the virtual IP (VIP) addresses by which the cloud service is accessed. the following three components are necessary: o Service definition file. . Although both Azure Websites and Azure Virtual Machines enable you to create web apps on Azure.MCT USE ONLY. However. Additional Reading: For a more detailed comparison of these components. Note: You still define the size of those virtual machines. With Azure Virtual Machines. All you must do is deploy your application. for example. the main advantage of Azure Cloud Services is its ability to support more complex multi-tier architectures. and Virtual Machines comparison webpage: http://go. visit the Azure Web Sites. With Cloud Services. Cloud Services. . first you create and configure your application’s environment. are performed without any interruption in service. two web role instances and three worker role instances. • Updates the operating systems. Note: If you define at least two instances of every role. If the load on your application reduces. you can request more virtual machines.microsoft.com/fwlink/?LinkID=517431. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 2-15 Cloud Services vs. including your own service upgrades. The Azure platform creates those for you. you can shut down those instances. • Attempts recovery from service and hardware failures. the maintenance tasks. Azure creates those additional instances. Azure Cloud Services provide PaaS. Microsoft Azure performs the following tasks: • Performs routine maintenance. Azure maintains the underlying infrastructure. the environment already exists. Maintenance and Recovery When you choose a cloud service. you provide a configuration file that tells Azure how many virtual machines you require for your application. Load Balancing If your application begins to support a higher load. the options are the same ones offered in Azure Virtual Machines. and then you deploy your application into that environment. With Cloud Services. Cloud Services are therefore different from hosting your applications in Azure Virtual Machines. you do not explicitly create the virtual machines yourself. Azure Virtual Machines Even though your applications run in virtual machines. not IaaS. and you have not uploaded the certificate. from the Microsoft Azure Downloads webpage: http://go. Additional Reading: You can download the Azure SDK.cloudapp. click Affinity Groups. Finally.microsoft. COMPUTE. 4. 3. The URL format for production deployments is http://myURL.microsoft.com/fwlink/?LinkID=517416. and then QUICK CREATE. you can download templates that you can use to help with the creation of the deployment files. so that you can choose the option to deploy a cloud service package during creation. Enter the URL that your cloud service will use. Note: You must have already created the affinity group. Note: You can also create a cloud service by using the CUSTOM CREATE option. you must upload the certificate before you can deploy your cloud service.Create and Deploy a Cloud Service Before you can deploy your cloud service.net. Creating a Cloud Service MCT USE ONLY. and other relevant Azure tools. Note: If any roles in your cloud service require a digital certificate for data encryption using Secure Sockets Layer (SSL). and then click Create. Additional Reading: The code samples are available at the Microsoft Azure code samples webpage: http://go. use the following procedure to create a cloud service: 1.com/fwlink/?LinkID=517432. This configures the geographic region or affinity group to which you will deploy the cloud service. CLOUD SERVICE. Click NEW. Enter the Region or Affinity Group. STUDENT USE PROHIBITED 2-16 Websites and Cloud Services If you do not have significant experience working with Azure Cloud Services. To create an affinity group. You can use tools in the Azure SDK to help you to prepare these deployment files. 5. click Create Cloud Service. in the portal. open the Networks area. 2. After you have installed the Azure SDK. you must create the cloud service package and the cloud service configuration file. Connect to the Azure portal. . you can test your cloud service before you deploy it to the production environment. Browse and select the service package file (. your cloud service should be available in the either the production or staging environment. Note: Azure only guarantees 99. Click Upload. you can scale your cloud service to adjust its performance. Click Cloud Services. Connect to the Azure portal.cspkg) for the cloud service.cscfg) for the cloud service. 3. 5. Add or remove role Worker Role instances to accommodate the work load. After you perform the above steps. you can choose to manually scale your application. • Virtual Machines. Click either Production or Staging. or else you can set the appropriate parameters to have Azure automatically scale the application for you. From the Scale page of your cloud service. virtual machines are turned on or off from an availability set of previously created machines. b. • Worker Roles. and then enter the following information: a. and then select the cloud service that you want to deploy. You can scale applications that are running: • Web Roles.MCT USE ONLY. use Swap to redirect client requests to that deployment. Add or remove Web Role instances to accommodate the anticipated work load. Use the following procedure to deploy your cloud service: 1. c. you must deploy it. 2. d. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 2-17 Deploying a Cloud Service After you have successfully created your cloud service. Browse and select the service configure file (. 4. Click OK. Select the Deploy even if one or more roles contain a single instance check box if your cloud service includes any roles with only one instance. Note: When you are ready to promote your staged cloud service to the production environment.95 percent access to the cloud service during maintenance and service updates if every role has at least two instances. . Enter a Deployment Label. When you scale an application running Virtual Machines. Click Dashboard. If you choose to use the Staging environment. Scaling a Cloud Service With the Azure portal. Note: You can only increase the number of instances used if the appropriate number of cores are available to support those instances. • MCT USE ONLY. or Azure turns on or off virtual machines from an availability set. disable automatic scaling. . but you can only scale your application within the limit of cores for your subscription. If the number of messages in a queue goes above or below a specified threshold. consider the following factors: • Add virtual machines to an availability set before they are available for scaling. when you scale down. If the average percentage of CPU usage goes above or below specified thresholds. it will be challenging to apply the upgrade to all of the machines at the same time. when you must upgrade websites in this scenario. You must ensure that your application is deployed with two or more role instances or virtual machines to enable high availability for your application. Azure creates or deletes role instances. The virtual machines can be on or off when you create them. You can configure automatic scaling based on two properties: o CPU. Additionally. If necessary. Azure creates or deletes role instances. Note: All virtual machines in an availability set that are used in scaling your application must be the same size. or Virtual Machines. For example. • Deploy two or more role instances to enable high availability. and you must keep the instances of the virtual machines in sync with one another or else they will become non identical over time. Worker Roles. but de-allocated. virtual machines are turned off. you can only scale up other cloud service deployments in your subscription by 24 cores. You must do this before you can scale your application based on a message threshold. o Queue. if your subscription has a limit of 30 cores and you run an application with three medium-sized virtual machines (a total of six cores). or turns virtual machines on or off from an availability set. additional virtual machines from your availability set are turned on.Note: Scaling is not automatic. • Create a queue and associate the queue with a role or availability set. Conversely. This ensures that you do not pay for the resources that these virtual machines consume. STUDENT USE PROHIBITED 2-18 Websites and Cloud Services Core usage affects scaling. When you scale up. • Automatically scale an application running Web Roles. Scaling Your Cloud Service You can perform the following scaling actions for a cloud service: • Manually scale an application running Web Roles or Worker Roles. Note: Automatic scaling is disabled by default for all roles. Considerations for Scaling Before you scale your application. and then configure the instance count for each of the roles in your cloud service. Note: These virtual machines are not only turned off. Larger role instances use more cores. o Demonstration: Creating. and double-click AdatumAds. Day and night. Upload a new production deployment: a.microsoft. and select the CONFIGURE tab. • Configure the cloud service.Cloud. In the REGION OR AFFINITY GROUP list. type Adatum App ####. you run the risk of causing problems with the linked resource. it can be beneficial to scale any database that your application is using. 2. Select a local package file. when you scale a role. • Schedule the scaling of your application. click Portal.MCT USE ONLY. you can change the SQL Database edition and resize the database as required.cscfg. If the name is valid and unique. Typically. This enables your application to be scaled automatically at all times. In the Upload a package dialog box. Configure the cloud service 1. Demonstration Steps Create a new cloud service 1. Select a local configuration file. open Internet Explorer. and sign in using the Microsoft account that is associated with your Azure subscription. you will see how to: • Create a new cloud service. a green check mark is displayed. and double-click ServiceConfiguration. Navigate to C:\Labfiles. b. If you link the database to your cloud service. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 2-19 • Scale linked resources. This option enables you to specify scaling for specific times of the day and night. Deploying. If you do not scale linked resources. click your local region. • Scale the cloud service. Create a new cloud service using QUICK CREATE: a. Select the new cloud service. In the URL text box. type AdatumWeb####. where #### is a unique number. in the DEPLOYMENT LABEL box. and then click CREATE CLOUD SERVICE. b. type a valid unique cloud service name. and Scaling a Cloud Service In this demonstration. Navigate to C:\Labfiles. You can configure the following schedule options: No schedule. Note: Deployment begins. This could take 10 to 15 minutes. c.com. . (where #### is the same number you typed earlier). For example.cspkg. If necessary. and browse to http://azure. such as capacity in a database. o Note: No Schedule is the default option. 2. c. f. Drag the TARGET CPU slider bar so that maximum is 90. Close Internet Explorer. d. b. h. Under adatumadsworkerrole. adjacent to SCALE BY METRIC. click CPU. click CPU. adjacent to SCALE BY METRIC. g.Scale the cloud service 1. Click the MONITOR tab. 2. STUDENT USE PROHIBITED 2-20 Websites and Cloud Services . Scale the cloud service: a. Click SAVE. and review the monitor data. Drag the TARGET CPU slider bar so that the maximum is 90. Under adatumadswebrole. Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4. MCT USE ONLY. e. Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4. d. c.microsoft.com. . The main tasks for this exercise are as follows: 1. Start Internet Explorer. type AdatumBlog####. click WordPress. You also would like to test the use of Azure Cloud Services to contain virtual machines. click BLOGS. Click NEW. and browse to http://azure.MCT USE ONLY. In this exercise. In the A-Z list. b. in the URL box. • Created a cloud service. Create a blog post. and then click Next. Exercise 1: Create a WordPress Website Scenario Your users have suggested that they would like to be able to post blog articles to a corporate website. Lab Setup Estimated Time: 60 minutes Sign in to your classroom computer by using the credentials your instructor provides. you will create a website to host WordPress blogs. ensure that you have a trial Azure subscription. Note: To complete the lab in this module. on the navigation pane. In the ADD WEB APP Wizard. f. on the Find Apps for Microsoft Azure page. You have decided to host this website on Azure. In the Azure portal. the students will have: • Created a WordPress website from the Gallery. Create a website. Create a new website to host your blog: a.  Task 1: Create a website 1. Leave DATABASE and WEBSCALEGROUP configured with default values. 2. Before you start this lab. a green check mark displays. 3. On the Configure Your App page. where #### is a unique number. Install WordPress. e. and then test the website by posting articles to the site. Datum website and have decided that this would be an ideal time to test the functionality of Microsoft Azure Websites. If your URL is unique. you must have completed the labs in all preceding modules in this course. click WEBSITES. 2. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 2-21 Lab: Websites and Cloud Services Scenario You require a blog for the A. Objectives After completing this lab. click Portal. and sign in using the Microsoft account that is associated with your Azure subscription. and then click FROM GALLERY. . and then click Log In. In the websites list. type Pa$$w0rd. Click Install WordPress. i. This may take a few minutes. and then click Next. and then click Continue. STUDENT USE PROHIBITED 2-22 Websites and Cloud Services 1. Select the appropriate REGION. 2. click Not for this site.g. 3. View your new post. Internet Explorer opens a new tab and navigates to your new website. Close the current tab in Internet Explorer. and then click Complete. In the Dashboard. On the Add New Post page. type the email address associated with your Azure subscription. On the Welcome page. twice: Pa$$w0rd. Select the Remember Me check box. d. 2. type Welcome to the Adatum blog. In the REGION list. click the URL for your new website. type Welcome to the Adatum Blog. Create a new post: a.  Task 3: Create a blog post 1. in the languages list. Site Title: AdatumMyBlog#### Where #### is a unique number. you will have successfully created and configured an Azure website to support WordPress blogs. Select the I agree to ClearDB’s legal terms … check box. 4. Username: The email address associated with your Azure subscription. In the Username box.  Task 2: Install WordPress MCT USE ONLY. click Write your first blog post. c. 3. in the URL column. Note: If prompted by Internet Explorer to store the password for the website. In the Password box. In the main text box. d. j. and return to the Azure portal tab. h. on the Success webpage. click English (United States). click the appropriate region. accept the default name. in the Enter title here box. In Internet Explorer. Click Publish. b. On the WordPress website. c. Note: Your website is created. click Log In: a. complete the Information needed section with the following information: a. Your E-mail: The email address associated with your Azure subscription. c. b. b. Results: After you complete this exercise. 4. Password. On the New MySQL Database page. e. c. In the Upload a package dialog box. where #### is a unique number. Deploy a Cloud Service. Note: Deployment begins. Verify a Cloud Service.  Task 2: Deploy a Cloud Service 1. b. Under adatumadswebrole. b. The main tasks for this exercise are as follows: 1.Cloud. Scale the cloud service: a. in the DEPLOYMENT LABEL box. click CPU. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 2-23 Exercise 2: Create a Cloud Service Scenario You must now create an Azure Cloud Service. type Adatum App ####. adjacent to SCALE BY METRIC. In the URL text box. d. Click SAVE. Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4. Navigate to C:\Labfiles. 2. Create a Cloud Service. Drag the TARGET CPU slider bar so that maximum is 90.cspkg. 2. type AdatumWeb####. This could take 10 to 15 minutes. In the REGION OR AFFINITY GROUP list. Select the new cloud service and select the CONFIGURE tab.cscfg. Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4. If the name is valid and unique. c. Navigate to C:\Labfiles and double-click AdatumAds. 3. Under adatumadsworkerrole. Drag the TARGET CPU slider bar so that the maximum is 90. and double-click ServiceConfiguration.  Task 1: Create a Cloud Service • Create a new cloud service using QUICK CREATE: a. . For example. You will use the Azure portal to complete this task. a green check mark is displayed. b. Upload a new production deployment: a. click CPU. (where #### is the same number you typed earlier). f. g. adjacent to SCALE BY METRIC. type a valid unique cloud service name. Select a local package file.MCT USE ONLY. 3. click your local region and then click CREATE CLOUD SERVICE. Select a local configuration file. Results: After you complete this exercise. Note: The app is for demonstration purposes and is not completely functional. deployed. Task 3: Verify a Cloud Service Note: It might take a few minutes for your website to display. . and then click the URL for your cloud service. 2. you will have successfully created. MCT USE ONLY. and configured an Azure Cloud Service. The Adatum Ads webpage displays. Review the list of cloud services in the Azure portal. STUDENT USE PROHIBITED 2-24 Websites and Cloud Services Close Internet Explorer. 1. MCT USE ONLY. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 2-25 Module Review and Takeaways Review Questions Question: What is the key difference between using Azure Websites and an Azure virtual machine with the IIS server role installed to host your website app? Question: You want to create and publish your Azure Website using the Azure portal. Which option should you select when creating the new Website? MCT USE ONLY. STUDENT USE PROHIBITED MCT USE ONLY. STUDENT USE PROHIBITED 3-1 Module 3 Virtual Machines in Microsoft Azure Contents: Module Overview 3-1 Lesson 1: Create and Configure Virtual Machines 3-2 Lesson 2: Configure Disks 3-12 Lab: Create a Virtual Machine in Microsoft Azure 3-18 Module Review and Takeaways 3-21 Module Overview Microsoft offers several virtualization management technologies that your organization can use to resolve problems that you may encounter when managing server computing environments. For example, server virtualization can help reduce the number of physical servers, and provide a flexible and resilient server solution. You can deploy virtual machines on your locally installed servers or in Microsoft Azure. In this module, you will learn how to create and configure virtual machines, and how to manage their disks. Objectives After completing this module, you will be able to: • Create and configure virtual machines in Microsoft Azure. • Configure disks for virtual machines. Lesson 1 Create and Configure Virtual Machines MCT USE ONLY. STUDENT USE PROHIBITED 3-2 Virtual Machines in Microsoft Azure Virtual machines (VMs) provide many benefits over traditional physical machines. You can deploy virtual machines on physical servers in your IT environment, or you can choose to deploy virtual machines in Microsoft Azure. In this lesson, you will learn how to create, deploy, and configure virtual machines in Microsoft Azure. Lesson Objectives After completing this lesson, you will be able to: • Describe the purpose and functionality of virtual machines. • Describe Azure virtual machines. • Describe how to create virtual machines from Azure VM Gallery. • Create a virtual machine from the Azure VM Gallery. • Configure and scale virtual machines. • Configure a virtual machine from the Azure Portal. • Describe how to connect to a virtual machine. • Connect to a virtual machine. Overview of Virtual Machines In today’s information technology (IT) environments, a virtual machine is an emulation of a physical computer system. A virtual machine acts like a software-based computer that runs an operating system and applications. Virtual machines are based on the computer architecture and functions of a real or hypothetical computer. The implementation of virtual machines may involve specialized hardware, software, or a combination of both. Virtual machines function as normal computers. Virtual machines that are hosted on the same virtualization server are independent of one another. You can run multiple virtual machines that are using different operating systems on a virtualization server simultaneously, provided the virtualization server has enough resources. Implementing Virtual Machines to Maximize Hardware Usage You use hardware more efficiently when you implement virtual machines. In most cases, a service or a program does not consume more than a fraction of the virtualization server’s resources. This means that you can install multiple services and programs on the same virtualization server and then deploy them to multiple virtual machines. This ensures a more effective use of that virtualization server’s resources. For example, you may have four separate services and programs, each of which consumes from 10 to 15 percent of a virtualization server’s hardware resources. You can install these services and programs in virtual machines, and then place them on the same hardware, where they consume 40 to 60 percent of the virtualization server’s hardware. On a virtual machine. Virtual machines use virtual. provided that you host them within virtual machines. The management operating system. you can solve this problem by running these programs within virtual machines on the same server. Consolidating Servers With server virtualization. This simulates the computer’s BIOS. but you can install them in separate virtual machines that are running on the same host. In real-world environments. or emulated. • You can create virtual machine self-service portals that enable end users to provision approved servers and programs automatically. Windows Server 2012 with Hyper-V. Integrated Drive Electronics (IDE). such as from a DVD drive. Examples of such services and programs include Microsoft Exchange Server 2013. including: o The boot order for the virtual machine’s virtual hardware. . o Whether the NUM LOCK key is enabled at boot. while the computer that is running Hyper-V is the virtualization server or the management operating system. Isolating Services and Programs It can be challenging to keep one particular service or program functioning reliably. On a stand-alone computer. You should not install these services on the same machine. virtual machines include the following simulated hardware: • BIOS. you can configure various BIOS-related parameters. so you do not have to configure the setting of every parameter manually. hardware. By default. Simplifying Server Deployment Virtualization also enables you to simplify server deployment. For example. and Active Directory Domain Services (AD DS). you can configure some of the same parameters. Yu should also make sure that you provide high availability. If you can afford only one server. you can map a virtual network adapter to a virtual network that you map to an actual network interface.MCT USE ONLY. Because you can isolate each virtual machine on a virtualization server from the other virtual machines on the same server. You have to ensure that the hardware-resource needs of all the virtual machines that the virtualization server is hosting do not exceed the server’s hardware resources. or a floppy disk. you can consolidate servers that would otherwise need to run on separate hardware onto a single virtualization server. you can create separate virtual machines and run them concurrently on a single server that is running Microsoft Hyper-V. This lessens the workload of the systems administration team. it becomes even more complicated when you deploy multiple services and programs on the same server. Virtual Machine Hardware With server virtualization. uses the virtual hardware to mediate access to actual hardware. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 3-3 This is a simplified example. o From which device the virtual machine boots. a legacy network adapter. you can deploy services and programs that are incompatible with one another on the same physical computer. SQL Server 2012. These templates include parameters that are preconfigured with common settings. For example. but these operating systems conflict when running on the same computer. because: • Virtual machine templates for common server configurations are included with products such as Microsoft System Center 2012 Virtual Machine Manager (VMM). you must make adequate preparations before collocating virtual machines. You create these virtual machine self-service portals with VMM and Microsoft System Center 2012 Service Manager. These virtual machines are guests. you might need to deploy two separate operating systems at a branch office. which supports Secure Boot. In machines that can run enlightened operating systems. many modern operating systems now include Integration Services. You can also use legacy network adapters to deploy operating system images throughout the network. It provides support for the new type of virtual machines. Integration Services allow the virtual machines to access synthetic devices.MCT USE ONLY. Each IDE controller can support two devices. STUDENT USE PROHIBITED 3-4 Virtual Machines in Microsoft Azure • Memory. You can allocate up to 64 virtual processors to a single virtual machine. You can add the following hardware to a virtual machine by editing the virtual machine’s properties. and then clicking Add Hardware: • SCSI controller. the virtual machine can then display high performance graphics by leveraging Microsoft DirectX and graphics processing power on the host Windows Server 2012 server. If you add a Fibre Channel adapter to a virtual machine. You can use IDE controllers to connect virtual hard disks and DVD drives to virtual machines that use any operating system that does not support integration services. Windows Server 2012 R2 changes all of this. • Processor. • COM 1. • IDE controller 1. • RemoteFX 3D video adapter. It fully supports the existing type of virtual machines. You can connect virtual hard drives or virtual DVD drives to an IDE controller. You can only add a Fibre Channel adapter to a virtual machine if the virtualization server has a Fibre Channel host bus adapter (HBA) that also has a Windows Server 2012 driver that supports virtual Fibre Channel. Each controller supports up to 64 disks. two are allocated to each virtual machine. You can allocate up 1 terabyte (TB) of memory resources to an individual virtual machine. • Synthetic network adapter. by default. You can use a small computer system interface (SCSI) controller only on virtual machines that have operating systems that support integration services. Enables you to map a virtual floppy disk image to a virtual disk drive. which perform better. named generation 2 virtual machines. replaces BIOS-based firmware. With the broad adoption of virtualization. • Network adapter. You can use legacy network adapters with any operating systems that do not support integration services. the virtual machine can then connect directly to a Fibre Channel SAN. Generation 2 virtual machines function as if their operating systems are virtualization-aware. A virtual machine can support only two IDE controllers and. You can only use synthetic network adapters with supported virtual machine guest operating systems. Because of this. • IDE controller 0. Enables you to configure a connection through a named pipe. • SCSI controller. • COM 2. Virtual Machine Generations Most operating systems and programs that run in virtual machines are not aware that they are virtualized. If you add a RemoteFX 3D video adapter to a virtual machine. • Fibre Channel adapter. Advanced Unified Extensible Firmware Interface (UEFI) firm. Synthetic network adapters represent computer network adapters. Enables deployment of additional virtual hard drives and DVD drives to the virtual machine. • Disk drive. • Legacy network adapter. You can add up to four virtual SCSI devices. A single virtual machine can have up to four legacy network adapters. Generation 2 virtual machines use only synthetic devices. A single virtual machine can have a maximum of eight synthetic network adapters. and names them collectively generation 1 virtual machines. Using emulated hardware enables operating systems that are not virtualization-aware to run in virtual machines. Enables you to configure an additional connection through a named pipe. Generation 2 virtual machines start from a . generation 2 virtual machines do not have the legacy and emulated virtual hardware devices found on generation 1 virtual machines. will continue to be in use for the foreseeable future. You cannot change the generation later. You can run generation 1 and generation 2 virtual machines side-byside on the same Hyper-V host. you can deploy a cloud-based virtual machine quickly. Then. which you may opt to discard if the project is not approved. Cloudbased virtual machines. you can also create cloud-based virtual machines in the Microsoft Azure environment. You select the virtual machine generation when you create the virtual machine. Therefore. which support almost any operating system. You can also use additional services from Microsoft Azure. Windows 8 (64-bit). For example. This solution is not only faster but also less expensive than buying the hardware for the proof-of-concept solution. Rather than purchase test hardware and deploy a proof-of-concept solution to it. depending on operational concerns. after you validate the proof-of-concept solution. or keep it. Generation 1 and generation 2 virtual machines have similar performance. generation 1 virtual machines. programs. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 3-5 SCSI controller or by using the Pre-Boot EXecution Environment (PXE) on a network adapter. Generation 2 virtual machines currently support only Windows Server 2012. • You can move your virtual machines from an on-premises Hyper-V deployment to Microsoft Azure. and services can also be useful when you have to provide proof-of-concept solutions for proposed projects. and newer 64-bit Windows operating systems. . Storage.MCT USE ONLY. The Azure platform provides numerous services that can either replace or complement existing on-premises services. The primary advantage of generation 2 virtual machines is that startup and deployment are considerably faster. What Are Azure Virtual Machines? In addition to creating virtual machines on your on-premises physical servers. In today’s enterprise environments. or ServiceBus to support your testing. there are several more scenarios where you can benefit from running virtual machines in Microsoft Azure: • You can use virtual machines in Azure for development or testing. and then deploy the proof-of-concept solution to the virtual machine. Apart from using the Azure environment for testing or proof-of-concept. cloud-based services and especially virtual machines can be a very attractive solution for extending a data center and allocating some additional resources when needed. you can discard the virtual machine. such as SQL Databases. • You can extend your data center by using Microsoft Azure. you can move a virtual hard drive from your local environment and run it with virtual machines in Microsoft Azure. you can deploy several virtual machines in Microsoft Azure and connect them to your on-premises environment by using Azure Virtual Networks. except during startup and operating system installation. All remaining virtual devices use virtual machine bus (VMBus) to communicate with parent partitions. By using this approach. Generation 2 virtual machines do not currently support Microsoft RemoteFX. Microsoft Azure provides an inexpensive and reliable test platform that you can deploy within minutes. you must choose between several preconfigured options for virtual machine configuration. This is the name of the local user account that you will use when managing the server.com/fwlink/?LinkID=517440 . and you will be charged for it. Some additional charges may appear for the storage that the virtual machine uses in addition to the operating system disk. Also. You can configure the location for the virtual machine to the most appropriate locale. even if it is not running. you have to decide if you are going to use your own . Only when you shut down the virtual machine from the Azure portal will it go into the Stopped (Deallocated) state. you have three options: create a virtual machine from the + NEW menu. it will go into the Stopped state. When you shut down the virtual machine from its operating system. Microsoft Azure supports only generation 1 virtual machines. • Location. have only one virtual network adapter. irrespective of size. • Pricing tier. you pay for the service on an hourly or per-minute basis. the Azure platform does not provide console access to a virtual machine. • Subscription. you should also consider the licensing aspect. In the Hyper-V environment. In addition. • User name. When you create a new virtual machine instance by using the Azure management portal. and most Azure VMs. and the additional software installed on the virtual machine. You use this option to configure some basic operating system settings such as automatic updates. In the Azure portal. you cannot manage virtual machine generation. which means that they also can have only one IP address. • Resource group. the storage account. After you configure these options. The resource group is a container that groups objects together into a collection for easier management. you configure all properties of the virtual machine. go to http://go. the portal creates the virtual machine with the settings that you have specified. You can use this option to configure the pricing tier that correlates to the virtual hardware assigned to your virtual machine. At this time. This is the name of the computer.Deploying Azure Virtual Machines MCT USE ONLY. the operating system. The price for the specific virtual machine is based on the size. When you create a virtual machine. the network configuration including static IP address and virtual network. the portal allows you to specify the following options: • Host name. and create a virtual machine based on your own image. and whether diagnostics should be on or off. Additional Reading: For more information on Azure virtual machines. you can choose which subscription the virtual machine should be part of. the availability set for the virtual machine. Because your virtual machine allocates resources on the Azure platform.vhd file as an image for the virtual machine or if you will use one of the platform images already present in Microsoft Azure. When making this decision. If you have multiple Azure subscriptions.microsoft. create a virtual machine from the gallery. you are charged when the virtual machine status is Running or Stopped. When running Azure VMs. • Optional configuration. STUDENT USE PROHIBITED 3-6 Virtual Machines in Microsoft Azure Deploying virtual machines in Microsoft Azure is somewhat different from deploying them on a local Hyper-V environment. but it is important to consider this when using the virtual machine image create on your local Hyper-V environment. but you are not charged when the machine is in Stopped (Deallocated) state. in the Microsoft Azure environment. 5 GB memory.75 GB memory. 1 data disk) • A1 (1 core. you can select from multiple versions of the following distributions: • Ubuntu • CentOS • SUSE • Oracle • Puppet Labs Finally. you can create a virtual machine from the gallery of available images and VMs. 4 data disks) • A3 (4 cores. 768 MB memory. After you have selected the operating system or image that you wish to deploy. 8 data disks) • A4 (8 cores. Some of the available Microsoft products include: • Windows Server • Microsoft SharePoint • Microsoft SQL Server • Microsoft BizTalk Server • Microsoft Visual Studio If you are performing a Linux installation.MCT USE ONLY. These details include: • Operating system version release date • Virtual machine name • Deployment tier • Virtual machine size • Username • Password A key aspect of these configuration steps is the deployment tier and size of the instance. 2 data disks) • A2 (2 cores. 7 GB memory. a basic deployment tier and a standard deployment tier offer the following sizes for general purpose use: • A0 (shared core. 1. For example. 14 GB memory. 16 data disks) . The gallery provides preinstalled images of various Microsoft and Linux operating systems and products. The Azure offer consists of several virtual machine pricing tiers. the next step in the gallery wizard asks for virtual machine configuration details. you can select a basic Windows Server installation or a specific product. an installation can also be based on images or disks that you have previously uploaded to Azure. 3. which will be preinstalled with the server. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 3-7 Create a Virtual Machine from the Gallery If you do not want to use your own image file to build an Azure virtual machine. For example. After you have created a virtual machine instance. The standard deployment tier includes the features of the basic deployment tier in addition to autoscaling and load balancing. o Operating system: Windows Server 2012 R2 Datacenter o VM name: server<your_initials>-10979 o User name: server<your_initials>-admin o Password: Moc1500! o Location: Select the location that is closest to you o Storage account: Create new by using default values Select to create a virtual machine with these settings and wait for a couple minutes until the virtual machine is created. Both of these features are not available in the basic deployment tier. Create a new virtual machine by using the following settings: 3. there are additional tiers for more demanding services. 16 data disks) Microsoft is updating tiers regularly. Note that the compute-intensive deployment tier comes standard with a 40 gigabyte (GB) InfiniBand network. STUDENT USE PROHIBITED 3-8 Virtual Machines in Microsoft Azure Besides basic tier.azure. you can choose some of these tiers: • A8 (8 cores. These options are typically necessary for memory-intensive services such as database services. you will see how to create a virtual machine from the Azure Gallery. 2.com/fwlink/?LinkID=517441 Demonstration: Create a Virtual Machine from the Gallery In this demonstration. which has a very affordable monthly price. . so we recommend that you review the current offer on the Azure management portal.microsoft. there is a compute-intensive deployment tier that offers all that the standard tier includes with some additional features. 56 GB memory. For example. 112 GB memory. Lastly. 16 data disks) • A9 (16 cores. go to http://go. Sign in to your Azure account on the Azure preview portal at https://portal.com. you can use two primary methods to connect and manage the virtual machine: • Windows PowerShell with the Azure module • Remote Desktop Protocol. initiated from within the Azure management portal Additional Reading: For more information on Virtual Machine and Cloud Service Sizes for Azure. Demonstration Steps Create a virtual machine 1. and Remote Direct Memory Access (RDMA) support.MCT USE ONLY. and that they should not be taken down at the same time. you can also configure scaling. you use the Azure management portal to perform further configuration and administration of each virtual machine. • The Configure tab provides options for virtual machine configuration. Fault Domain objects define the group of virtual machines that share a common power source and network switch. Larger virtual machines have more cores available. which means they have separate power supplies and switches. you can see general information about the virtual machine state and configured options. • On the Monitor tab. Update Domain objects help the Azure platform to determine which virtual machines (or physical hardware that hosts them) can or cannot be rebooted at the same time. and Network resources. they will never all share the same Fault Domain object. during a planned or unplanned maintenance event. In practice. virtual machines that are part of an availability set are spread across different racks in the Azure data center. you inform the Microsoft Azure fabric controller that these virtual machines are hosting the same service. you provide redundancy for an application that is running on one or more virtual machines. Note: Do not confuse availability sets with high availability technologies such as failover clustering or Network Load Balancing (NLB). You can scale your application manually or you can set parameters to scale it automatically. • The Endpoints tab lets you configure connection endpoints for the virtual machine. as discussed earlier in this lesson.95% Azure service level agreement (SLA). On this tab. the tab-based interface for management opens. at least one virtual machine will be available and meet the 99. Availability Sets and Scaling By configuring an availability set. Disk. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 3-9 Configure and Scale a Virtual Machine After you create an Azure virtual machine. You can scale . you can find real-time information about the performance of critical components of your virtual machine. When you configure up to five virtual machines in the same availability set. Before you configure any scaling options. You can monitor central processing unit (CPU). When you click the virtual machine in the Azure management portal.MCT USE ONLY. In addition. you ensure that. here you can find quick links to some commonly used configuration options. When you put two or more virtual machines into the availability set. Notice that this interface is significantly different than the interface of virtual machine properties in Hyper-V Manager. Besides. when you place two or more virtual machines in the availability set. you must assign the virtual machines to the same availability set. Virtual machines that you assign to the availability set are turned on in a scale-up action and turned off in a scale-down action. For an application running within virtual machines. The Azure platform controls these operations by using the Update Domain and Fault Domain objects. in the following ways: • On the Dashboard tab. and you can also configure the virtual machine availability options by configuring an availability set. you can change the virtual machine tier and size. CPU core usage affects application scaling. 6. which you will learn about later. you will probably want to connect to it. Demonstration Steps 1. Open Azure portal from Azure preview portal. Save the changes. For security reasons. you can find SSH information such as the host name and port number in the Management Portal by selecting the virtual machine and looking for SSH Details in the Quick Glance section of the dashboard. Show available options 3. you can only scale up the other cloud service deployments in your subscription by 16 cores. 5. and ENDPOINTS tabs and review the available options. you can use the Remote Desktop client software for Windows operating systems. On the CONFIGURE tab. MONITOR. To make a connection to a virtual machine. change the size of the virtual machine to A1. . For example.applications within the core limits for your Azure subscription. 2. you can use the Secure Shell (SSH) client for Linux operating systems. if you have an Azure subscription that has a limit of 20 cores and you run an application with two medium-sized virtual machines (which use four cores in total). Alternatively.rdp file with settings needed to make a connection to the virtual machine. 4. you can disable this type of communication to reduce the attack surface and instead use virtual private networks (VPNs). You can connect to your Azure virtual machine directly from the Azure management portal by choosing the Connect option after selecting a virtual machine. If you want to make an SSH connection. All virtual machines in an availability set that you use in scaling an application must be the same size. Demonstration: Configure a Virtual Machine from the Portal In this demonstration. you use credentials that you specified when you created the virtual machine. click on the virtual machine created in previous demonstration. STUDENT USE PROHIBITED 3-10 Virtual Machines in Microsoft Azure To log on to a virtual machine. In the Azure portal. you will be prompted to download the . In case of a Windows virtual machine. and then perform further administration tasks. you will see how to configure an Azure virtual machine. Open the Azure preview portal and browse to Virtual machines. Browse through the DASHBOARD. Click the virtual machine that you created in the previous demonstration. or other operating systems that support it. Connect to a Virtual Machine After you create a virtual machine on the Microsoft Azure platform. You can also change the default port for connecting to Remote Desktop. MCT USE ONLY. • Restart the virtual machine. You can enable this extension during the wizard for creating an Azure virtual machine. • Delete and recreate endpoint objects for RDP or SSH. you can also reset Remote Desktop Access or Secure Shell (SSH) settings on a virtual machine. you will also have to create appropriate inbound rules on the local firewall on the virtual machine. 2. ensure that you are using the correct domain to sign in. If you added a machine to the Active Directory Domain Services (AD DS) domain. ensure that your local firewall allows this connection. you can perform a password reset by using the VMAccess extension. you can also specify a custom port and protocol to make a connection. . and then connect to the virtual machine. you can try the following troubleshooting steps: • Ensure that you are using the correct user account. Two endpoints are created by default when you create a new virtual machine. but you can create more by using the management portal. Note: If you forget the user name and password for the Azure virtual machine. Each virtual machine created by using an image from the Azure gallery comes with the local Windows Firewall enabled. Alternatively. click the newly created virtual machine. With this extension. However. • If you are using a specific endpoint with custom values for port and protocol to connect. Disconnect the Remote Desktop Connection session when finished. you will see how to connect to an Azure virtual machine. if you create additional endpoints later. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 3-11 Besides using Remote Desktop Protocol (RDP) or SSH to connect to the virtual machine. Demonstration: Connect to a Virtual Machine In this demonstration. you will have to set all firewall rules manually. Demonstration Steps Connect to a virtual machine by using Remote Desktop Connection • Switch back to the Azure preview portal. Troubleshooting Virtual Machine Connection Issues If you are having trouble connecting to a virtual machine in Microsoft Azure. you need to create an endpoint. Sign in to the virtual machine and navigate around the server configuration by viewing Server Manager and File Explorer.MCT USE ONLY. In addition. Validate functionality of a newly created virtual machine 1. if you are using your custom image on an Azure virtual machine. you can also use the Set-AzureVMaccessExtension cmdlet from Microsoft Azure PowerShell module to add this extension after deploying the virtual machine. To allow access to the virtual machine. Windows Firewall is configured with inbound rules according to the default endpoints created for the specific virtual machine. Windows Server 2012 supports the boot from virtual hard disk option. In this lesson. Windows Server 2008 R2. • Upload and attach disks to virtual machines. you will learn about virtual machine disks and how to manage them. MCT USE ONLY. you will be able to: • Describe virtual hard disks. • The Windows PowerShell cmdlet New-VHD.vhdx virtual disk formats. You must configure at least one disk on each virtual machine to store operating system files. You can configure this file as a virtual hard disk with partitions and an operating system. . This enables you to configure a computer to boot into a Windows Server 2012 operating system that is deployed on a virtual hard disk. Windows 8. You can create a virtual hard disk by using: • The Hyper-V Manager console. • The DiskPart (diskpart.vhd or . • Describe how to configure new disks in Windows operating systems. and Windows 7 operating systems. or into certain editions of the Windows 8 operating system that are deployed on a virtual hard disk. You can use virtual hard disks on virtual machines.exe) command-line tool. STUDENT USE PROHIBITED 3-12 Virtual Machines in Microsoft Azure Virtual machines deployed in the Hyper-V environment use the .Lesson 2 Configure Disks Each virtual machine uses disks to store data. Lesson Objectives After completing this lesson. • Configure disks. You can add more disks to each virtual machine deployed onpremises or in Microsoft Azure. Note: Some editions of Windows 7 and Windows Server 2008 R2 also support booting from virtual hard disk. and you can mount virtual hard disks as local volumes by using the Windows Server 2012. • The Disk Management console. Overview of Virtual Hard Disks A virtual hard disk is a file that represents a traditional hard disk drive. vhdx format by using the Edit Virtual Hard Disk Wizard. a virtual machine can move to a different physical host machine. each operating system disk is created in three copies for redundancy. .vhdx Format Virtual hard disks typically use the . The number of data disks assigned to the virtual machine that you choose from the gallery depends on the deployment and pricing tier that you choose. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 3-13 Virtual Hard Disks in .vhdx format to the . This disk is attached as a serial ATA (SATA) drive and labeled with the letter C. • Virtual hard disks with the . It has the same size as the operating system disk. You should use this type of disk as data storage. and you can label it with the letter of your choice. and your virtual machine will be assigned a new temporary drive. In some scenarios.vhdx format can be as large as 64 TB.vhdx extension.vhd format to the . Its maximum size is 1 TB. Windows Server 2012 introduces a new type of virtual hard disk that uses the . When this happens. is stored in an Azure Storage account as a page blob. You can use the Azure management portal or Windows PowerShell to attach disks to a virtual machine. Each disk type is based on the . You can convert a virtual hard disk with the . This disk. It has a capacity of 127 GB. whereas virtual hard disks with the . You might want to do this if you have upgraded a Windows Server 2008 or Windows Server 2008 R2 virtualization server to Windows Server 2012 or Windows Server 2012 R2.vhdx format are less likely to become corrupt if the virtualization server suffers an unexpected power outage. Unlike the operating system disk. storage will be deleted. • Data disk. Disks in Microsoft Azure There are three types of virtual disks in Azure: • Operating system disk. It is important to note that you should not use this disk for storing data. Virtual Hard Disks in . Virtual hard disks with the .vhdx format can hold larger dynamic and differencing virtual hard disks. Each machine has an operating system disk attached. You will discuss types of Azure storage in later modules.vhdx format have the following benefits over virtual hard disks that were used in Hyper-V on Windows Server 2008 and Windows Server 2008 R2: • Virtual hard disks with the . your virtual machine is recreated on the new host machine by using the operating system disk. You can also convert a virtual hard disk with the . As with the operating system disk. In addition. when you resize your virtual machine or when you shut it down temporarily.MCT USE ONLY. It is there to provide temporary storage for applications and processes and to store data that you do not need to keep. This provides for better performance from the dynamic and differencing virtual hard disks. In the Azure infrastructure. along with an operating system disk.vhd extension. • Temporary disk. The Add-AzureDataDisk cmdlet can attach an existing data disk to a virtual machine or create a new data disk for a virtual machine. such as in a power failure. • Virtual hard disks with the . but this process is transparent to the user. The temporary storage is present on the physical machine that is hosting your virtual machine. This disk contains the operating system of the virtual machine. • The . Any data saved on the previous temporary drive will not be migrated. such as page or swap files. this disk is attached to the SCSI interface of the virtual machine.vhd format are limited to 2 TB.vhd Format vs. this disk is created automatically during the creation of the virtual machine. and it is labeled with the letter D.vhd format.vhdx format supports better alignment when deployed to a large sector disk.vhd format. Note that Azure does not support . Also.vhd file containing your custom Windows operating system image. For many organizations.vhd before you upload them. but you can convert your existing . Alternatively. The module contains the Add-AzureVHD cmdlet. you must meet the following prerequisites: • You must download and install the Azure Windows PowerShell module on an on-premises computer. and then attach it to a virtual machine. You can upload your customized images to Azure so that you can deploy your images in Azure. Each storage account that you create in your Azure subscription has specific scale targets. it is possible that you will reach the limits of these storage targets. You must manually manage the . STUDENT USE PROHIBITED 3-14 Virtual Machines in Microsoft Azure • Azure does not support the . Uploading and Attaching Disks If you want to attach a new data disk to your virtual machine in Microsoft Azure. you must initialize it before use. You can upload the . • Azure must support the operating system in the image.vhd format. After you attach a disk to a virtual machine. You can also use a virtual disk from your on-premises computer. .vhdx format. we recommend that you use multiple disks across multiple storage accounts. you would use a set of virtual machine images for a single service. multiple images handle client computers and servers running different operating systems and applications. you can do so by using the Azure management portal.You must consider the following factors when using virtual disks in Azure: MCT USE ONLY. Azure supports a maximum . If services in your virtual machine require heavy disk I/O load through a virtual machine.vhd files automatically. All virtual disks must be fixed disks. A specific blob (which holds a single disk) has a target of 60 megabytes (MB) per second.vhd file to Azure. Azure disks that you can attach to the virtual machines are stored as page blobs in Azure Storage. • . To use your images in Azure. which you will use to upload your custom images to Azure. • You must create a .vhd files to minimize storage space waste.vhdx files to . Many organizations use a custom operating system image for their computers. • Azure does not support dynamically expanding disks. You would typically manage these images by using VMM in on-premises environments. in some more complex environments. For achieving better performance. Currently. Azure supports images containing Windows Server 2008 R2 and newer versions. you must choose a storage account and a container where your disk will be stored. and you must specify a disk size in GB. such as a server running Hyper-V in Windows Server 2012. When creating a new disk. This will enable you to exceed account-specific storage scale targets. All virtual disks must use the .vhdx files. you can use Windows PowerShell to manage the .vhd files remain in your storage account even if you remove them from a virtual machine or delete the virtual machine.vhd size of 999 GB. Many of the images are based on their intended use. Launch Azure Windows PowerShell and connect to Azure. The VM Depot contains a large number of community-developed images that you can customize and use when you are creating new VMs. Configuring New Disks in a Windows Virtual Machines When you attach a disk to the Azure virtual machine. Before creating volumes. the depot contains only non-Windows images. . your system has the following parameters: o The URL to the storage container is https://10979astorage01bs.net/10979ac1/Images/2012-R2-General.windows. compatibility. However. Basic Disks All versions of the Windows operating system support basic storage.windows. you should initialize it.blob. and then create volumes. it is available for deployment when you create a new virtual machine. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 3-15 When you are ready to begin. By default.vhd file is D:\Images\2012-R2-General. which uses partition tables. or performance. You also have the option of using the VM Depot instead of uploading an image. When the image is in the custom images list.net /10979a-c1 o The container name is 10979a-c1 o The local path to the . follow these high-level steps: 1.blob. you should choose which type of disk you want to use. For example. Run the upload command. Microsoft Open Technologies does not screen these images for security. you can find images configured for blogging services and web servers. For example. the disk is configured as a basic disk.MCT USE ONLY. Community members provide and license the virtual machine images on this site to you.vhd" -LocalFilePath "D:\Images\2012-R2-General.core. Typically. However. when you initialize a disk in the Windows operating system.core. It is easy to convert basic disks to dynamic disks without any data loss. You can subdivide extended partitions into logical volumes. 2. you use Disk Management for managing disks and volumes. you can manage that disk in the same way as you would manage a disk on the physical machine or a virtual machine deployed locally on your Hyper-V server. all data on the disk is lost. You can add the image by using the Azure management portal or by using Windows PowerShell.vhd o The new . When selecting a type of disk for your use in Windows Server 2012. Add the image to your custom images list.VHD" 3. most of which are based on the Linux operating system.vhd" You would run the following command to upload the image: Add-AzureVhd -Destination "https://10979astorage01bs. when you convert a dynamic disk to a basic disk. When you first attach an empty disk to the Azure virtual machine.vhd file will be called "2012-R2-General. A basic disk is one that you initialize for basic storage and that contains basic partitions such as primary partitions and extended partitions. and does not provide any license rights or support for them. you can choose between basic and dynamic disks. so it maintains backward compatibility with NTFS. ReFS is a new feature in Windows Server 2012 that is based on the NTFS file system. storage tiers. you can build fault-tolerant. • Disk scrubbing for protection against latent disk errors. and precise administrative control. You can format the volume with a file system and assign it a drive letter or configure it with a mount point. Storage spaces are virtual disks created from free space in a storage pool. It provides the following features and advantages: • Metadata integrity with checksums. Storage pools are a collection of physical disks that have been aggregated into a single logical disk so that you can manage the multiple physical disks as a single disk.Dynamic Disks MCT USE ONLY. over NTFS. which can experience corruption in similar circumstances. and some programs cannot address data that is stored on dynamic disks. Storage spaces have such attributes as resiliency level. By using dynamic storage. especially during a loss of power. besides being able to format volumes with file allocation table (FAT) or New Technology File System (NTFS). • Larger volume. programs that run on Windows Server 2012 can access files on ReFS. . You can create a dynamic volume from free space on one or more disks. ReFS uses a subset of NTFS features. • Increased reliability. just as they would on NTFS. STUDENT USE PROHIBITED 3-16 Virtual Machines in Microsoft Azure The Microsoft Windows 2000 Server operating system introduced dynamic storage. You can also perform disk and volume management without having to restart computers that are running Windows operating systems.1. but not with Windows 8. For these reasons. Windows Server 2012 also provides a new way to manage storage that is attached to the physical host or a virtual machine. You can use Storage Spaces to add physical disks that have different sizes and interfaces to a storage pool. Storage Spaces is a storage virtualization feature that Windows Server 2012 and the Windows 8 operating system include. However. • Redundancy for fault tolerance. by implementing Storage Spaces technology. You can use ReFS drives with Windows 8. ReFS In Windows Server 2012. • Resiliency to corruptions with recovery for maximum volume availability. you would not normally convert basic disks to dynamic disks unless you need to use some of the additional volume configuration options that dynamic disks provide. fixed provisioning. • Storage spaces. • Expanded protection against data corruption. A dynamic disk is one that you initialize for dynamic storage and that contains dynamic volumes. an ReFS-formatted drive is not recognized when placed in computers that are running Windows Server operating systems older than Windows Server 2012. you can also use Resilient File System (ReFS). Therefore. The Storage Spaces feature has two components: • Storage pools. file. and directory sizes. Dynamic disks do not perform better than basic disks. redundant storage systems. Create a new data disk with a size of 5 GB. 3. Ensure that you see only the operating system disk attached to the virtual machine. 7. connect to it and verify that the disk appears in the Disk Management console. browse to Virtual Machines. Open the Disks tile. 6.MCT USE ONLY. Select the default storage account that was created during the creation of the virtual machine. After the disk is attached to the virtual machine. In the Disks pane of Virtual machine properties. 8. Choose the vhds container. 5. you will see how to attach a new data disk to an Azure virtual machine. choose to attach new disk. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 3-17 Demonstration: Configure Disks In this demonstration. Navigate to the virtual machine that you created in the first demonstration. . 9. 2. Demonstration Steps 1. 4. In the Azure preview portal. You have decided to use a dedicated server for your order systems. . you have decided to create an Azure-based server and evaluate this as a host for the order systems. switch to a new Azure preview portal. 2. and then wait for a couple of minutes until the virtual machine is created. The main tasks for this exercise are as follows: 1. Exercise 1: Create a Virtual Machine from the Gallery Scenario As a part of your task to evaluate server hosting in Microsoft Azure. Create a new virtual machine by using the following settings: 3. Sign in to your Azure account on the Azure portal available at http://azure.com. you will be able to: • Create a virtual machine.  Task 1: Select and create a virtual machine 1. you have to create a virtual machine from the Azure gallery. Select and create a virtual machine. Furthermore. Currently. • Attach a data disk to the virtual machine.microsoft. 2. Datum Corporation have increased significantly. Verify virtual machine creation. Objectives After completing this lab. o Operating system: Windows Server 2012 R2 Datacenter o VM name: server<initials>-10979 o User name: server<initials>-admin o Password: Moc1500! o Location: Select the location that is closest to you o Storage account: create new by using default values Select to create a virtual machine with these settings. the order systems run on a server that provides other in-house services.Lab: Create a Virtual Machine in Microsoft Azure Scenario MCT USE ONLY. STUDENT USE PROHIBITED 3-18 Virtual Machines in Microsoft Azure Orders at A. After signing in. Estimated Time: 40 minutes Sign in to your classroom computer by using the credentials your instructor provides. With this in mind. this server needs to be able to cope with increasing workloads in the event of future changes in order volume. • Connect to a virtual machine. Browse through the DASHBOARD. Connect to a virtual machine. Click Browse and then select virtual machine created earlier. you want to make an RDP connection to it and verify its properties. MONITOR. Switch to the Azure preview portal. Results: After completing this exercise. Results: After completing this exercise. Open the Azure preview portal. Disconnect the Remote Desktop Connection session when finished. 2. Connect to the virtual machine from the Azure portal. View the properties of the virtual machine. Attach a data disk. ENDPOINTS. 2. 3. you want to add a new disk to store data.  Task 1: View the properties of the virtual machine 1. Use the credentials that you defined for the virtual machine in the previous exercise. you will have established a connection to the virtual machine. In the Azure portal.  Task 2: Connect to a virtual machine 1. sign in. The main tasks for this exercise are as follows: 1. 2.MCT USE ONLY. Exercise 2: Verify the Functionality of the Virtual Machine Scenario After creating a virtual machine. 3. you will have created and verified a Microsoft Azure virtual machine. click the HOME tab and then click to open the Azure portal. View virtual machine disks. Exercise 3: Attach a Data Disk Scenario After creating a new virtual machine in Microsoft Azure. 4. 2. The main tasks for this exercise are as follows: 1. and then navigate around the server configuration by viewing Server Manager and File Explorer. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 3-19  Task 2: Verify virtual machine creation • Switch back to the Azure management portal. and CONFIGURE tabs and review the available options. click the virtual machine that you created in the previous demonstration. and then verify that the virtual machine is displayed and has the Running status. . Open Computer Management in the virtual machine window. browse to Virtual Machines. you will have attached a new disk to a virtual machine. . 3. After the disk is attached to the virtual machine. 3. 5.  Task 2: Attach a data disk MCT USE ONLY. Navigate to the virtual machine that you created in Exercise 1. and verify that disk appears in the Disk Management console. 2. 4. STUDENT USE PROHIBITED 3-20 Virtual Machines in Microsoft Azure 1. In the Disks pane of Virtual machine properties. Choose the vhds container. Open the Disks tile. 4. Task 1: View virtual machine disks 1. In the Azure portal. Ensure that you see only the operating system disk attached to the virtual machine. Results: After completing this exercise. Sign in to virtual machine with credentials defined in Exercise 1. choose to attach a new disk 2. use Azure preview portal to connect to it 6. Select the default storage account created during virtual machine creation. Create a new data disk with a size of 5 GB. ensure that you are familiar with the pricing for the capacity you need.MCT USE ONLY. • Ensure that the size of your virtual machine will meet the needs of services that it hosts. Review Question Question: Can you create generation two virtual machines in Microsoft Azure? . • Use data disks in different storage accounts to achieve better performance. • Use availability sets when you host the same service in more than one virtual machine. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 3-21 Module Review and Takeaways Best Practice • Before creating Azure virtual machines. MCT USE ONLY. STUDENT USE PROHIBITED . • Create Azure virtual networks. and how to implement communications between your on-premises infrastructure and Azure. In this module. you will be able to: • Describe the purpose and functionality of Azure virtual networks.MCT USE ONLY. By using Azure virtual networks. you can establish secure and reliable communication between Azure virtual machines and between your data center and Azure. you will learn how to create and implement Azure networks. • Implement point-to-site networks. . With Azure virtual networks. Objectives After completing this module. you can effectively extend your data center to Microsoft Azure. STUDENT USE PROHIBITED 4-1 Module 4 Virtual Networks Contents: Module Overview 4-1 Lesson 1: Getting Started with Virtual Networks 4-2 Lesson 2: Creating a Virtual Network 4-5 Lesson 3: Implementing Point-to-Site Networks 4-8 Lab: Create a Virtual Network 4-12 Module Review and Takeaways 4-15 Module Overview Microsoft Azure virtual networks are a critical component of most Azure deployments. Deploying virtual machines in Microsoft Azure is similar to deploying them on-premises. Azure virtual machines can communicate with each other. As a result. you must first create an Azure virtual network. Lesson Objectives After completing this lesson. You can address this issue is by creating a virtual private network (VPN) between your local network infrastructure and Azure virtual machines. you can establish a connection. However. Depending on your communication needs for virtual machines. you can create private. because you do not deploy Azure virtual machines in your own data center. This greatly simplifies the deployment of the Azure virtual machines (VMs) and the movement of the locally deployed virtual machines to the Microsoft Azure platform. but network communication with your on-premises infrastructure is not enabled. What Are Virtual Networks? When you deploy virtual machines in your onpremises environment. you must create virtual networks to enable the virtual machines to communicate with each other. you can allocate IP addresses for the Azure virtual machines from the same IP address space that you use in your own network. By default. STUDENT USE PROHIBITED 4-2 Virtual Networks You must be familiar with virtual networks before implementing them in Azure. called a virtual network. you must connect these virtual machines to your internal infrastructure first. you can make these applications as accessible as if they were running in your own data center. it is important that you determine whether your cloud deployment requires virtual networks. • Determine the need for a virtual network. virtual machines communicate with the rest of your network. By using these switches and networks. and assign virtual machines to it. After you establish this connection. After you create a virtual network in Azure. However. with other virtual machines. the connection does not depend on an operating system running in the virtual machines. internal. Because the connection between your local infrastructure and Azure virtual machines happens on the IP level. or external virtual networks switches. By running software that your company’s employees use in Azure virtual machines.Lesson 1 Getting Started with Virtual Networks MCT USE ONLY. protected with Internet Protocol security (IPsec). you will be able to: • Describe virtual networks. When creating Azure virtual networks. between this network and your local network. The Microsoft Azure virtual network represents a logical boundary around a group of virtual machines. before you create a VPN connection. virtual machines in Azure can also access . and because they are not physically connected to your network infrastructure. and with the Microsoft Hyper-V host machine. you will learn about virtual networks and their proper implementation. In this lesson. in an Azure data center. Also. • Describe virtual network awareness. the Azure virtual machines running in virtual networks look like just another part of your organization’s network. except for Remote Desktop Protocol (RDP) traffic. When creating a Cross-Premise virtual network. and to provide two-way resource access between Azure VMs and an on-premises infrastructure. Additional Reading: For more information on virtual networks.MCT USE ONLY. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 4-3 resources in your local network infrastructure. you must create a gateway to your internal network. You must also consider IP addressing. However. you will use cloud-only virtual network deployments. and cross-premise virtual network. on-premises resources can access Azure virtual machines only through connection endpoints.com/fwlink/?LinkID=517442 Determine the Need for Virtual Networks Not every deployment of Azure virtual machines requires the deployment of Azure virtual networks. you can redeploy your virtual machines to connect them to proper virtual networks. cloud-only virtual network. go to http://go. which can cause some downtime. In general. Because there is no universal design for Azure virtual networks. because virtual machines and cloud services configure their network settings during deployment. Whether you need an Azure virtual network depends on what you are trying to do. The Azure virtual machines can communicate with each other and access the Internet. Depending on your usage scenario. • If you do not plan to connect your Azure virtual machines to your local network infrastructure. • To connect your internal data center to Azure virtual machines by using a secure connection.microsoft. but they cannot use any VPN-based connections. you create a Cross-Premise virtual network. We recommend that you evaluate your need for virtual networks before you deploy Azure virtual machines. you can create two types of virtual networks in Microsoft Azure. your solution for networking in Azure will fall into one of the following categories: no virtual networks. This means you cannot move your existing Azure virtual machines into a virtual network that is already deployed. . you can run a service in an Azure VM that uses data stored on your locally deployed storage. In this case. For example. it is important that you carefully plan virtual network deployments for resources in Azure. virtual networks created in Azure support cloud services only. However. Cloud services in Azure that can use virtual networks include cloud services and virtual machines. your Azure Website will be able to access the on-premises systems through this integration. Azure websites support integration with the Azure virtual networks. you should specify your virtual network name and the role/subnet mappings in the network configuration section. each with its own application files and configuration.Virtual Network Awareness Virtual machines deployed in a cloud utilize virtual networks in Azure the most. MCT USE ONLY. you will have to delete and then redeploy the service. . you cannot move it in and out of the virtual network. STUDENT USE PROHIBITED 4-4 Virtual Networks Currently. At the time of writing this course. Integration between Azure Websites and the Azure virtual network enables your website to access resources running your virtual network. When you configure your service. You do not have to change your application code for this. within virtual networks. you can deploy cloud services with web and worker roles such as those in Platforms as a Service (PaaS). but other Azure services can also use them. If you want to move the service. If your virtual network is connected to your onpremises network. A cloud service consists of one or more web roles or worker roles. but Microsoft Azure SQL Database does not. Also. This includes the ability to access web services or databases running on your Azure virtual machines. once you deploy a service to a virtual network. the only thing you should configure for the Azure virtual network is the Virtual Network Address Space. If you decide to have a crosspremise virtual network. you will have the option to configure Domain Name System (DNS) servers for your network. or want to use dedicated DNS servers for your Azure virtual machines. You can also configure additional subnets within these address spaces.168.0 with variable length subnet masks.0. you have the option to configure DNS servers for each virtual network you create. You can configure the location by selecting a region from the drop-down list. you will learn about virtual network components. you must configure several components and properties.0.0. By default. Also. This location specifies where you want your virtual machines to reside when you deploy them to the virtual network you are creating. When you start a wizard to create a new virtual network. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 4-5 Lesson 2 Creating a Virtual Network To create and use virtual networks. you must configure additional elements. each virtual machine that you assign to this network will be located in this same region. However. In this lesson. IP addresses from ranges configured here will be dynamically assigned to your virtual machines. you specify the address space that you want to use within the virtual network you create. After you configure your network location. configuration steps are simpler. For example. • Create a virtual network. 172. and 192. • Describe the Microsoft Azure Traffic Manager. Lesson Objectives After completing this lesson. you should configure the Location parameter. It is not possible to change the region associated with your virtual network after you create it. You may choose any name. You can choose between 10.0. and how to create virtual networks. When configuring the Virtual Network Address Space. If you do not want to connect your virtual network with an on-premises infrastructure. . Virtual Network Components When you create a virtual network in the Azure portal. Azure provides name resolution for your virtual network. For cloud-only virtual networks. but it cannot start with a number.16.MCT USE ONLY. you will be able to: • Describe virtual network components. you will learn about Microsoft Azure Traffic Manager.0. because you do not have to create a gateway to your on-premises infrastructure. you first have to provide a network name. After you select your virtual network name. However. if you indicate that your network is located in the South Central US region. you cannot use these IPs for connection endpoints on the Internet.0. if you have more advanced DNS requirements. you should configure several configuration options. To achieve this type of optimization. 4. 2.windowsazure. Queries for the IP address will go to Azure DNS servers. Azure Traffic Manager When you implement an application in Microsoft Azure. Name the network VNET1. you must select pointto-site or site-to-site connectivity options on the DNS Servers and VPN Connectivity page of the wizard. 6. Finish the wizard and create a network. and directs the user to the appropriate Azure data center. and specify your local IP scope.16. Choose to create a new virtual network. If it finds one. If you choose to create site-to-site connectivity. Demonstration: Creating a Virtual Network In this demonstration. you will want to direct user request traffic across these data centers so that users experience minimal latency. the user’s machine will look up the DNS name of your application. the Azure platform provides a service called Azure Traffic Manager. and choose West US as the location. Sign in to your Azure subscription at https://manage. Select 192.168.0/16 subnet and name it Subnet-2. Click Networks in the navigation pane. based on policy. 7. For point–to-site connectivity.0/24 for Virtual Network Address Spaces.MCT USE ONLY. When a user wants to access your application or a web site.0. 3. Do not make changes to DNS Servers and Connectivity options. Demonstration Steps 1. Azure Traffic Manager calculates the most efficient connection for the specific user. you will want to provide efficient and fast access to it for the end users. DNS in Azure will then search for the Traffic Manager policy for the name that was received in a query. 5. you will see how to create an Azure virtual network. In situations where you deploy an application in multiple Azure data centers (such as when you deploy several virtual machines in different Azure regions).com. you must select the IP address range that will be used for VPN clients. 8.0. you will have to configure on-premises VPN device IP address. . Add 172. This service intelligently directs requests from users across instances of an application running in different Azure data centers. STUDENT USE PROHIBITED 4-6 Virtual Networks If you choose to connect your virtual network with your on-premises infrastructure. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 4-7 When you create an Azure Traffic Manager policy for your application. If you choose this option. Usually. Azure Traffic Manager periodically checks all instances of the application that it manages. • Failover. . Traffic Manager directs all client requests to the data center that you specify in the policy. this will be the data center that is geographically closest to the user. It periodically pings each copy of the application via an HTTP GET and records the response. If there is no response. If you choose this option. Traffic Manager directs requests to other data centers in the priority order defined by the policy. there are three options that you can configure to determine how Azure Traffic Manager behaves: • Performance.MCT USE ONLY. Azure Traffic Manager equally distributes client requests across all data centers in which the application is running. If you choose this option. • Round Robin. If the data center is unavailable. it stops directing users to that instance of the application until it reestablishes the connection. Traffic Manager sends all client requests to the data center with the lowest latency from the user system. point-to-site is best if you want to enable your clients to connect to the Azure virtual network from remote locations. you might need point-to-site VPN connections for remote clients that require a connection to Azure. if you want to establish a secure connection from your computer (or from your local network resources) to the Azure virtual network. Although site-to-site VPNs will probably be the ideal solution when you want to extend your data center to Azure. if you want to configure just a few clients from your network to connect to the Azure virtual network. This type of VPN connection does not require that you have a VPN device. there are some scenarios where point-to-site VPNs are more appropriate. you do not need to have a static IP address assigned to the VPN client. you will learn about point-to-site VPN connections and how to implement them. you might need to initiate a remote connection to the Azure virtual network. However. . Lesson Objectives After completing this lesson. a pointto-site VPN is the appropriate solution. you have to create a VPN connection. you establish a connection by using a software VPN client that you install on each machine from which you want to initiate a connection to the Azure virtual network. Also. you will also have to establish a point-tosite connection. STUDENT USE PROHIBITED 4-8 Virtual Networks In many scenarios. In addition. Overview of Point-to-Site VPN By default.Lesson 3 Implementing Point-to-Site Networks MCT USE ONLY. With point-to-site VPNs. In site-to-site VPNs. such as hotels or airports. In this lesson. you will be able to: • Describe a point-to-site VPN connection. • Set up a point-to-site VPN connection. For example. you establish a VPN connection throughout your whole local network infrastructure. By setting up a point-to-site VPN connection. If you do not have an externally facing IPv4 IP address for your VPN device. • Describe the requirements for a point-to-site VPN connection. point-to-site and site-to-site configurations can exist concurrently. Azure virtual networks give you the ability to initiate a secure point-to-site VPN connection from anywhere. each virtual machine that you create in Azure is accessible by an RDP or an SSH connection. Because of this. you can create individual connections from client computers that you want to connect to the Azure virtual network. You can establish a point-to-site VPN connection manually by initiating a connection from the client. and you use a VPN device on your side. by using a software VPN client. Even when you have implanted a site-to-site VPN. It is important that you export certificates in . or use a software distribution mechanism. You can generate certificates for all clients on a single machine. You create these certificates manually by using the makecert command line utility (part of Microsoft Visual Studio tools).0. Only the virtual network gateway uses the gateway subnet. so you must use self-signed certificates. such as Microsoft System Center Configuration Manager. This address space must be from the private range 10. you cannot use an internal certification authority (CA) to generate these certificates.MCT USE ONLY. 172. export them. This network address space also should not overlap with address space that you use in your on-premises environment. you will be required to configure address space for IP addresses that you want to assign to cross-premises clients connecting through a point-to-site connection.0/8. You must install a client certificate on each computer that you want to connect to the virtual network.0.0. Each point-to-site VPN requires that you configure a dynamic routing gateway. Currently. When you create a virtual network in the Azure portal and select the option to enable point-tosite connectivity. You use certificates to perform authentication for the clients that are initiating a point-to-site VPN connection. Also.0/16. .pfx format that includes the private key. so you must generate a client certificate for each machine that you want to connect to the Azure virtual network. The next topic will cover the certificate generation process Based on generated certificates and the dynamic gateway. the Azure platform will generate VPN client software that you should install on each machine that will be connecting to the Azure virtual network. Currently. A point-to-site VPN requires a gateway subnet. You can then manually install VPN client software on each machine. You must ensure that the range you select here does not overlap with other virtual networks or networks on your local site.16. You must first create a root certificate and upload it to the Azure management portal. Then you create client certificates used for authentication. you will have to configure virtual network address space that will be used within the virtual network you are creating.0. it does require that you configure certain settings before beginning the process. the Azure platform supports the following operating systems as clients: • Windows 8.0/12. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 4-9 Overview of Requirements for Point-to-Site VPN Although creating a point-to-site VPN connection is fairly simple. and then import on each client.1 (32-bit and 64-bit) • Windows 8 (32-bit and 64-bit) • Windows 7 (32-bit and 64-bit) • Windows Server 2012 R2 (64-bit only) • Windows Server 2012 (64-bit only) • Windows Server 2008 R2 (64-bit only) You will choose to download the 32-bit or 64-bit VPN client. or 192.168. You will see the configuration page where you can configure address space for VPN clients. 2. During the wizard. You would typically use the following process to create and configure a virtual network with pointto-site connectivity: MCT USE ONLY. you will also have to configure these parameters. Create a dynamic routing gateway. you should upload it to Azure by using the Certificates tab in the Network configuration pane. 4. we recommend that you configure point-to-site connectivity when you create an Azure virtual network. It usually takes up to 15 minutes to create the gateway. However. you should select the check box for enabling point-to-site VPN capability. and gateway subnet. If you have already created virtual networks. you should export them in the .Setting Up a Point-to-Site VPN You can use the Azure management portal to create a point-to-site VPN. A gateway is a mandatory component for a point-to-site VPN connection. If you enable point-to-site connectivity on an existing virtual network. Because of this. . You can generate as many client certificates as needed by using this same command and typing different values for ClientCertificateName. As described earlier.pfx format and import them on the client machines that will be connecting to the network. Ensure that you also install the client certificate from step 3 before you initiate the VPN connection. You should download the appropriate VPN client (32-bit or 64-bit) and install it on client machines that will be initiating a VPN connection. To create a root self-signed certificate. After you configure a dynamic gateway and certificates. You must enable a dynamic routing gateway after you create your virtual network with point-to-site connectivity. but with different parameters. As the previous lesson described. you should start the wizard for creating a new virtual network. you should issue the following command: makecert -sky exchange -r -n "CN=RootCertificateName" -pe -a sha1 -len 2048 -ss My "RootCertificateName. You use the same commandline utility as for the root certificate. Then you should create client certificates. STUDENT USE PROHIBITED 4-10 Virtual Networks 1. For example: makecert. We recommend that you create unique client certificates for each computer that you want to connect to the virtual network. After you create the client certificates.exe -n "CN=ClientCertificateName" -pe -sky exchange -m 96 -ss My -in "RootCertificateName" -is my -a sha1 This command creates a client certificate in a user’s Personal store on the computer where you issue this command. you will be see a link to download a VPN client for a supported operating system. Create certificates. you might have to change other configuration parameters. certificates are used for VPN authentication purposes. you can enable them for point-to-site connectivity. Create a virtual network. Download and install the VPN client software.cer" After you create the root certificate. the virtual network address space. 3. Open the Azure management portal and navigate to NETWORKS.MCT USE ONLY. Type makecert.cer". click to create gateway. and then press Enter. 4.0/24 is selected.0. on the DASHBOARD tab. 7.0. Notice that you have options for ADDRESS SPACE available in the point-to-site connectivity section. Switch back to the Azure management portal. . Enable the Configure point-to-site connectivity option and save changes. In the command prompt window.exe -n "CN=VNET1Client" -pe -sky exchange -m 96 -ss My -in "VNET1Cert" -is my -a sha1. Demonstration Steps 1. and then press Enter. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 4-11 Demonstration: Set Up a Point-to-Site VPN In this demonstration. Restore the command prompt window. 3. 5. Switch back to the Azure portal and in the VNET1 configuration pane. Upload the certificate that you just created and stored to C:\temp. Open the configuration pane for VNET1. 6. Open Developer Command Prompt for VS2013 as administrator. 8. you will see how to create a point-to-site VPN connection. Ensure that 10. type makecert -sky exchange -r -n "CN=VNET1Cert" -pe -a sha1 -len 2048 -ss My "C:\temp\VNET1Cert. and click the CERTIFICATES tab on the VNET1 portal. 9. 2. Do not close the command prompt window. 0. you will be able to: • Create a virtual network. Do not make changes to the DNS Servers and Connectivity options.168. 3. you decided to implement point-to-site VPNs. • Add point-to-site connectivity. 8. . Add the 172.com. Select NETWORKS in the navigation pane. 5.0/24 as the range for Virtual Network Address Spaces. A. Datum wants to evaluate ways to connect remote workers to cloud resources by using VPN. 7. Exercise 1: Creating a Virtual Network Scenario As a first step in deploying virtual network infrastructure. Name the network VNET1. Also. 2. you will have created a new virtual network.0.windowsazure.  Task 1: Create a virtual network 1. To address this requirement.Lab: Create a Virtual Network Scenario MCT USE ONLY. Lab Setup Estimated Time: 60 minutes Sign in to your classroom computer by using the credentials your instructor provides. you want to create a new virtual network. Objectives After completing this lab. Datum Corporation is planning to create several cloud-based virtual machines. Finish the wizard and create a network. You must have successfully completed Lab 1 before you start working on this lab.0/16 subnet and name it Subnet-2. Select the IP range 192. Create a virtual network. You want to create a configurable network to control communication between these virtual machines. The main task for this exercise is as follows: 1. Results: After completing this exercise. Choose to create new virtual network.16. and choose West US as location. 4. Sign in to your Azure subscription on https://manage. 6. • Create a virtual machine from the Gallery. STUDENT USE PROHIBITED 4-12 Virtual Networks A. 2. and then press Enter. which confirms that your servers can communicate via virtual network VNET1. Create a virtual machine. Test virtual network connectivity. Note the Internal IP address assigned to Server2.com and sign in with the Microsoft account associated with your Azure subscription. You will create two virtual machines and assign them to the VNET1 virtual network. 2. . connect to the Server1 virtual machine by using an RDP connection. 2. connect to the Server2 virtual machine by using an RDP connection. 3. Create a new virtual machine in the Azure preview portal with following parameters: o Host name: Server1 o User name: server1-admin o Password: Moc1500! o Pricing tier: Basic A1 o Virtual Network: VNET1  Task 2: Create a second virtual machine • Create a new virtual machine in the Azure preview portal with following parameters: o Host name: Server2 o User name: server2-admin o Password: Moc1500! o Pricing tier: Basic A1 o Virtual Network: VNET1  Task 3: Test virtual network connectivity 1. Ensure that the server opens.azure. The main tasks for this exercise are as follows: 1. On the Server1 machine. In the Azure preview portal. type \\IPaddressofServer2. 3.  Task 1: Create a virtual machine 1. Note the Internal IP address assigned to Server1. you will have created two new virtual machines and assigned them to VNET1. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 4-13 Exercise 2: Creating Virtual Machines from the Gallery Scenario After creating a virtual network. you want to assign virtual machines to it. 5.MCT USE ONLY. 4. In the Azure preview portal. open File Explorer and in the address bar. Open the Azure preview portal at https://portal. Open Network and Sharing Center on Server2 and enable Network discovery and file sharing. Create a second virtual machine. Results: After completing this exercise. 0. Results: After completing this exercise. Restore the command prompt window. Do not close the command prompt window. 12. Switch back to the Azure management portal. and press Enter. 2. click to create the gateway.Exercise 3: Add Point-to-Site Connectivity Scenario After creating a virtual network and virtual machines. Open the Azure management portal and navigate to NETWORKS. and click the CERTIFICATES tab on the VNET1 portal.0/24 scope assigned to PPP adapter VNET1. The main task for this exercise is as follows: 1. 5. Notice that you have options for ADDRESS SPACE available in the point-to-site connectivity section. Upload the certificate that you just created and stored to C:\temp.0. 7. After gateway is created. 3. 10.  Task 1: Add point-to-site connectivity MCT USE ONLY. 8. In the command prompt window. you want to enable point-to-site functionality on existing virtual networks. you will have established a point-to-site connectivity. Open Developer Command Prompt for VS2012 as administrator. 9.0. Add point-to-site connectivity. Open the configuration pane for VNET1. Type the following command: makecert. Enable the Configure point-to-site connectivity option and save changes. download 64-bit VPN client from DASHBOARD and install it on the classroom machine. type: makecert -sky exchange -r -n "CN=VNET1Cert" -pe -a sha1 -len 2048 -ss My "C:\temp\VNET1Cert. 6.cer" and press Enter.exe -n "CN=VNET1Client" -pe -sky exchange -m 96 -ss My -in "VNET1Cert" -is my -a sha1. 4.0/24 is selected. STUDENT USE PROHIBITED 4-14 Virtual Networks 1.0. on the DASHBOARD tab. 13. . Ensure that 10. Initiate VPN connection by using VPN client and ensure that you can establish it. Disconnect from VNET1. and establish a VPN connection from your computer. Unblock the file that you downloaded before starting installation 11. Switch back to the Azure portal and in the VNET1 configuration pane. Execute ipconfig command in Command prompt and ensure that you have IP address from 10. analyze your requirements and determine what type of virtual network you need. Troubleshooting Tip .MCT USE ONLY. especially if you are going to implement cross-site connectivity. can you initiate a point-to-site connection? Best Practice • Before you create any virtual networks. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 4-15 Module Review and Takeaways Review Questions Question: Is it mandatory to setup the Domain Name System (DNS) on your Azure virtual network? Question: If you have machines running Windows XP and Windows Vista. • Carefully plan address space for virtual networks. The VPN client cannot establish a pointto-site VPN connection. • Use point-to-site VPNs when you want to provide access from single computers at remote locations to your Azure virtual network. Common Issues and Troubleshooting Tips Common Issue You do not see an option to download the VPN client for a point-to-site connection. • Issue a separate client certificate for each client that will be using a point-to-site VPN. STUDENT USE PROHIBITED .MCT USE ONLY. You can use storage in Azure for virtual machines. • Create and manage storage in Azure.MCT USE ONLY. you will learn about cloud storage in Microsoft Azure. Microsoft also offers storage that you can use for various purposes. but also for databases. STUDENT USE PROHIBITED 5-1 Module 5 Cloud Storage Contents: Module Overview 5-1 Lesson 1: Understand Cloud storage 5-2 Lesson 2: Create and Manage Storage 5-12 Lab: Configure Azure Storage 5-18 Module Review and Takeaways 5-20 Module Overview As a part of the Microsoft Azure platform. In this module. available in Microsoft Azure. you will be able to: • Describe the features and benefits of cloud storage. . can reduce the size of your storage banks and provide you more flexibility for managing your storage requirements. and message queueing. tables. Objectives After completing this module. Cloud-based storage. • Describe Azure storage best practices. and other services outside of Azure. Azure Storage Overview Azure Storage is cloud-based storage that can be quickly provisioned and used across a variety of platforms. • Describe blobs. Cloud-based storage is provisioned from your storage account. and File storage.Lesson 1 Understand Cloud storage MCT USE ONLY. text or binary. You can use Azure Storage across all of the other Azure services that require storage services. You create your storage account from the Azure portal. • Describe queues. documents. • Compare storage options. To use Azure storage. it is important that you have a good understanding of the available storage options and the storage types that you can use in Azure. services. The following lesson covers storage accounts and their management in more detail. • Describe storage replication options. • Blob storage can store any type of data. • Describe tables. you must have a valid Azure subscription. • Table storage is a NoSQL key-attribute data store. . such as media files. installation images. STUDENT USE PROHIBITED 5-2 Cloud Storage Before you implement and use cloud-based storage. or you can create it by using the representational state transfer (REST) application program interface (API). Queue storage. A storage account is a mandatory component for all tasks that involve storage in Azure. In this lesson. Lesson Objectives After completing this lesson. you will learn about cloud storage in Microsoft Azure. and communication between components of cloud services. Table storage. The Azure storage services include Blob storage. and you must create your storage account. and applications. and other types. • Describe Azure File services. and you configure it based on your needs. Typically. • Queue storage provides reliable messaging between applications and workflow processing. which allows for rapid development and fast access to large quantities of data. such as your applications deployed locally. you do not manage and configure storage within the Azure platform the same way that you manage your onpremises storage. you will be able to: • Describe Azure storage. Some of these scenarios will be covered in later lessons. Typical Usage of Azure Storage The flexibility of Azure storage enables you to use it in a wide range of scenarios. • Backups. it can accommodate big data and can help facilitate analysis of that data. This type of use is an excellent fit for Azure Storage because Azure Storage is spread across worldwide datacenters. OneDrive is integrated into Windows 8 and newer versions. These networks and applications both rely on data sharing. big data services such as Hadoop have tried to provide such services. uses Azure Storage. table storage. table storage. demos. The following list describes a few examples of public use of Azure Storage: • Microsoft Xbox One. Xbox One has a feature that enables users to record in-game action as video so that users can share game action with friends on social networks or on the Internet. OneDrive is a cloud-based storage service for end users and organizations that want to store files in the cloud and share files with others via the cloud easily. virtual machines can share data across application components through mounted shares. but you also can back up devices and other items to Azure—including smartphones and personal computers. and on-premises applications can access file data in a share through the File service REST API. this data becomes more valuable after it has been analyzed. or labs. • Bing. • Skype. Companies have to back up their data. which enables users to transfer files to the cloud storage by simply right-clicking on a file and choosing to send it to OneDrive. With Azure Storage. • Building data-sharing applications. • Microsoft OneDrive. The Skype service uses blob storage. In recent years. you can use Azure as your off-site location. Because Azure Storage is cloud-based. Everyday services that individuals access or consume might be built on and delivered from Azure Storage. The following core uses will help you understand Azure storage better. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 5-3 • File storage offers shared storage for applications that use standard SMB 2. Azure Storage is used in Bing to store Twitter and Facebook public status feeds that are sent to Bing. Formerly known as Microsoft SkyDrive. table storage. known as the Game DVR feature. • Big data storage and analysis.1 protocol. companies and users have been generating increasing amounts of data. Note that there are many other scenarios in which Azure can be a solution. Other Xbox features also use the Azure Storage blob storage. and they often need to present data to people worldwide. Social networks and applications are very popular and are growing rapidly. Existing Public Use of Azure Storage Public use of Azure Storage is increasing. and to provide Bing search results. In some cases. but the users might not always realize it. especially infrastructure-based scenarios that involve virtualization. A good practice is to back up your data to an off-site location so that your data is safe in case of a local disaster.MCT USE ONLY. With the growth of social networks and smart homes. The search engine Bing uses blob storage. . This feature. and queue storage features. With file storage. and queue storage for Skype video messaging. OneDrive uses blob storage in Azure. Types of Azure storage will be discussed with more detail in other topics in this lesson. Not only can you back up your infrastructure and Azure services to Azure. and queue storage in Azure. with a capacity of up to 500 terabytes (TBs) for each storage container.com/fwlink/?LinkID=517443 What Are Blobs? A binary large object (blob) is commonly a type of data that can be stored in a database but not in the form defined by database. Thereafter. such as an image or media files. Both blobs and containers can also have associated metadata. Also. prices in USD range from 2. • Amount of data transferred out of Azure. Block blobs are optimized for streaming audio and video. and configuration data. backups. STUDENT USE PROHIBITED 5-4 Cloud Storage Azure Storage pricing varies depending on how you use and configure the storage. Note that data goes into Azure at no charge. Metadata for a container or blob resource is stored as name-value pairs associated with the resource. and as low as five cents per GB for higher use in the least expensive zone. Additional Reading: For the latest Azure Storage pricing. the file is divided into blocks. At the time of writing this course. This results in a faster upload time. Note: The prices shown above were current at the time we wrote this course. Blobs are organized into containers. • Number of read and write operations to Azure Storage. Blobs are appropriate for general storage use. based on zones.Azure Storage Pricing MCT USE ONLY. Data going out is charged per gigabyte. Each block from a single blob is identified by a Block ID. Metadata names must adhere to the naming rules for C# identifiers. Some regions are more expensive than others. blob data can be modified on the block level. Pricing varies widely based on the type of storage you use. It can store data such as documents. Also. Azure Storage pricing is based on three elements: • Storage capacity. image files. In addition. Blob storage in Azure stores unstructured data. This means that individual .2 cents per gigabyte per month to up to 12 cents per gigabyte (GB) per month. There are two types of blob storage: • Block blobs. Blob storage supports snapshots and can be used with the content delivery network (CDN).0005 cents per 100. data is charged at up to USD 25 cents per gigabyte for lower use in the most expensive zone. The current price for storage transactions is . The blob data type usually exists as plain binary data. similar to data that you would find on a file server. most of the other file types that you upload to your Azure Storage will be stored in block blobs. which is also called data egress. go to http://go. The region where the data is stored also affects Azure Storage pricing.000 transactions. when it comes to data modification. When you upload a large file to a block blob. The maximum size of a block is 4 megabytes (MBs) and the maximum size of a block blob is 200 GB. and can also include an MD5 hash of the blob content. Pricing changes frequently.microsoft. pricing is based on the type of storage. The first 5 gigabytes of data transferred out is free. which can be uploaded concurrently and then then combined together into a single file. NoSQL uses a relational database without a typical relational management database system or traditional SQLstyle tables. blob storage in Azure provides persistent data storage for Azure Cloud services because hard drives used in Cloud service instances are not persistent. At the time of writing this course. All blobs are located in storage containers.blob. but total size of storage containers cannot exceed 100TB. Most commonly. you can use blob storage to share files with clients or to offload some content from your web server. An Azure Storage account can contain an unlimited number of containers. Table storage can accommodate any number of tables. Operating system drives in Azure virtual machines use page blobs. existing blocks can be replaced by other blocks. key/value pairs are used in NoSQL. including Storage. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 5-5 blocks can be added to an existing blob. Instead.windows. Alternatively. Page blobs are 512-byte pages. are based on a REST API over HTTP/HTTPS which means it is possible to make your own calls from your code to that API. To use blob storage. is used to describe group of entities. in the context of Azure. Table storage.js SDK • Ruby SDK • Python SDK All the Azure services. and some specific blocks within a blob can be deleted. For example. meaning that all values in a table are stored with a property name.NET SDK / . you must create one or more containers within your storage account. There are several scenarios in which you use blob storage in Azure. What Are Tables? The term table.core. the following languages and platforms are supported: • .NET API Reference • Java SDK / Java API Reference • PHP SDK • node. Currently. this type of blob is used to storage virtual hard drives for virtual machines. is based on the NoSQL concept. They are optimized for random read and write operations. The maximum size of a page blob is 1 TB. it is not possible to change the type of blob storage once you create it. Entities that are present in the table do not necessarily have the same structure or the same schema.net/<container-name>/blob-name Microsoft provides several Software Development Kits (SDKs) and APIs that developers can use for programmatically working with blob storage. Storage containers are created by using the Azure portal. Entity is a collection of properties and values stored together in the table. • Page blobs. Each blob can be accessed uniquely by using a URL in the following format: http://<storage-account-name>. Table storage uses key-attribute storage. This type of storage is similar to a database or an . Also. up to 200 TB per storage account. called Azure Tables in Azure.MCT USE ONLY. Double. an online service to translate documents from German to English could use queue storage so that all of the translation jobs could be run asynchronously. Each entity created within table storage must have the following properties defined: PartitionKey.MCT USE ONLY. and TimeStamp. . often one that is running on the Windows Server operating system and Internet Information Services (IIS). A Web role is usually a website or web application. Table storage has the following features: • The largest table can be 100 TB. • The largest entity can contain up to 1 MB of data. with the total number limited only by the total capacity of the storage account. Guid. you will need the Azure Storage Library for . Code addresses tables in an account by using this address format: http://<storage account>. Entities in the table storage support the following data types: ByteArray. The two most common uses for queue storage are: • To pass messages from an Azure Web role to an Azure Worker role.core. The key differences between table storage and a database is that there is no efficient way to represent relationships between different data in table storage. Int64 and String (up to 64 KB in size). or call the REST API.table. PartitionKey and RowKey. DateTime. Queue storage often temporarily houses jobs or tasks for processing. you can group entities in the table. This type of identification is very similar to the primary key in relational database. and a queue can contain millions of messages. The TimeStamp property includes data about the last time of modification. • Each entity can have up to 255 properties. combined. while the RowKey is an identifier for each entity. or on a non-Microsoft web server.net/<table> What Are Queues? Similar to Microsoft Message Queuing (MSMQ). uniquely identify an entity within a table. Int32. By using PartitionKey. Individual messages are limited to 64 KB. Boolean.windows. for instance. there is no database schema to handle data-rules enforcement. A Worker role is typically a Windows service or process that manages background processing tasks. entities) and support manipulating and querying the data contained in the rows. Storing and accessing data in Table storage is mostly be done from applications. In addition. Most applications use the client library to store data to the tables. STUDENT USE PROHIBITED 5-6 Cloud Storage Excel spreadsheet because all of tables have collections of rows (in this context. With C# applications. RowKey. MSMQ Azure Queue storage provides a mechanism for applications and services to pass messages to each other asynchronously. You can use Azure Queue storage to store a large number of messages that can be accessed from any location by authenticated calls made by using HTTP or HTTPs. For example. A storage account can contain an unlimited number of queues with up to 200 TB of storage for each storage account.NET to create and manage tables. . to connect to a storage account named 10979 configured with Azure File Services. disk storage. Applications. Disk storage is most often associated with virtual machines.core. The tasks are usually processed by the Worker role. You can access files stored with Azure File Services over the SMB 2. Queues can be addressed by using the following URL format: http://<storageaccount>. as follows: • You can connect to shares by using the net use command.core. By placing shared tools into Azure Files.windows.queue. For example. an organization will use all three storage methods. Note that access to Azure Files is restricted by region when using SMB 2. Note: The Azure File Services is currently in preview. disk storage is often used. When you migrate on-premises resources to the cloud. and a file share named Share1. When storage is required for a single virtual machine.1. • Disk storage. It is important to know when you should use Azure Files in your application.net\Share1 • You can connect to shares by using Windows PowerShell. The endpoint is accessible over HTTPS or by using standard Server Message Block (SMB) connectivity methods. and blob storage: • Azure Files. Often. and that access is not restricted by region when you use REST APIs. and you must manually add it to an account from the preview portal. which you can use to download content from a share. and use cases that already rely on SMB are good candidates to use Azure Files.windows.net/<queue> What Is Azure File Services? Azure File Services is a new service that provides shared folder services to other Azure resources. Another potential use is shared administrative tools and shared development tools.1 protocol by connecting to <storage-account>.windows. services. all administrators and developers can quickly and easily access the tools from Azure virtual machines. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 5-7 • To create a bucket of tasks to process asynchronously. It includes functionalities such as downloading content from Azure Files shares and creating new shares.file. the transition may be smoother if you maintain existing access methods such as SMB.file. and when you should use blob storage or disk storage. For shared storage.net. Azure File Services is one of several storage services in Azure. The following examples show common uses for Azure Files. One of the new cmdlets is Get-AzureStorageFileContent.MCT USE ONLY. • You can connect to shares by using REST APIs.core. The REST API includes many operations that are beyond the scope of this course. you could run the following command: net use s: \\10979. The new Azure Files module for Windows PowerShell has new cmdlets to support Azure File Services. disk storage is not the right solution. com/fwlink/?LinkID=398183 Additional Reading: For more information about File Service REST APIs.• MCT USE ONLY. and you cannot use any of the following characters: \ / [ ] : | < > + = . • Shared Read/Write. The following options can be used by SMB clients: • None. or delete the file will fail until the file has been closed. to an already-open file. Reference Links: To download the new Azure Files module for Windows PowerShell. go to http://go. • Container names must start and end with a number or letter. because a single storage container can support up to 500 TB of data. Declines sharing of a file that is open. • Shared Read. * ? ". However. Allows deleting of an already-open file. • Shared Write. STUDENT USE PROHIBITED 5-8 Cloud Storage Blob storage. to an already-open file. and they cannot start or end with a dash. and the storage is available in any region. often referred to as shared reads. • Directory and file names also have the following restrictions: o Names must be no more than 255 characters long. deletes will fail until the open file has been closed. You should use REST APIs with blob storage or any other supported SDK. . • SMB share names must not be more than 80 characters long. Azure Files also supports SMB file locking when a file is open. However. Allows additional reads. Allows additional writes. numbers. blob storage is the best choice when a large amount of storage is required. Blob storage provides flexibility because developers can use the APIs to develop custom solutions. Allows additional reads and writes to an already-open file. go to http://go.microsoft. o The following characters are not allowed in directory or file names: " \ / : | < > * ?. often referred to as shared writes. keep in mind the following restrictions: • Container names must be a valid Domain Name System (DNS) name between three and 63 characters.microsoft. and dashes (-). Any request to read. write. • All other Unicode characters may be used in an SMB share name. • Shared Delete. When you name files and directories in Azure Files.com/fwlink/?LinkID=517444 . In addition. writes and deletes will fail until the open file has been closed. However. deletes will fail until the open file has been closed. • Acceptable characters are letters. 99. but the replication will never cross the region you select for the primary datacenter. You cannot choose locations for geo-redundancy.9% for writes. but also is replicated in triplicate to another datacenter within the same region. already provides an additional level of availability for Azure storage.9% for all read/write 99.9% for all read/write 99. This means that the Microsoft Azure storage data that you stored within your storage account is not only stored in the primary location that you choose. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 5-9 Storage Replication Options All storage accounts in Microsoft Azure are stored on three locations that have transactionally-consistent copies in the primary datacenter. For example.MCT USE ONLY. Locally redundant storage stores three copies of the data within a single region. 3 additional copies in secondary region 3 copies within a single region. enabling geo-redundancy also replicates your storage to the East US datacenter. but you can also enable geo-replication for your storage. if you select West US as your primary location for Azure storage. Data is read from secondary source if primary one is unavailable . Locally redundant Geo-redundant Read-access geo-redundant Redundancy 3 copies within a single region 3 copies within a single region.95% for reads. Geo-redundant storage stores six copies of the data across two regions in the same geography. The following table compares the replication types currently available. This approach. 3 additional copies in secondary region Read access to replicas in secondary region N/A No Yes Availability service level agreement (SLA) 99. which can be considered as local redundancy. Blob storage contains unstructured data of various types. This topic reviews the available options for storage. in various scenarios. Azure table storage works with structured. This type of storage also can be accessed from any location by using HTTP or HTTPS protocols. Azure storage provides different types of storage for you to use. foreign keys. MCT USE ONLY. media files. • Storing files for distributed access. Some common usage scenarios for blob storage are: • Providing access to images. It presents a NoSQL data store that can accept calls from services inside Azure and from services outside the Azure environment. . Similar to Table storage. image or media files. but non-relational data. • Storing data for analysis. • To access data by using the Open Data (OData) protocol and LINQ queries with WCF Data Service . and that can be denormalized for fast access.NET Libraries. • To pass messages from an Azure Web role to an Azure Worker role. and their typical usage scenarios. Common scenarios of usage for Azure table store are: • To store large amounts of structured data capable of serving web applications. You can also use blob storage to publish your data to external users via URL locations. The Azure table storage is scalable. or as internal application storage. and documents by using a web browser. • Streaming audio and video. • Providing backup and restore. such as documents. and virtual hard drives in virtual machines. • To query data quickly by using a clustered index. The Azure Queue storage stores messages that applications exchange. or stored procedures. Queue storage is very scalable and can store millions of messages. STUDENT USE PROHIBITED 5-10 Cloud Storage Unlike blobs. Common usage scenarios for Queue storage include: • To create a backlog of work to process asynchronously. • To store data sets that do not require complex joins. and it can store large data sets.Compare Storage Options As we have explained in previous topics. JSON reduces the payload size. The number of requests that are made against the storage. table. you should also use multiple storage accounts for each region. For example. tables.MCT USE ONLY. By uploading multiple blobs simultaneously. • Number of storage transactions. or queue. per storage account. One way to reduce cost is to create multiple storage accounts that are individually tuned to the SLA requirements for each data type. Storage transactions are typically charged for each 100. which is the amount of data that is being used by the blob. use JavaScript Object Notation (JSON) to transmit data to the table service. then egress data is sent out of that particular Azure Storage region. Azure offers an Azure Storage Analytics tool that you can use to easily review your logs and metrics. Another best practice is to avoid using CreateIfNotExists repeatedly if you know that your queues. This gives you maximum flexibility while ensuring that the data being used by a service or application stays as local as possible. However. Another best practice when you use table storage is to avoid repeatedly scanning the tables. including blobs. Therefore. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 5-11 Azure Storage Best Practices and Considerations By following the best practices for using Azure Storage. you can maximize the performance. Therefore. also known as the number of storage transactions. Azure Storage provides a clustered index. which in turn increases latency. and files.000 transactions made across all storage types. per region. The egress data from the storage region is another aspect of Azure Storage pricing. which in turn reduces the latency of the table storage. The Azure Storage Client Library 3. and tables are all created and will never be removed during the lifetime of the application/deployment. containers. is another important cost factor. Therefore. and per replication configuration. You can upload multiple blobs simultaneously to maximize the upload performance of blob storage. queues. the more affordable option of using only locally redundant storage might be the best option for non-critical data. • Replication options. . you can use a separate storage account for critical data that allows geographically redundant replicas of the data to be created. often is determined by the requirements of the users and the business systems. it might not be important for non-critical data to be replicated to multiple regions.0 supports JSON for table storage. you should group services together in the same region to attempt to reduce or eliminate egress data charges. The replication type is also an important factor in cost because using fewer copies of data can cost less. The Azure Storage service has specific limits for ingress traffic. Transactions are defined as both read and write operations to the Azure Storage. To maximize the performance of table storage. which is a combination of the PartitionKey and RowKey that you can use to avoid table scans. If the Azure Storage is accessed by another service that is not running in the same region. and security meet or exceed expectations. you can manage cost. Storage capacity. • Egress data from the storage region. we recommend that you always use PartitionKey in each query you create. and has been optimized specifically for Azure Storage. In addition to using multiple storage accounts for replication types. availability. The four factors that will influence your costs are: • Amount of storage used. You should also monitor your logs and metrics to ensure that performance. and you can use each one for a different purpose. Creating and Managing Storage Accounts A storage account is an account that is created in Azure to gain access to Azure Storage services.Lesson 2 Create and Manage Storage Before you start to use Azure storage. Storage accounts provide endpoints to access the storage services. you can have multiple storage accounts. you must create appropriate storage containers for your data. • Location/Affinity Group. To quickly create a storage account. • Create and manage blobs and tables by using Microsoft Visual Studio. The URL for your storage account must be unique worldwide. This is the regional datacenter or affinity group where the storage account will be created. you will learn how to create and manage storage in Azure. A storage account is connected to an Azure region and configured for specific storage replication. which are created when the storage account is created. • Create a blob by using Azure Web Storage Explorer. and then choose appropriate tools for managing data in your storage account or accounts. you need to supply the following information: • The URL. This is the unique name supplied for the storage account. Also. In a single Azure subscription.net. you must first create your storage account and configure its properties. STUDENT USE PROHIBITED 5-12 Cloud Storage You can create storage accounts by using a wizard from the Azure management portal. such as locally redundant storage (LRS). In this lesson. • Create a table.windows. and you can configure each one with different settings. • Create a blob. Lesson Objectives After you complete this lesson. The endpoints are unique URLs for accessing the storage services. you will be able to: • Create and manage storage accounts. The following regions are location options: o East Asia o Southeast Asia o North Europe o West Europe o East US . and it always ends with *. MCT USE ONLY. Each storage account is secured by two 512-bit access keys.core. • Replication. However. It is important to keep informed about the available regions so that you can align them with your organizational regions. This tool is a web-based storage management tool that is used mainly for uploading and downloading content via a browser. • Azure Software Development Kit (SDK) for . All Azure Storage can be managed by using REST APIs. it can be used by four types of storage: blob storage. Microsoft Azure SQL database cmdlets. After a storage account has been created. . You can perform the vast majority of Azure storage management tasks with the Azure module. ZRS stores the equivalent of three copies of your data across multiple data centers. Management can occur over the Internet by using HTTP or HTTPS. This is the setting that determines whether your storage is locally redundant or redundant across more than one datacenter. empty.MCT USE ONLY. They help you meet organizational data security policies that might be based on region and that must adhere to local laws. Developers can create containers. Note that Microsoft will soon introduce zone-redundant storage (ZRS). and can be no larger than 4 TB. to an Azure data center. The Azure module for Windows PowerShell has dedicated management cmdlets for Azure. • AzCopy. The most popular ones include: • Azure Web Storage Explorer. For example. This free downloadable command-line tool is designed for moving small-sized and medium-sized amounts of data into and out of Azure. most of which are outside of the scope of this course. or Read-Access Geo-Redundant. In addition. • Import/Export service. Geo-Redundant.5-inch Serial Advanced Technology Attachment (SATA) II/III. The external hard drives must be 3. upload blobs to a container. and Azure profile cmdlets. you must encrypt the data with BitLocker before you ship it. Microsoft continues to expand and revamp its datacenters and regions. and files storage. The cmdlets are organized into different groups such as Azure managed cache cmdlets. queue storage.NET. table storage. Tools for managing Azure Storage There are numerous tools and services in addition to the Azure management portal that you can use to manage your Azure Storage.NET or by using Azure Management Libraries for . you should use the import/export service for very large amounts of data that would take several days to transfer with AzCopy.NET. The options are Locally Redundant. The import service imports data from hard drives you ship to an Azure data center into Azure Storage. • Windows PowerShell. The export service ships you your organization’s Azure Storage data on a hard drive that you sent. When you send data by using the import service. list blobs in a container. regions play a big role in security and compliance. and in Azure through Azure–-hosted resources. • REST APIs for Azure. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 5-13 o West US o Japan East o Japan West o Brazil South o North Central US o South Central US • Subscription. This is the Azure subscription with which the storage account will be associated. two new regions have been announced for Australia. Storage also can be managed by using the Azure SDK for . and delete blobs from a container by using the Azure SDK for . This service is useful when you transfer the data over a network would be too expensive or otherwise impractical.NET. you can start to upload or create blobs. For example. such as web. Reference Links: To access the Azure Web Storage Explorer tool.microsoft. You cannot use the Azure portal to upload blobs. MCT USE ONLY. you should use Containers pane to create a new container. For example.com/fwlink/?LinkID=517445 Creating a Blob To create a blob. By default. go to http://go. In the Azure preview portal. and new tables and queues. you should open Solution Explorer in Visual Studio. If the application that you are working on is not Azure cloud service. open the properties of your web role or worker role. and then in the roles folders. Access keys and the storage account name are created when you first create the storage account. You should then choose the Settings tab and select to add new settings. but you can use alternative tools or code in your application to do this. which means that no anonymous access will be allowed. STUDENT USE PROHIBITED 5-14 Cloud Storage After you create a container in your storage account. then you can use . you can use the Azure Web Storage Explorer to upload files from your computer to the storage container in your storage account. and also a container within the storage account. you need to use your storage account name and access key for your storage account. You can use the Azure portal to create containers in your storage account. Besides configuring container name. and you can view them at any time by browsing to your storage account in Azure preview portal.When you export data. .config. All data will be encrypted before it ships. you should choose the Connection String type.microsoft.NET configuration files. You can also use this same tool to create a new container for blobs. and queues. each storage container access is set to Private. you should select your storage account and then in the storage account administration pane. you must provide a supported hard drive.com/fwlink/?LinkId=517528 Additional Reading: For more information on Azure Storage Explorers. to configure a connection string for your storage account. you can also configure access type for each storage container. tables. you must first create a storage account. and a BitLocker key will be provided through the management portal. and then type your storage account name and access key in the Create Storage Connection String window. To access your storage account using Azure Web Storage Explorer. when you create a web or a worker role that requires access to a private storage account. go to http://go. you should first configure the connection string for Azure service configuration. For the new setting.config and app. You can also choose to enable blob list or access through anonymous requests. The files that you upload are saved as blobs. To access and manage your storage account and create blobs from Visual Studio. and then clicking on the Keys tile. 3. you will see how to create a blob by using Azure Web Storage Explorer. By using this procedure. Go to the Azure Web Storage Explorer page at http://azurestorage. you should first obtain an assembly that contains the Azure storage management classes. If you do not have reference to Microsoft.net/login. In the code that you want to use to programmatically access Azure Storage.txt in your Documents folder.Storage.NET Framework. you should first add Azure declarations at the top of the code. using Microsoft.Blob.WindowsAzure. 5.WindowsAzure.Storage.aspx. For Azure project templates. Alternatively. or if you have reference to Microsoft.Storage and install it. using Microsoft.azurewebsites.CloudConfigurationManager. go to http://go.microsoft. you should get a container reference and use it to get block blob reference. Create a new text file named storage-key. 4. and account key with your account access key: <configuration> <appSettings> <add key="StorageConnectionString" value="DefaultEndpointsProtocol=https. and paste your primary access key into it. you will get all necessary Azure Storage package and dependencies.AccountName=account-name. To represent your storage account. you can upload the data stream by using the UploadFromStream method. This package also contains Microsoft. Then you should search for WindowsAzure.txt file. you can install Azure SDK for .WindowsAzure. by using code. Open the storage-key. and then copy the keyto Clipboard.dll.MCT USE ONLY. To upload a file as a blob. . Create another new container for the 10979s<yourinitials> storage account by using the following settings: o Name: 10979c<yourinitials> o Access: Blob 2.WindowsAzure.AccountKey=account-key" /> </appSettings> </configuration> To access Blob storage programmatically. You can use NuGet to get the Microsoft. you should right-click your project in Visual Studio Solution Explorer.NET. Demonstration Steps 1.WindowsAzure.WindowsAzure.Storage.Storage. you can use the CloudConfigurationManager type to retrieve your storage connection string and storage account information from the Azure service configuration.dll assembly. Manage your access keys to view your primary access key. These declarations are: using Microsoft.Auth. Replace the account name with the name of your storage account.WindowsAzure.config files. and choose Manage NuGet Packages.CloudConfigurationManager. and you store your connection string data in web. you can use ConfigurationManager to retrieve the connection string. To do this.Storage. you can use CloudStorageAccount type.config or app. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 5-15 You store the connection string using the <appSettings> element as follows. Additional Reading: For more information on how to use blob storage from the . Once you have it.com/fwlink/?LinkID=517446 Demonstration: Creating a Blob by Using Azure Web Storage Explorer In this demonstration. 9. we assume that the application that we work on is Azure Cloud Service. 10. as described in the preceding topic about blobs. and one or more containers the storage account. Then.com/fwlink/?LinkID=517447 . Creating a Table To create a table in your storage account container. CloudStorageAccount storageAccount = CloudStorageAccount. Close Internet Explorer. You can use this same utility to execute a query against your existing table. access.core. click http:// 10979s<yourinitials>. If you want to create.microsoft. 8.contrast-white_scale-180.blob. or execute queries. // Create the table client. by using a Visual Studio project. You cannot use the Azure portal to create or manage tables.wav from the c:\Windows\media folder. // Create the table if it doesn't exist.GetSetting("StorageConnectionString")). you can use methods similar to the ones you use to create blobs.net/10979c<initials> /splashscreen. go to http://go. and to insert data into the table you created. create data. you should use CloudTableClient object.windows. The following example code shows how to create a CloudTableClient object and use it to create a new table. 7.WindowsAzure. You must have a storage account created.MCT USE ONLY. Also. table. Upload Alarm01. It lets you get reference objects for tables and entities within the table. CloudTable table = tableClient. Sign in by using 10979s<yourinitials> as the account and the access key as the key.contrast-white scale-180. For this example. by using a code. // Retrieve the storage account from the connection string. you can use Azure Web Storage Explorer to create a new table.GetTableReference("people").NET Framework. STUDENT USE PROHIBITED 5-16 Cloud Storage 6.Parse( CloudConfigurationManager.png from the c:\Program Files \Internet Explorer\images folder. and that it uses a storage connection that is configured in Azure application service configuration. you should perform the same procedure to configure connections strings and add declarations at the top of your code.dll assembly installed.CreateIfNotExists(). you must have Microsoft. Additional Reading: For more information on how to use Table storage from the .CreateCloudTableClient(). and manage tables programmatically. To create a table. In the file list. CloudTableClient tableClient = storageAccount.Storage. as with blobs. Upload splashscreen.png and verify that you see a large Internet Explorer logo graphic display in the browser window. aspx. you should get a few lines of data in the text box. Then click Add a batch to the Azure table. Then click Upload data to the Azure blob container. 3. Scroll through the code of Default. 2. 5. 8. the Internet Explorer window will open with the application started. and connect to your storage account. expand Bin folder under Website1 project. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 5-17 Demonstration: Creating and Managing Blobs and Tables from Visual Studio Demonstration Steps 1. Click Create a new Azure blob container.cs and review parts of the code that are used for Azure storage management. in Solution Explorer. 10. In VS Express 2013 for Web. 9.net/login. .azurewebsites. Open Azure Web Storage Explorer at http://azurestorage.Storage. Start project debugging in Visual Studio. 4. Click List content of the Azure blob container. Then click Add an entry to the Azure table. As a result. 7.aspx. Close Internet Explorer. click Create a new Azure table. Ensure that you can see Microsoft. Ensure that you can see the data that you uploaded by using code from Visual Studio. 6. As a result. Click Retrieve data from the Azure table.WindowsAzure.dll under Bin folder in Solution Explorer. In the Internet Explorer window. 11. As a result. you should get data in the text box.MCT USE ONLY. The disks on which these files reside are reaching the end of their life. view the information available on the dashboard. Exercise 1: Create an Azure Storage Account Scenario MCT USE ONLY. View the properties of your storage account. Results: After you complete this exercise.com. you will have created your Azure storage.Lab: Configure Azure Storage Scenario You have a large quantity of archive files. • Create and manage a blob. Create a storage account in Azure. The main tasks for this exercise are as follows: 1. . Lab Setup Estimated Time: 30 minutes Sign in to your classroom machine by using the credentials your instructor provides. To achieve that. In the Storage pane. Near the top of the 10979s<initials> pane. On the host computer.azure. go to the Azure management portal at https://portal. STUDENT USE PROHIBITED 5-18 Cloud Storage Before you start managing your data in Azure. in the left pane. click the 10979s<initials> storage account. Students must have successfully completed the lab from Module 1 before starting this lab. Objectives After you complete this lab. you should first create a storage account and examine its properties. In the 10979s<initials> pane. and you would like this data to be globally available within Adatum. you decided to use Azure storage. 3. Create a new storage account by using the following information: o URL: 10979s<yourinitials> o Location: Select the location that is closest to you o Pricing Tier: L1  Task 2: View the properties of your storage account 1. launch Internet Explorer. click BROWSE and then click Storage. 2. 2. and then sign in to your Azure account.  Task 1: Create a storage account in Azure 1. you will be able to: • Create an Azure Storage account. click PROPERTIES to view the properties of the storage account. 4. 2. On the Azure management portal. and paste your primary access key into it. 6.png. and verify that you see a large Internet Explorer logo graphic displayed in the browser window.core. you will have created a blob container and uploaded the data.windows.contrast-white scale-180.blob. Add data to the container using Azure Web Storage Explorer. 8. 4.txt file. 3. The main tasks for this exercise are as follows: 1.  Task 1: Add a container • Create another new container for the 10979s<initials> storage account by using the following settings: o Name: 10979c<initials> o Access: Blob  Task 2: Add data to the container using Azure Web Storage Explorer 1. 5. you need to create a container and upload some blob data to the container. .azurewebsites. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 5-19 Exercise 2: Create and Manage Blobs Scenario Now that you have created your storage account. and then create a new text file named storage-key. Upload splashscreen. Add a container. Go to the Azure Web Storage Explorer page at http://azurestorage.txt. Upload Alarm01.aspx.contrast-white_scale-180.png from the c:\Program Files \Internet Explorer\images folder. Open File Explorer. 2. 7. In the file list. Open the storage-key. click http://10979s<initials>.wav from the c:\Windows\media folder.MCT USE ONLY. Sign in by using 10979s<initials> as the account and the access key as the key. Close Internet Explorer. 9. and then copy it to the Clipboard.net/10979c<initials> /splashscreen. 2.net/login. Results: After completing this exercise. Open Manage your key pane to access and view your primary access key. Save the file in your Documents folder. • Use Azure File Services to facilitate data sharing.Module Review and Takeaways Review Questions Question: If you want to store installation image files to Azure storage. STUDENT USE PROHIBITED 5-20 Cloud Storage . how many copies will you have? Best Practice • Use multiple storage accounts for data that require different redundancy options. Tools • Azure portal • Azure Preview portal • Visual Studio • Azure Web Storage Explorer MCT USE ONLY. • Use Azure Storage Explorer tools to simplify storage management. which type of storage you should choose? Question: Which service you should use to enable storage access by using SMB? Question: If you choose geo-redundant storage to store your data. you will learn about the options available for storing relational data in Azure. In particular. you will be able to: • Describe options for relational database deployment in Azure. configure. Objectives After completing this module. which you can use to create. . You can use these services to implement a relational data store for applications without having to manage a database management system (DBMS) or the operating system that supports it. In this module. • Create and connect to SQL databases in Azure. You will also learn how to use Microsoft Azure SQL Database. STUDENT USE PROHIBITED 6-1 Module 6 Microsoft Azure Databases Contents: Module Overview 6-1 Lesson 1: Understand Relational Database Deployment Options 6-2 Lesson 2: Create and Connect to SQL Databases 6-5 Lab: Create a SQL Database in Azure 6-11 Module Review and Takeaways 6-14 Module Overview Microsoft Azure offers a range of services that you can use to manage data. and manage SQL databases.MCT USE ONLY. Azure provides relational database management services. Lesson 1 Understand Relational Database Deployment Options MCT USE ONLY. . you will be able to: • Describe relational database services in Azure. Lesson Objectives After completing this lesson. each of which can support different product types: • PaaS. which represent real-life entities and relationships between them. You can create Azure IaaS virtual machines that host an instance of a relational database management system (RDBMS). The two primary offerings in this category are SQL Database and MySQL Database. SQL Database is based on Microsoft SQL Server technologies. which is available from the Azure Store. Compatibility is especially relevant in migration scenarios. • IaaS. However. This can include instances of SQL Server. It also describes considerations for choosing the best solution for specific application and business needs. any database server such as Oracle that is supported on operating system platforms that you can deploy within Azure IaaS virtual machines. When you deploy relational databases to Azure. Data takes the form of a collection of two-dimensional tables. you should also consider factors such as manageability. Review Relational Database Deployment Options Most business applications rely on a relational database to store their data. ease of provisioning. The method you select will depend primarily on the requirements of the applications that consume database content. and compatibility. you can express complex business scenarios in a simple manner. whereas table columns describe their identifying properties. and MySQL Database is based on the ClearDB MySQL Database cloud service. Azure provides two basic types of relational database services. By combining multiple interrelated tables. or. This service allows you to focus on database-specific tasks by eliminating the required management of the underlying database server platform. and analyze their characteristics to extract meaningful information about them. you can choose from a range of options for deployment. This lesson introduces the relational database services that are available in Azure. MySQL. cost. STUDENT USE PROHIBITED 6-2 Microsoft Azure Databases Microsoft Azure provides two basic methods of deploying relational database services: platform as a service (PaaS) and infrastructure as a service (IaaS). • Describe the key differences between an SQL database in Azure and a Microsoft SQL Server instance running on an Azure IaaS virtual machine. All of these options pertain to distinct service and product types. Table rows correspond to individual instances of these entities. network traffic always flows via its external endpoints. . SQL Server Integration Services. require a SQL Server instance running within an Azure IaaS virtual machine. • The ability to make the relational database interact directly with other Azure services within the same Azure virtual network. Depending on the intended architectural design. SQL Server instance–level components. SQL Server instances running on Azure IaaS virtual machines provide optimal compatibility with existing database applications. you cannot insert any data until this condition is satisfied. provide some of this functionality. such as HD Insight. SQL Server instances running within an Azure IaaS virtual machine can be located on the same Azure virtual network as IaaS or PaaS cloud services. You can provision and manage SQL Server instances running on Azure IaaS virtual machines in the same manner as their on-premises counterparts. you can either deploy it onto a Microsoft SQL Server instance running in an Azure virtual machine or as an SQL database in Azure. and their pricing includes the cost of the dedicated virtual machine. Azure SQL Database constitutes a PaaS solution that removes much of the overhead associated with deploying and maintaining relational databases systems. You can determine which of these two solutions can best address your needs by studying their differentiating characteristics: • Manageability. SQL Server Reporting Services. While you can create a table without it. • SQL Server components. maintenance. • Feature parity with on-premises deployments of SQL Server. Every table in an SQL database in Azure should have a clustered index. Azure SQL Database does not provide support for: o Common language runtime (CLR) and CRL-related objects o Full-text search and related objects o SQL Server Service Broker and related objects o Extended stored procedures o Defaults and rules o Transparent data encryption and data compression o Object Linking and Imbedding Database (OLE DB) or ADO connectivity o Windows Authentication (only SQL Server Authentication is available) • Clustered indexes. However. It is appealing due to its minimized operational cost and simplified management. such as SQL Server Agent. with SQL Database. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 6-3 Compare SQL Database with SQL Server in a Virtual Machine When you use Azure to implement a Microsoft SQL Server–based database. Other Azure services. and cost. or Master Data Services. SQL Server Analysis Services.MCT USE ONLY. this may be beneficial in providing an additional level of integration or isolation in relation to other Azure services and public networks. However. com/fwlink/?LinkID=517433. or table partitioning.• MCT USE ONLY. you can use the built-in characteristics of Azure SQL Database service. go to http://go. STUDENT USE PROHIBITED 6-4 Microsoft Azure Databases High availability and scalability. However. service tiers (scaling up). database mirroring. such as geo-replication. you can achieve an equivalent level of resiliency and elasticity with much less management overhead. Additional Reading: For a comprehensive list of features that SQL databases support. only if you use a SQL Server instance running within an Azure IaaS virtual machine. point-in-time restore. such as AlwaysOn Availability Groups. or federations (scaling out by partitioning data horizontally).microsoft. Additional Reading: For information about identifying and resolving database compatibility issues by using SQL Server Data Tools.microsoft.com/fwlink/?LinkID=517434. go to http://go. even if you cannot use these features. replication. To do so. Azure supports high availability and scalability features. . and billing associated with the current subscription. In this lesson. in addition to the master database that stores server configuration data. The following table describes these components. • Create a new SQL database by using Copy in the Azure portal. Creating and Importing SQL Databases To understand the process of provisioning a new SQL database in Azure. view. By using Azure SQL Database. Databases located in this logical server are likely to be in different servers in the backend implementation. you must be familiar with the foundations of its architectural model. organizations can avoid the cost and complexity of managing SQL Server installations. Resource group Resource groups are logical containers that arbitrarily group Azure resources that are associated with each other. and quickly set up and start using database applications. Lesson Objectives After completing this lesson. and the server—are intrinsically connected. These boundaries provide the scope of access control. . reporting. • Create a new SQL database by using the preview Azure portal. Azure component Description Azure subscription Azure services that you create. you will learn how to provision and connect to an Azure SQL Database. and firewall rules restricting access to its databases.MCT USE ONLY. • Describe how to connect to an SQL database in Azure. One common example of such a grouping is an Azure website and an SQL database in Azure as two tiers of a cloud-based web application. Each SQL database server has a unique Domain Name System (DNS) name. • Connect to an SQL database in Azure. and manage from the management portal exist within the boundaries of a subscription. Azure SQL Database and the three Azure logical components—the subscription. local administrator accounts. the resource group. This allows you to represent their functional and business dependencies. but are all accessible through the same endpoint address. you will be able to: • Describe how to create and import SQL databases in Azure. manageability. SQL database server SQL database servers are logical servers that host SQL databases. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 6-5 Lesson 2 Create and Connect to SQL Databases Azure SQL Database is a cloud-based SQL service that provides subscribers with a highly scalable platform for hosting their databases. Such servers host individual instances of Azure SQL Database. windows. abcde12345. in some cases. which is expressed in database throughput units (DTUs). • The SQL Database pricing tier.net. SQL Server Data Tools. You cannot change the collation after creating the database. and delete operations. You can select an existing server that you have previously created in the same subscription. Collation defines the rules which determine how to sort and compare data. or create a new server. including processor. Alternatively. memory. read. or the sqlcmd command-line tool. STUDENT USE PROHIBITED 6-6 Microsoft Azure Databases The most straightforward way to provision an SQL database in Azure relies on the graphical interface of the Azure portal and the preview Azure portal. • The server on which to create the database. The fully qualified domain name (FQDN) of the server is in the form <server_name>. If you select an existing server. Note: You will learn more about these operations in upcoming demonstrations in this module. such as SQL Server Management Studio. you must include the following information: • A name for the database. These methods involve the use of traditional administrative and development tools. The name must be unique on a per-server basis. you might want to create the server without any user databases. Microsoft Visual Studio. by migrating them from an on-premises SQL Server instance. • The resource group in which to create the database and its server. including standard create. You can also use other methods to create and manage the content of SQL databases in Azure. you typically create the server as part of the process of creating the first database.database. update. The Azure portal also allows for managing content of any existing instances of SQL Database. and then add databases to it later. • The collation that you want the database to apply.net. or as part of the process of creating a database. for example. In scenarios where you are provisioning new databases for applications. which directly affects the cost of the database. such as Point In Time Restore. A DTU is a number representing the overall power of the database engine resources. These are management portals in which you can create a database and specify an existing or new logical server in which to host the database. However. Creating an SQL Database When you create a database from the preview Azure portal. o Maximum size to which the database can grow. you can first create a new logical server and add a new database afterwards. Geo-Restore or GeoReplication.MCT USE ONLY. and also determines the following elements: o Performance level. .windows. The server name must be unique globally. for example. Creating a SQL Server Instance You can create a server instance on its own. because they can perform a majority of the database management tasks by using cmdlets in the Azure PowerShell module. the database is automatically added to the existing resource group to which the server belongs. The name of the resource group must be unique within the current subscription. and input/output. IT professionals can also leverage their scripting skills. Each server must have a globally unique name. o Supported resiliency and scalability features.database. o Support for auditing. bacpac file and import it into Azure SQL Database. CREATE DATABASE T-SQL statement CREATE DATABASE destination_database_name AS COPY OF [source_server_name. Of these two techniques. you can use the Deploy Database Wizard to export a SQL Server database as a DAC package and import it into an Azure SQL database server in a single operation. In addition. You can create a copy of an existing SQL Database by running the following T-SQL statement. The second content type is the actual data stored in each of the database objects. This might be required when migrating an on-premises application to the cloud. The first content type is the database schema. facilitates this approach. the Import option. you must specify the following information: • A globally unique server name (when using the Azure portal. Such an approach is useful for performing an impromptu backup of the source database prior to making changes to it. Enabling access from any other Azure service creates a firewall rule that permits access from the IP address 0. using a DAC is the simpler way to migrate the database. You can do so from the Azure portal.0. which is available when you create new databases by using the Azure portal. There are two primary techniques you can use to migrate both types of content from a SQL Server–hosted database to Azure SQL Database: • Generate Transact-SQL scripts that capture all objects and their data in your SQL Server database. Note that you must execute this command while connected to the master database of the Azure SQL server that will host the copy. or because developers created a database by using a full-fledged development instance of SQL Server in preparation for deploying it to a production environment in SQL Database. Creating a SQL Database by Using Copy You can easily copy your existing database within a SQL Server instance in Azure or between two SQL Servers in Azure that belong to the same subscription. The Import Data-Tier Application Wizard enables you to specify an Azure storage account as the source for a package that you want to import. The import process must take into account two types of content. or you can use a wizard in SQL Server Management Studio to automate the entire process. You can export and import the DAC by using SQL Server Management Studio and the Azure SQL Database management portal. and then run them in Azure SQL Database to create exact replicas of all objects and their data. Importing an SQL Database A common method of creating a new SQL database in Azure or populating a newly created SQL database is importing its content from another database. or for creating its replica for testing purposes. • Export a data-tier application (DAC) from SQL Server in the form of a . STUDENT USE PROHIBITED Microsoft Azure Fundamentals 6-7 When you create a server. while using Azure Storage as an intermediary storage location for the DAC package. Alternatively.MCT USE ONLY. • The geographical region of the Azure data center where the server should be located. or by running the corresponding T-SQL Statement. • A login name and password for the administrative account that you will use to manage the server. this is generated automatically). such as one that an on-premises SQL Server instance is hosting.bacpac file contains both the schema and the existing data.]source_database_name . This makes it easy to migrate a database from SQL Server to Azure SQL Database in two stages. which contains definitions of all database objects.0.0. The Export Data-Tier Application Wizard in SQL Server Management Studio allows you to specify an Azure storage account as the destination for an exported package. The . • Whether or not to allow any other Azure services to connect to the server. including information identifying the database and its status. allowing switching between service tiers. such as server name. Identify FQDN and the port number of the SQL server hosting the SQL database. • Identify a SQL database and the SQL database server properties in the preview Azure portal. such as deadlocks. View the SQL database connection strings for ADO. Add the newly created SQL Database to Startboard. selecting the pricing tier. you will see how to: • Create a SQL database in the preview Azure portal. 3. PHP. Open Database Connectivity (ODBC). and server name. • Create a new SQL database by using Copy in the Azure portal. Review SQL Database statistics. Examine database properties such as edition. status. and failed and successful connections. Connect to SQL Database by using the Azure portal. and providing admin credentials. 2.NET. Identify a SQL database and the SQL database server properties in the preview Azure portal 1. 2. Examine default firewall rules in SQL Server in Azure. Demonstration Steps Create a SQL database in the preview Azure portal 1. Demonstration: Creating a New SQL Database by Using Copy in the Azure Portal In this demonstration. Examine scaling options. STUDENT USE PROHIBITED 6-8 Microsoft Azure Databases Demonstration: Creating a New SQL Database by Using the Preview Azure Portal In this demonstration. Examine the properties of SQL Server in Azure. 4. Demonstration Steps Identify a SQL database and the SQL database server properties in the Azure portal 1. server admin login. Display database connection strings that you can use to connect to the SQL database from ADO. the name of a new Azure SQL Server instance in a datacenter of your choice. a new resource group. storage usage. and resource group. location. 3. 2. Examine dashboard data. 4. ODBC. PHP. maximum size. collation. 3. or Java Database Connectivity–based (JDBC-based) applications. Sign in to the preview Azure portal from a classroom computer. you will see how to: • Identify a SQL database and the SQL database server properties in the Azure portal. creation date. and JDBC. 5.MCT USE ONLY. .NET. as well as Manage URL that you can use to connect to the database in the next demonstration. Create a new SQL database by specifying its name. interval-based export of the database to a storage account. Take note of geo-replication disaster recovery capabilities. 7. Connecting to a SQL Database The primary purpose of the SQL Database service is to provide data storage for applications that deliver specific business functionality. 2. Therefore. Keep Internet Explorer open for the next demonstration. However. you will have to perform their respective tasks by executing TransactSQL statements that provide equivalent functionality. While you typically handle the creation and management of SQL Databases on the database level by using the Azure portal and the preview Azure portal or Windows PowerShell. it is important to keep in mind that the graphical designers in SQL Server Management Studio are mostly incompatible with Azure SQL Database.MCT USE ONLY. Keep in mind that you can also accomplish this automatically when connecting to the database from the Azure portal. 8. This topic reviews different means of providing such access. update. and to database administrators and development operations staff who assist developers. The new preview portal does not implement this feature. • Visual Studio. Take note of the ability to create an additional firewall rule allowing access to the server and all of its databases from your current IP address. Developers can use Visual Studio to create SQL databases and to manage and query their content. the Azure portal includes a link to the web-based SQL Database management interface in which you can perform database development and management tasks. In hybrid IT environments. it is convenient to use the same tool to manage on-premises or Azure IaaS-based SQL Server instances and SQL Database servers. You can use the sqlcmd command-line tool to connect to Azure SQL Database servers and execute Transact-SQL commands. • sqlcmd. You can use SQL Server Management Studio to connect to an Azure SQL Database server and administer it in a manner similar to the management of SQL Server instances. which will be part of the next demonstration. Review configuration options. the ability to perform create. From the Azure portal. as mentioned earlier in this module. allowing the use of the following tools: • SQL Server Management Studio. including executing Transact-SQL commands. 9. . use the Copy option of SQL Database. However. providing you with a custom backup functionality. read. The approach to connecting to SQL databases in Azure is similar to the approach for working with onpremises SQL Server-hosted databases. and delete operations on database content requires a different approach. SQL Database must also facilitate easy access to developers who create these applications. Create a new SQL database by using Copy in the Azure portal 1. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 6-9 6. Locate Azure SQL Server properties. including automated. In addition. or stored procedures. as illustrated in the previous demonstrations in this module. Close SQL Server Management Studio and Internet Explorer. define tables. STUDENT USE PROHIBITED 6-10 Microsoft Azure Databases It is important to remember that you must configure SQL Server firewall settings in Azure to explicitly allow incoming connections originating from a non-Azure location. The Azure portal allows you to easily identify this IP address and even automates creation of the corresponding rule if you use the web-based SQL Database management interface. views. Log off from the Web-based SQL Database management interface. you will see how to: • Connect to a SQL database by using Azure portal that includes a web-based SQL Database management interface. connect to SQL Server in Azure. Keep in mind that SQL databases are not capable of leveraging Windows Authentication. 3. Populate the content of the newly created table by running the T-SQL command from SQL Server Management Studio. From SQL Server Management Studio. start SQL Server Management Studio. . 2. 6. applications use connection strings. Effectively. you should consider the impact of such an action on connections from your Azure-hosted applications that rely on SQL Database for data store. so you will need to rely on security principals at the SQL Server level and database level to control authentication and authorization. Navigate and log on to the web-based SQL Database management interface.MCT USE ONLY. which you can readily extract from either of the Azure management portals for individual instances of SQL Database. Query the content of the newly populated table by running the T-SQL command from SQL Server Management Studio. Demonstration Steps Connect to a SQL database by using Azure portal that includes a web-based SQL Database management interface 1. or even deploy data-tier applications. From your classroom computer. if you intend to use the tools listed above from an on-premises environment. Demonstration: Connecting to a SQL Database In this demonstration. On the other hand. 3. 4. you will first need to modify Azure SQL Server firewall settings by allowing connectivity from the public IP address of the perimeter network device through which you connect to the Internet. 2. 4. connections originating from any Azure subscription are allowed by default. Create a new table in the SQL database in Azure by running the T-SQL command from SQL Server Management Studio. Examine the interface from which you can execute T-SQL scripts. While you can change this setting. Connect to a SQL database by using SQL Server Management Studio 1. 5. Automatically generate a firewall rule that allows you to connect to the target SQL Database from the public IP address of your edge device. create new databases. • Connect to a SQL database by using SQL Server Management Studio. In order to connect to SQL Database programmatically. Create a new SQL database by using the preview Azure portal. 2. you will be able to: • Create an Azure SQL Database. The main tasks for this exercise are as follows: 1. .  Task 1: Create a new SQL database by using the preview Azure portal 1. Objectives After completing this lab. Exercise 1: Create a New SQL Database in Azure and Configure SQL Server Firewall Rules Scenario You start your tests by creating a test database to which you will subsequently add some test tables. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 6-11 Lab: Create a SQL Database in Azure Scenario A. • Query the content of a table in an Azure SQL Database Estimated Time: 40 minutes Sign in to your classroom computer by using the credentials your instructor provides. selecting the pricing tier. Create a new SQL database by specifying its name. Configure a SQL Server firewall rule by using Azure portal. specifying a new resource group. You will then populate the tables with sample data. and providing admin credentials: 3. o DATABASE NAME:testDB o PRICING TIER: B Basic o SERVER NAME: Any valid unique name o SERVER ADMIN LOGIN: Student o PASSWORD: Pa$$w0rd o CONFIRM PASSWORD: Pa$$w0rd o LOCATION: Any available region o RESOURCE GROUP: testRG Add the newly created SQL Database to Startboard. • Create a table in an Azure SQL Database. You have decided that this is an ideal time to test the database capabilities of Azure. through which it publishes press releases and interfaces with external marketing partners. specifying the name of a new Azure SQL Server in a datacenter of your choice. Datum Corporation is expanding rapidly. Sign in to the preview Azure portal from a classroom computer. and its Public Relations department wants to expand its Internet-facing website and support its database.MCT USE ONLY. 2. Now it is time to create a test table. Add data to a table of a SQL database in Azure by using SQL Server Management Studio. .testTable ( id integer identity primary key. dataval nvarchar(50) ). 2. STUDENT USE PROHIBITED 6-12 Microsoft Azure Databases 1. verify that the uniquely named server you created is listed.  Task 1: Add a table to a SQL database in Azure by using SQL Server Management Studio 1.windows. GO 4. Add a table to a SQL database in Azure by using SQL Server Management Studio. and verify that the testDB database is listed on the SQL DATABASES page. you should have created a Microsoft Azure SQL Database named testDB on a new server with a name of your choice. Leave the SQL Server Management Studio open for the next task. On your classroom computer. The main tasks for this exercise are as follows: 1. and then configure it to allow the current public IP address of your edge device. start SQL Server Management Studio. Switch back to the Azure portal. and verify that data has been added by using SQL Server Management Studio. 2. Results: After completing this exercise. From SQL Server Management Studio.database. populate it with sample data. connect to SQL Server in Azure by specifying the following information: 3. o Server type: Database Engine o Server name: server_name. Task 2: Configure a SQL Server firewall rule by using Azure portal MCT USE ONLY. Query a table of a SQL database in Azure by using SQL Server Management Studio.net o Authentication: SQL Server Authentication o Login: Student o Password: Pa$$w0rd Create a new table in the SQL database in Azure by running the following T-SQL command from SQL Server Management Studio: CREATE TABLE dbo. 3. On the SERVERS tab. 2. which allow connectivity from your on-premises management tools and applications to the newly created SQL database in Azure. You will have also configured Microsoft SQL Server firewall rules in Azure. Exercise 2: Add Data to a SQL Database in Azure by Using SQL Server Management Studio Scenario You created a test database. MCT USE ONLY. Query the content of the newly populated table by running T-SQL command from SQL Server Management Studio. GO 100 2. and then click New Query Editor Window. point to SELECT To. To generate the command.testTable VALUES (newid()). Close SQL Server Management Studio and Internet Explorer Results: After completing this exercise. populated it with sample data. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 6-13  Task 2: Add data to a table of a SQL database in Azure by using SQL Server Management Studio 1. Leave the SQL Server Management Studio open for the next task. point to Script Table as. 2. you should have created a test table in the SQL database in Azure named testDB on an existing SQL Server in Azure with a name of your choice. and queried its content.  Task 3: Query a table of a SQL database in Azure by using SQL Server Management Studio 1. Populate the content of the newly created table by running the following T-SQL command from SQL Server Management Studio: INSERT INTO dbo.testTable. right-click dbo. . Module Review and Takeaways Review Question Question: What should you consider when choosing between on-premises SQL Server. In hybrid IT environments. • Visual Studio. . You can use the sqlcmd command-line tool to connect to Azure SQL Database servers and execute Transact-SQL commands. and Azure SQL Database? Tools MCT USE ONLY. • sqlcmd. it is important to keep in mind that the graphical designers in SQL Server Management Studio are mostly incompatible with SQL Database in Azure. Developers can use Visual Studio to create SQL databases and to manage and query their content. SQL Server in an Azure virtual machine. Therefore. it is convenient to use the same tool to manage on-premises or Azure IaaS-based SQL Server instances and SQL Database servers. However. STUDENT USE PROHIBITED 6-14 Microsoft Azure Databases • SQL Server Management Studio. You can use SQL Server Management Studio to connect to an Azure SQL Database Server and administer it in a manner similar to the management of SQL Server instances. you will have to perform their respective tasks by executing Transact-SQL statements that provide equivalent functionality. you will learn how to create users. and use Multi-Factor Authentication. In both cases. • Manage authentication. . you will be able to: • Manage Azure AD objects. Its primary purpose is to provide authentication and authorization when accessing cloud-based resources. you can further streamline and enhance secure access to sensitive services and data by taking advantage of Azure AD’s single sign-on (SSO). STUDENT USE PROHIBITED 7-1 Module 7 Azure Active Directory Contents: Module Overview 7-1 Lesson 1: Manage Azure AD Objects 7-2 Lesson 2: Manage Authentication 7-9 Lab: Create Users in Azure Active Directory 7-13 Module Review and Takeaways 7-16 Module Overview Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management solution.MCT USE ONLY. domains. and Microsoft Azure Multi-Factor Authentication capabilities. integrate applications with Azure AD. and directories in Azure AD. federation. However. Objectives After completing this module. In this module. you can also leverage its functionality to protect on-premises applications. in the context of our course. which provides the store for all AD DS objects. • Explain how to extend the scope of AD DS. The core component of AD DS is its database. Authentication typically requires that a user or computer attempting to authenticate provides a set of credentials to the authenticating domain controller. logical hierarchy consisting of containers and organizational units. The database offers resiliency by supporting multiple replicas hosted on servers. such as a user or a computer. It is also a directory services solution.Lesson 1 Manage Azure AD Objects Azure AD is a cloud-based identity and access management solution. Identity Data Identity. • Describe Azure AD. which means that AD DS functions as an identity provider first and foremost. The module starts by introducing these characteristics in the context of Active Directory Domain Services (AD DS) in order to compare these two technologies. Authorization is based on the implicit trust that each domain member computer . As the result of this process. • Assign users to applications. through the process of authorization. which are referred to as domain controllers. applications. or databases hosted on domain computers. you will be able to: • Explain how AD DS works. The user or computer subsequently uses the token to obtain access to resources such as file shares. and their individual properties. such as user accounts. The database schema defines object types. you will learn about the basic characteristics of the identity management and directory services of Azure AD. typically referred to as classes. the authenticating domain controller grants that user or computer a token representing its status and privileges to other domain members. or group accounts. Lesson Objectives After completing this lesson. STUDENT USE PROHIBITED 7-2 Azure Active Directory AD DS forms the foundation of enterprise networks that run Windows operating systems. • Create domains and users in Azure AD. Identity describes the characteristics of the entity. for example by using groups that similar or associated entities are members of. It also provides information about the entity’s relationships to other entities. In this module. What Is AD DS? MCT USE ONLY. or attributes. is a set of data that uniquely identifies an entity. AD DS domain controllers verify the authenticity of the identifying data in a domain through authentication. It allows you to provide secure access to both cloud-based and on-premises applications and services. computer accounts. The database organizes objects in a customizable. The database constitutes the authoritative source of identity data for domain objects. Extending the Scope of AD DS AD DS offers significant business and technological benefits. independently managed deployments. each AD DS domain has a unique DNS domain name. While it is possible to provide a higher level of autonomy by deploying additional domains within the same forests. AD DS Configuration AD DS uses Domain Name Service for advertising its services. dominated by cloud services and mobile devices. such as Microsoft Exchange. as the name indicates. You can delegate its permissions down to an individual attribute of a single object. distinct DNS namespaces within the same domain. Multi-tenancy is very difficult to implement within a single domain. The AD DS database also stores management data. If you want to provide the same functionality across multiple forests. Directory Service In addition. They implicitly trust each other. you need to create trust relationships between them. The communication with domain controllers involves protocols such as Lightweight Directory Access Protocol (LDAP) for directory services lookups. this is rather uncommon. functions as a directory service. While it is possible to use multiple. but is not well-suited for today’s open. Kerberos for authentication. All domains in the same forest share the same schema. AD DS. Effectively. due to its multipurpose nature and the intended operational model as a fully managed infrastructure component. and most of its characteristics reflect this underlying premise. which rely on AD DS to store their configuration and operational parameters. Internet-facing world.MCT USE ONLY. Active Directory Rights Management Services (AD RMS). use this functionality extensively. and flexibility within corporate networks. authorization. permanently adding an account representing that computer to the AD DS database. AD DS–aware applications. You can extend its schema to accommodate custom object types. A forest can contain multiple domains. The process of joining the domain establishes this trust. Its authentication and authorization mechanisms rely largely on having domain member computers permanently joined to the domain. which is critical for administering user and computer settings through Group Policy processing. and Server Message Block (SMB) for downloading Group Policy data. Its replicated. Each AD DS domain exists within an AD DS forest. or by deploying multiple forests with trust relationships between them. AD DS offers a high degree of versatility and customizability. and directory services lookups to all objects in the entire forest. security. facilitating lookups of the content of the AD DS database. control. AD DS has been designed for on-premises. and scaling out to support multinational enterprises with data centers located across multiple continents. extending the scope of authentication. None of these protocols is suitable for Internet environments. such arrangements are complex to set up and manage. although it is important to note that schema extensions are not fully reversible. A range of Windows Server roles whose names include the Active Directory designation. AD DS provides the ability to implement the desired mix of efficiency. distributed database is capable of scaling up to host millions of objects. . such as Active Directory Certificate Services (AD CS). However. and Active Directory Federation Services (AD FS) leverage the same functionality. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 7-3 maintains with domain controllers. and Web Application Proxy. Federation Support The primary feature that AD FS and Web Application Proxy facilitate is federation support. it is critical to ensure that you protect such domain controllers from unauthorized external access. STUDENT USE PROHIBITED 7-4 Azure Active Directory In regard to device authentication. capable of authenticating requests from web-based services and applications that are not able to. to implement a test environment.Extending AD DS Authentication One way to address this shortcoming is to extend the capabilities of AD DS by using an intermediary system that handles translation of AD DS on-premises constructs and protocols (such as tokens and Kerberos) into their Internet-ready equivalents. or to provide local authentication and authorization to Azure-hosted cloud services that are part of the same virtual network. can function as a claims provider. It relies on certificates to establish trusts and to facilitate secure communication with an identity provider. there are also several significant differences between them. Azure IaaS You can also extend AD DS into the cloud in a different manner—by deploying AD DS domain controllers into virtual machines based on Azure infrastructure as a service (IaaS). A federation resembles a traditional trust relationship. or not permitted to. which leverages AD DS. introduced in Windows Server 2012 R2. users. You may use such deployments to build a disaster recovery solution for an existing on-premises AD DS environment. and an access management solution. They also presented several ways of accommodating authentication and authorization requirements of Internet-based applications and services by extending the features included in AD DS. . MCT USE ONLY. Azure AD is an example of such a provider. while they share some common characteristics. It might be easy to simply view Azure AD as a cloud-based counterpart of AD DS. Effectively. access AD DS domain controllers directly. but relies on claims (contained within tokens) to represent authenticated users or devices. a directory service. devices. However. and support for conditional access control policies that consider whether an access request originated from a registered device. Overview of Azure AD The previous topics in this module described the role of AD DS as an identity provider. Also. As a result. AD FS. This provides additional authentication and authorization benefits. Web Services Trust (WS-Trust). including SSO to on-premises web applications. Cloudbased identity providers natively support the same functionality. Workplace Join facilitates the registration of devices that are not domain-joined in an AD DS database. in combination with AD FS and Web Application Proxy. The Active Directory Federation Services (AD FS) server role and Web Application Proxy server feature of Windows Server provide this functionality. it relies on web-friendly protocols such as HTTPS. or OAuth to handle transport and processing of authentication and authorization data. one example of such capabilities is the Workplace Join feature. and applications can take advantage of the authentication and authorization features of AD DS without having to be part of the same domain or a trusted domain. Web Services Federation (WS-Federation). AD DS. However. the Free tier is a subject to the 500. Types of Tiers Azure AD constitutes a separate Azure service. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 7-5 First and foremost.MCT USE ONLY. The term tenant in this context typically represents a company or organization that signed up for a subscription to a Microsoft cloud-based service such as Office 365. In addition to differences in functionality. or an IaaS offering. it also means that you do not have to dedicate resources to its deployment or maintenance. which leverages Azure AD but also includes individual users. Directories When you create your first Microsoft cloud service subscription. with the former containing an application definition and the latter constituting its instance in the current Azure AD directory. It is the world’s largest multi-tenant directory. Azure AD is implemented as a Microsoft-managed service that is part of the platform as a service offering. does not incur any extra cost and is referred to as Free tier. It is possible for a single directory to support multiple cloud service subscriptions. such as support for Multi-Factor Authentication. Some advanced identity management features require paid versions of Azure AD. Most notably. and application data. it does not include definition of the computer class. groups and applications. The Azure AD schema contains fewer object types than the schema of AD DS. The directory serves as the security boundary and a container of Azure AD objects. and applications. You also do not have to develop additional functionality natively unavailable in AD DS. offered in the form of Basic and Premium tiers. Some of these features are also automatically included in Azure AD instances generated as part of Office 365 subscriptions. device. and its extensions are fully reversible.com suffix. It is possible and quite common to add at least one custom domain name that utilizes the DNS domain namespace that the tenant owns. Azure AD Identity Models Applications are represented in Azure AD by objects of the Application class and servicePrincipal class. It is not a part of core infrastructure that customers own and manage. or Microsoft Azure. and handling the authentication and authorization of the users. because this is a part of Azure AD functionality. since there is no process of joining computers to Azure AD. Tenants Unlike AD DS. While this implies that you have less control over its implementation. consisting of a unique name of your choice followed by the onmicrosoft. The directory is assigned the default DNS domain name. devices. Instead. hosting well over a million directory services instances. Azure AD is multi-tenant by design. Its most elementary form. similar to the Workplace Join feature of AD DS. and is implemented specifically to ensure isolation between its individual directories. you will also automatically generate a new Azure AD directory instance. The lack of support for domain membership means that you cannot use Azure AD to manage computers or user settings by using Group Policy objects (GPOs).9 percent uptime SLA. which any new Azure subscription automatically includes. These features are effective and efficient in existing deployments of cloud services such as Office 365. storing and publishing user. which rely on Azure AD as their identity provider and support millions of users. however. It is also easily extensible. It does. This facilitates deploying applications to multiple tenants.000 object limit and does not carry out any service level agreement (SLA) obligations. . also referred to simply as directory. facilitate device registration. such as users. Separating these two sets of characteristics allows you to define an application in one directory and use it across multiple directories by creating a service principal object for this application in each directory. Windows Intune. its primary strength lies in providing directory services. Both Basic and Premium tiers do not impose restrictions on the total number of directory objects and are bundled with 99. with billions of authentication requests per week. For example. In all three tiers. because organizational units in AD DS are used primarily for Group Policy scoping and delegation. Service Administrator. users can gain access to a set of designated applications via Access Panel. Some of the management actions are invoked from the Azure Portal leverage groups. For example. Azure AD does not include the organizational unit class. Instead of using LDAP-based lookups. making it possible to use the latter to sign in to Azure AD. With Azure AD Basic. allowing users to create and manage their own groups. SAML. Each of these roles provides different levels of directory-wide permissions to its objects. and Password Administrator. Azure AD queries rely on AD Graph application programming interface (API). such federation trust exists between Azure AD and the Microsoft identity provider that hosts Microsoft accounts (formerly known as Live ID accounts). AD DS federations have replaced trust relationships between domains and forests. By default. frequently used in on-premises AD DS deployments. This means that an Azure AD directory user account can directly reference an existing Microsoft account. such as Kerberos. This allows for the integration of its directories with cloud services and for interaction with directory instances of other Azure AD tenants and other identity providers. The Premium tier further extends this functionality by offering delegated and self-service group management. Role-based access control The delegation model described above applies to the graphical interface available in the full Azure Portal. Instead. which means that you cannot arrange its objects into a hierarchy of custom containers. but their availability depends on the Azure AD tier. resources such as websites or SQL databases. with full permissions to all objects in their directory instance. Each of these roles performs a specific set of actions on Azure resources that are exposed via the Preview Portal. in Azure AD Free. such access can also be granted based on the group membership. This mechanism relies on three built-in roles: owner. and request membership in groups created by others. Instead. which are best suited for on-premises. or OAuth messages. The Preview Portal offers a much more flexible and granular way of restricting management of Azure resources by implementing role-based access control. the administrators of the subscription hosting the Azure AD instance are its Global Administrators. Note that this approach applies only to resources that are available via the Preview Portal. contributor. User Administrator. including Global Administrator. and reader. Azure AD Federations In Azure AD. group. The intended access is granted by associating an Azure AD object (such as a user. This is not a significant shortcoming. the federation traffic travels over cloud-friendly HTTPS. . Billing Administrator. LAN-based communication that for which trust relationships were designed. You can also use AD FS and Web Application Proxy to establish such federations with on-premises AD DS deployments. WS-Federation.com/fwlink/?LinkID=517436.Delegation model MCT USE ONLY. The use of federations eliminates dependency on AD DS protocols. carrying WS-Trust. the delegation model in Azure AD is considerably simpler than the same model in AD DS. Additional Reading: The Access Panel is available at http://go. you can accomplish equivalent arrangements by organizing objects based on their attribute values or group membership. and its lack of both management capabilities via Group Policy settings and support for computer objects. or service principal) with a role and a resource appearing in the Azure Preview Portal. STUDENT USE PROHIBITED 7-6 Azure Active Directory Due to its operational model as SaaS.microsoft. there are several built-in roles. this means that identity data. this allows you to provide authentication and authorization to cloud-based services by using your on-premises AD DS. based on the federation with the Microsoft identity provider. You may prefer this choice if you do not have an existing or significant on-premises AD DS deployment. Authentication requests submitted to Azure cloud services are redirected from the cloud to your on-premises AD DS via the AD FS server. This involves forming a federation between your on-premises AD DS and Azure AD. you will see how to: • Create a directory and a custom domain and view the verification DNS records. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 7-7 Azure AD Identity Support Due to its built-in capabilities as an identity provider and support for federations. This gives you three high-level design choices: • Fully delegating authentication and authorization to Azure AD. Azure AD can authenticate and authorize users. adatum123456) o COUNTRY OR REGION: United States 3. Effectively.com.g. This way. or they can be sourced from existing Microsoft accounts. Start Internet Explorer and sign in to the full Azure Portal by using the Microsoft account that is associated with your Azure subscription. The identities can be defined directly in Azure AD. resides only in the cloud. • Create a user account. but its distinct advantage is support for SSO. Azure AD provides flexibility in designing an identity solution for your organizational or business needs. In effect.MCT USE ONLY. to access their applications.com/fwlink/?LinkID=517437. Identify DNS records that you need to create. in order to verify the newly created domain. Additional Reading: For information on creating or editing users. but you retain control over their state on-premises. Demonstration: Creating Domains and Users In this demonstration. • Taking advantage of the AD FS capabilities which this topic covered earlier. This approach simplifies application support of AD DS users who are not operating on-premises. It is also suitable in scenarios where a large number of AD DS users rely on Azure cloud services. Demonstration Steps Create a custom domain and view the verification DNS records 1. . This approach is similar to the second one. Add a new directory with the following settings: o NAME: Adatum o DOMAIN NAME: Use the same name as the NAME field + random numbers (e. which is synchronized in regular intervals to Azure AD. 2. Add a custom domain called contoso. including user credentials. • Maintaining an on-premises authoritative source of the identity data in AD DS. go to http://go. 4. such as Office 365.microsoft. we are using the Microsoft account associated with the current Azure subscription o Enable Multi-Factor Authentication: Not selected 2. Demonstration Steps Add a directory application • MCT USE ONLY. Assign the Microsoft OneDrive application to Adam Brooks with single sign-on enabled. . 3. you will see how to: • Add a directory application. Assign a directory application to a user 1. Type your email address and password to provide SSO to the application for the user. Create a user in the default directory with the following settings: o USER NAME: adam o FIRST NAME: Adam o LAST NAME: Brooks o DISPLAY NAME: Adam Brooks o ROLE: Global Administrator o ALTERNATE EMAIL ADDRESS: an alternate email address. In this case. for example. in the SEND PASSWORD IN EMAIL box. • Assign a directory application to a user.Create a user account 1. Demonstration: Assigning Users to Applications In this demonstration. STUDENT USE PROHIBITED 7-8 Azure Active Directory Add Microsoft OneDrive application to the directory. 2. Note the value for NEW PASSWORD. As a backup. type the email address of your Azure subscription. Microsoft Azure Multi-Factor Authentication Microsoft Azure Multi-Factor Authentication is integrated into Azure AD. Multi-Factor Authentication adds an extra verification that relies on either having access to a device that is assumed to be in the possession of the rightful owner or. . Lesson Objectives After completing this lesson. you will learn how to implement and take advantage of both of these features. the user must press the pound key) or a text message. Traditional. Requires the user to provide a mobile phone number. • Describe benefits of SSO provided by Azure AD. in the case of biometrics. the user is prompted to set up the authentication by selecting one of the following options: • Mobile phone. This additional requirement makes it considerably more difficult for an unauthorized individual to compromise the authentication process. At the next logon attempt. Requires the user to have a smart phone on which he or she must install and configure the mobile phone app. typically consisting of a user name and the associated password. • Mobile app. The verification can be in the form of a phone call (at the end of which.MCT USE ONLY. • Access applications via Access Panel. The administrator must preconfigure this entry and the user cannot modify or provide this entry at the verification time. having physical characteristics of that person. In this module. The process of implementing Multi-Factor Authentication for an Azure AD user account starts when a user with the global administrator role enables the account for Multi-Factor Authentication from the Azure Portal. • Configure Multi-Factor Authentication and SSO in Azure AD. Multi-Factor Authentication The purpose of Multi-Factor Authentication is to increase security. • Office phone. It allows the use of a phone as the physical device providing a means of confirming the user’s identity. standard authentication requires knowledge of logon credentials. Requires the specification of the OFFICE PHONE entry of the user’s contact info in Azure AD. you should be able to: • Describe benefits of Multi-Factor Authentication provided by Azure AD. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 7-9 Lesson 2 Manage Authentication Azure AD enhances authentication security and simplifies user experience by supporting Multi-Factor Authentication and SSO. desktop apps and modern apps that rely on authenticated access to Azure AD will fail to connect to cloud services. SSO via Access Panel SSO allows users to access software as a service (SaaS) applications available from the Azure AD application gallery. Individual users can sign in to the Access Panel by providing their Azure AD credentials. such as Microsoft Outlook. Once Azure AD administrators have assigned these applications to users and configured them for SSO. Additional Reading: To read more about Azure Multi-Factor Authentication. . they automatically appear in the Access Panel. You also can invalidate all app passwords for an individual user if the computer or device where the apps are installed is compromised. Box. However. STUDENT USE PROHIBITED 7-10 Azure Active Directory As part of the verification process. App passwords can be a potential security vulnerability. Multi-Factor Authentication status for the user changes from enabled to enforced. in-house developed applications which reside on-premises or have been published to Azure AD. users will not be prompted for their credentials when opening the Access Panel or launching its applications if Azure AD has already authenticated their cloud or federated account. This is accomplished by leveraging one of two distinct abilities of Azure AD. because without app passwords assigned.com/fwlink/?LinkID=517439. This is because the use of Multi-Factor Authentication is limited to authenticating access to applications and services via a browser. The Additional security verification option appears in the Access Panel. the user is also given an option to generate app passwords. Randomly generated app passwords can then be assigned to individual apps by using their configuration settings. Generating app passwords is especially important. go to http://go. Microsoft Lync. Once the verification process is successfully completed.App passwords MCT USE ONLY.com/fwlink/?LinkID=517438. Effectively. Therefore. The first facilitates secure storage of user credentials and the second relies on support for federated trusts with other cloud services and identity providers. or mobile apps for email. you can choose and configure a different verification mechanism and generate app passwords.microsoft. A number of commercial applications with SSO capabilities (such as Office 365.microsoft. or Salesforce) are preconfigured for integration with Azure AD and published in its application gallery. as well as custom. The same verification process repeats during every subsequent authentication attempt. without having to provide their username and password when they are launched. go to http://go. reflecting the status change. Additional Reading: To view the Azure AD application gallery. you can prevent all directory users from creating app passwords. as an administrator. it does not apply to traditional desktop applications or modern apps. From the Access Panel. When a user launches an app. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 7-11 You can use the following three mechanisms to implement SSO support: • Password-based SSO with Azure AD storing credentials for each user of a password-based SSO application. such as AD FS. they have the option to enter app credentials on the user's behalf. Azure AD transparently extracts the user's app-specific stored credentials and securely relays them to its provider as part of the browser's session. you will see how to: • Configure the Office Phone property for an Azure AD user account. On-premises applications require additional configuration. Sign in to the Azure Portal by using your Azure subscription. 2. However. when accessing a password-based SSO app. Launch the multi-factor authentication service portal. 2. which includes installation of the application proxy connector on-premises and enabling application proxy in Azure AD. in this case.MCT USE ONLY. users first rely on their Azure AD credentials to authenticate to the Access Panel. When Azure AD administrators assign a password-based SSO app to an individual user. In this scenario. • Enable Multi-Factor Authentication for an Azure AD user account. the application provider relies on the Azure AD directory to handle the user's authentication. adding an application to the Azure AD directory involves creating a federated trust with the application. Configure Multi-Factor Authentication for an Azure AD user account 1. Azure AD serves as a central point of managing application authentication and authorization. The Access Panel application entry redirects the authentication request to that provider. Enter OFFICE PHONE number for Adam Brooks. and considers the user to be already authenticated when the user launches the application. You can also use Azure AD SSO functionality to control access to on-premises applications or applications developed in-house. they can update their stored credentials directly from the Access Panel. • Azure AD SSO. The Azure Portal facilitates both of these scenarios by creating required applicationrelated objects in Azure AD. Enable Multi-Factor Authentication for Adam Brooks. Demonstration Steps Configure the Office Phone property for an Azure AD user account 1. • Existing SSO with Azure AD leveraging an existing federated trust between the application and an SSO provider. with Azure AD establishing a federated trust with federation-capable SSO applications. . If users change their credentials after being assigned an app. Demonstration: Configuring Multi-Factor Authentication In this demonstration. In this case. Effectively. This is similar to the second mechanism because there are no separate application credentials involved. Effectively. the application provider trusts an identity provider other than Azure AD. Demonstration Steps Authenticate as a user with Multi-Factor Authentication enabled 1. Change the temporary password assigned to the adam user account. 2. Launch the Microsoft OneDrive application from the Access Panel. . 3. 5.microsoft. Sign in to the Access Panel at https://myapps. install Access Panel Extensions. Sign out from Microsoft OneDrive and from the Access Panel. From the Access Panel. • Access SSO applications via the Access Panel. Close Internet Explorer. STUDENT USE PROHIBITED 7-12 Azure Active Directory 1. Configure Multi-Factor Authentication verification options for the adam user account. Authenticate by using Multi-Factor Authentication.Demonstration: Accessing Applications Through the Access Panel In this demonstration.com by using the adam user account. Access SSO applications via the Access Panel MCT USE ONLY. 2. you will see how to: • Authenticate as a user with Multi-Factor Authentication enabled. 3. This will close all Internet Explorer windows. Sign in again to the Access Panel by providing adam user account credentials. 6. 4. you first need to create a new Azure AD directory.microsoft.MCT USE ONLY.com and sign in to Azure Portal by using the Microsoft account that is associated with your Azure subscription. adatum123456) o COUNTRY OR REGION: United States Results: After completing this exercise. 2. you will be able to: • Create an Azure AD directory. • Create users in an Azure AD directory. In Internet Explorer. . Create an Azure AD directory. Estimated Time: 30 minutes Sign in to your classroom computer by using the credentials your instructor provides.  Task 1: Create an Azure AD directory 1. Create a new directory within the existing subscription with the following settings: o DIRECTORY: Create new directory o NAME: Adatum o DOMAIN NAME: Use the same name as the NAME field + random numbers (e.g. initially. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 7-13 Lab: Create Users in Azure Active Directory Scenario Now that you have configured several services in Microsoft Azure. browse to http://azure. you plan to migrate existing organizational accounts to Azure. Objectives After completing this lab. you need to create user accounts for employees to securely access the services. you will have created a new Microsoft Azure Active Directory (Azure AD) directory by using Azure Portal. you want to test Azure AD with a separate Azure AD directory instance. You will use Azure Portal to accomplish this task. Exercise 1: Create an Azure AD Directory Scenario To prepare for testing user management in Azure AD. The main task for this exercise is as follows: 1. but. In the long term. and configure that account as a Global Administrator of the directory. you already created a test directory. The main tasks for this exercise are as follows: 1.  Task 1: Create users in an Azure AD directory 1. 3. Create the following user in the Adatum directory: 4.Exercise 2: Create Users in Azure Active Directory Scenario MCT USE ONLY. Now it is time to create test user accounts. View Azure AD directory users and administrators. in the SEND PASSWORD IN EMAIL box. type the email address of your Azure subscription.  Task 2: Add a Microsoft account to an Azure AD directory • Add an Azure AD user with the following settings: o TYPE OF USER: User with an existing Microsoft account o USER NAME: type the name of an existing Microsoft account that the instructor provided o FIRST NAME: Leave blank o LAST NAME: Instructor o DISPLAY NAME: Instructor o ROLE: User . 2. in the SEND PASSWORD IN EMAIL box. as a backup. STUDENT USE PROHIBITED 7-14 Azure Active Directory To test Azure AD functionality. 3. Configure a user account as a Global Administrator of an Azure AD directory. as a backup. You will use Azure Portal to accomplish this task. add an existing Microsoft Account. Create the following user in the Adatum directory: o USER NAME: deanna o FIRST NAME: Deanna o LAST NAME: Ball o DISPLAY NAME: Deanna Ball o ROLE: User o Enable Multi-Factor Authentication: Not selected 2. Note the value for NEW PASSWORD. type the email address of your Azure subscription. 4. o USER NAME: kari o FIRST NAME: Kari o LAST NAME: Tran o DISPLAY NAME: Kari Tran o ROLE: Global Administrator o Enable Multi-Factor Authentication: Not selected Note the value for NEW PASSWORD. Add a Microsoft account to an Azure AD directory. Create users in an Azure AD directory. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 7-15  Task 3: Configure a user account as a Global Administrator of an Azure AD directory • Configure the Instructor account as the Global Administrator of the Adatum Azure AD directory. you will have used Azure Portal to create an Azure AD directory user account. Use the multi-factor authentication page to view members of built-in Azure AD organizational roles. including Microsoft accounts that have been added to the directory.MCT USE ONLY.  Task 4: View Azure AD directory users and administrators 1. Results: After completing this exercise. add a Microsoft Account to Azure AD directory and configure it as a Global Administrator. . and view the results of these actions. Use the USERS tab of the Adatum Azure AD directory to view all user accounts. 2. Module Review and Takeaways Review Question Question: What are some benefits of using Azure AD as an identity provider? MCT USE ONLY. STUDENT USE PROHIBITED 7-16 Azure Active Directory . for certain management tasks and operations. Objectives After completing this module. Microsoft provides Windows PowerShell and the Azure cross-platform command-line interface. you will be able to: • Describe and use Windows Azure PowerShell to manage your Azure subscription. or combine management of Azure resources with management of other network and infrastructure services. as a developer. Typically.MCT USE ONLY. • Describe and use Microsoft Visual Studio and the Azure cross-platform command-line interface to manage your Azure subscription. However. In addition to these command-line tools. . the Azure portals might not be the best management tools to use. you can use Microsoft Visual Studio 2013 to manage aspects of your Azure subscription. STUDENT USE PROHIBITED 8-1 Module 8 Microsoft Azure Management Tools Contents: Module Overview 8-1 Lesson 1: Azure PowerShell 8-2 Lesson 2: The Azure SDK and the Azure Cross-Platform Command-Line Interface 8-8 Lab: Using Microsoft Azure Management Tools 8-13 Module Review and Takeaways 8-16 Module Overview The Microsoft Azure portals provide a graphical interface for managing your Azure subscriptions and services. you might want to automate some management tasks by creating reusable scripts. To enable you to manage Azure by using a command-line interface. including Azure. These products allow you to view the generated Windows PowerShell script so you can execute the task at a later time without having to complete all of the steps in the GUI. You can learn about the functionality of any Windows PowerShell cmdlet by using the Get-Help cmdlet. Windows PowerShell cmdlets use a verb-noun syntax. and provision and manage Azure services. which allows administrators to complete commands by pressing the tab key rather than having to type the complete command. You can extend the Windows PowerShell platform to a wide range of other infrastructure elements. by importing modules of encapsulated code called cmdlets. Windows PowerShell includes features such as tab completion. MCT USE ONLY. The available verbs vary with each cmdlet’s noun. The ability to automate complex tasks simplifies a server administrator’s job and saves time. Common Windows PowerShell cmdlet verbs include: • Get • New • Set . • Describe how to use Azure PowerShell. or combine into Windows PowerShell scripts. An increasing number of Microsoft products have graphical interfaces that build Windows PowerShell commands.Lesson 1 Azure PowerShell Windows PowerShell provides a scripting platform that you can use to manage Windows operating systems. Each noun has a collection of associated verbs. Introduction to Windows PowerShell Windows PowerShell is a scripting language and command-line interface that is designed to help you perform day-to-day administrative tasks. • Explain how to manage Azure accounts and subscriptions by using the Azure PowerShell module. STUDENT USE PROHIBITED 8-2 Microsoft Azure Management Tools You can extend Windows PowerShell functionality by adding modules. Windows PowerShell constitutes cmdlets that you execute at a Windows PowerShell command prompt. For example. you will be able to: • Describe Windows PowerShell. • Install the Azure PowerShell module and connect to Azure by using the account credentials. This lesson explores how you can use Windows PowerShell to connect to an Azure subscription. Lesson Objectives After completing this lesson. the Azure module includes Windows PowerShell cmdlets that are specifically useful for performing Azure–related management tasks. MCT USE ONLY.com/fwlink/?LinkID=517448. and you can install it using the Microsoft Web Platform Installer. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 8-3 • Restart • Resume • Stop • Suspend • Clear • Limit • Remove • Add • Show • Write You can view the available verbs for a particular Windows PowerShell noun by executing the following command: Get-Command -Noun NounName You can view the available Windows PowerShell nouns for a specific verb by executing the following command: Get-Command -Verb VerbName Windows PowerShell parameters start with a dash. go to http://go. There are two Windows PowerShell libraries that you can install to manage Azure. Introduction to Azure PowerShell Before you can use Windows PowerShell to manage Azure services. . and then you must add the required Windows PowerShell modules. The Windows PowerShell cmdlets that are available depend on which modules are loaded. Additional Reading: To view the link to the latest version of Azure PowerShell.microsoft. You can load a module by using the Import-Module cmdlet. This is the primary Windows PowerShell library for managing Azure services. • Azure PowerShell. you must ensure that Windows PowerShell is installed. Each Windows PowerShell cmdlet has its own associated set of parameters. You can learn what the parameters are for a particular Windows PowerShell cmdlet by executing the following command: Get-Help CmdletName You can determine which Windows PowerShell cmdlets are available by executing the Get-Command cmdlet. you must connect it to the Azure subscriptions that you want to manage with it. you can use the Add-AzureAccount cmdlet. you can set the current subscription by using the Set-AzureSubscription cmdlet with the name of the subscription that you want to use. and you can use the Get-AzureSubscription cmdlet to view a list of subscriptions associated with those accounts. and after signing in. The Azure PowerShell module has a dependency on the Microsoft . A set of cmdlets for managing resource groups. If you have multiple subscriptions. Azure AD authentication is token-based. although you refresh it in the Windows PowerShell session. Before you can install the Azure AD module.5. To connect an Azure account to the local Windows PowerShell environment. you must install the Microsoft Online Services Single Sign-In Assistant. You can use Azure AD authentication to sign in to an Azure account using one of the following types of credential: o A Microsoft account associated with an Azure subscription. groups. Connecting to the Azure subscriptions requires that you authenticate. STUDENT USE PROHIBITED 8-4 Microsoft Azure Management Tools After you have authenticated. • Azure AD Authentication.com/fwlink/?LinkID=517449. you can install the Azure AD PowerShell library to manage users. A set of cmdlets for managing authentication and execution context. You can obtain both of these components from http://go. and you can take two approaches to accomplish this: Azure AD authentication and certificate-based authentication. o AzureResourceManager. • Azure AD PowerShell. The expiration time for an Azure AD token is 12 hours. and other aspects of the directory from Windows PowerShell. In many cases. This opens a browser window through which you can interactively sign in to Azure by entering a valid user name and password. o An organizational account defined in Azure Active Directory. MCT USE ONLY. If you plan to implement Active Directory (AD) in Azure. the user remains authenticated until the authentication token expires.Azure PowerShell includes the following modules: o Azure.microsoft. .this is the only Azure PowerShell library that you require.NET Framework 4. you can use the Get-AzureAccount cmdlet to view a list of Azure accounts you have associated with the local Windows PowerShell environment. A core set of cmdlets for managing Azure services. Managing Azure Accounts and Subscriptions with Windows PowerShell After you install the Azure PowerShell module. and the Web Platform Installer checks for this during installation. o AzureProfile. and in the other mode. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 8-5 • Certificate-Based Authentication. and we recommend that you use the authentication model. However. Using the Switch-AzureMode cmdlet # Switch to Resource Manager mode (activate the AzureResourceManager module) Switch-AzureMode -Name AzureResourceManager # Switch back to service manager mode (activate the Azure module) Switch-AzureMode -Name AzureServiceManagement Service Management Mode By default. cmdlets from the Azure module are available. or you can generate your own by using your organization’s public key infrastructure (PKI) solution or a utility such as Makecert. . you can use the Switch-AzureMode cmdlet. The Azure PowerShell library provides two operational modes. To display syntax for a specific Azure cmdlet. or use the Get-AzureStorageAccount cmdlet to get a reference to an existing storage account. and manage individual Azure services in your subscription. Note: The downloaded file is used by the Import-AzureSubscription cmdlet and is an XML file with a ". You can view the information and certificate for your Azure subscription by using the Get-AzurePublishSettingFile cmdlet.MCT USE ONLY. or Windows PowerShell scripts that will run for long periods of time during which an authentication token might expire. Examples of where certificate-based authentication is appropriate include earlier versions of tools that do not support Azure AD authentication. and manage Azure services. cmdlets from the AzureResourceManager module are available. provision. create. For a full list and summary description of the cmdlets in the Azure module.509 (v3) certificate that associates a client application or service with an Azure subscription. Using Azure PowerShell Cmdlets After you have connected your Windows PowerShell environment to your Azure subscription. Most tools for managing Azure support Azure AD authentication. Note: An Azure management certificate is an X. The Azure module contains a comprehensive set of cmdlets. you can use the Get-Help cmdlet.publishsettings file that contains information and a certificate for your Windows Azure subscription. In one mode.publishsettings" extension. Cmdlets from the AzureProfile module are available in both modes. you can use Azure cmdlets to view. For example. To switch between modes. the Azure module is active and Azure PowerShell is in the Service Management mode. This cmdlet downloads a . You can use an Azure-generated management certificate. you can use the Windows PowerShell Get-Command cmdlet. which is defined in the AzureProfile module. which you can use to view. in some cases it might be more appropriate to authenticate by using a management certificate. you can use the New-AzureWebsite cmdlet to create an Azure website. STUDENT USE PROHIBITED 8-6 Microsoft Azure Management Tools In Resource Manager mode. Demonstration: Installing the Azure PowerShell Module and Connecting to Azure by Using Account Credentials In this demonstration. Viewing information about AzureResourceManager cmdlets # Switch to Resource Manager mode Switch-AzureMode -Name AzureResourceManager # Get a list of cmdlets in the AzureResourceManager module Get-Command -Module AzureResourceManager | Get-Help | Format-Table Name. or use the Remove-AzureResourceGroup cmdlet to remove a resource group and all the resources that it contains. . you could use the Get-AzureResourceGroup cmdlet to get a reference to an existing resource group. For example. and it does not support all the functionality in the Azure module. Additionally. you will see how to: • Install the Windows PowerShell Azure module. you can use Windows PowerShell to create and manage Azure resources in resource groups. • Use Azure PowerShell cmdlets. Synopsis # Get the syntax for a specific cmdlet Get-Help New-AzureVM # Get an example Get-Help New-AzureVM –Example Resource Manager Mode MCT USE ONLY.Viewing information about Azure module cmdlets # Get a list of cmdlets in the Azure module Get-Command -Module Azure | Get-Help | Format-Table Name. This approach makes it easier to manage related sets of resources as a unit. • Connect to your Azure subscription. Synopsis # Get the syntax for a specific cmdlet Get-Help Remove-AzureResourceGroup # Get an example Get-Help Remove-AzureResourceGroup -Example Note: The AzureResourceManager module is currently in preview. You can use the Get-Command and Get-Help cmdlets to view information about the cmdlets in the AzureResourceManager module. you cannot use the AzureResourceManager module in a certificate-based authentication session. Substitute the #### with a random number. Add your Azure account to the local PowerShell environment by using Azure AD authentication. Connect to your Azure subscription 1. When you have finished. Download and install the Windows PowerShell modules for Azure from http://azure. When prompted. you must select the Azure Pass subscription. 2. New-AzureWebsite MySite#### get-AzureWebsite MySite#### 3. sign in using the Microsoft account associated with your Azure subscription: Add-AzureAccount Use Azure PowerShell Cmdlets 1. Run the following command: select-azuresubscription -subscriptionName "Azure Pass" 2.com/en-us/downloads/. close Windows PowerShell ISE. .microsoft. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 8-7 Demonstration Steps Install Windows PowerShell Azure Module 1.MCT USE ONLY. Start the Windows PowerShell interactive scripting environment (ISE) as Administrator. Verify that your account and subscription are connected to the local PowerShell environment: Get-AzureAccount Get-AzureSubscription Note: If you have more than one subscription. Create a new website and view its properties. Visual C++. STUDENT USE PROHIBITED 8-8 Microsoft Azure Management Tools The Azure Software Developers Kit (SDK) enables developers that are familiar with Visual Studio to use these skills to develop apps. websites. desktop apps. • Explain how to install and use the Azure Cross-Platform Command-Line Interface. The Azure crossplatform command-line interface provides administrators with a scriptable command-line tool with which they can administer their Microsoft Azure subscription and Azure services. You can publish your web application directly to Azure from the IDE. Windows Phone apps. and also can develop their apps in different languages. and JavaScript. web apps. . and web services for Microsoft Azure. • Describe the Azure Cross-Platform Command-Line Interface.NET is a group of Visual Studio tools. and deploy apps that run in Azure. you will be able to: • Describe the components of the Azure SDK. This lesson discusses these tools. and web services.NET installs the following products: • Microsoft Visual Studio Express for Web. Note: Developers can use Visual Studio 2013 to create a variety of apps: Windows Store apps. runtime binaries. Visual F#. Visual C#. then the Azure SDK installs Visual Studio Express for Web. Note: If your local computer does not have Visual Studio installed. Note: You can download the SDK from the Azure Downloads page.Lesson 2 The Azure SDK and the Azure Cross-Platform CommandLine Interface MCT USE ONLY. Provides you with tools to create standards-based websites using ASP. web apps. Developers can code in Visual Basic. test. What Is the Azure SDK? The Azure Software Developers Kit (SDK) for . Lesson Objectives After completing this lesson.NET. The Azure SDK for . and client libraries that your development team can use to develop. command-line tools. blobs). and Caching that are stored on your computer so that Visual Studio can create new cloud service projects while it is offline. o Create Azure virtual machines. Microsoft Azure Authoring Tools. Installs AzCopy.NET. Note: AzCopy is a command-line utility designed for high-performance uploading. and copying data to and from Microsoft Azure Blob and File storage. Microsoft Azure Tools for Microsoft Visual Studio. o Create Windows PowerShell deployment scripts. a command-line tool that you can use to transfer data into and out of an Azure Storage account. Enables you to work with Azure Cloud Services and Virtual Machines to: o Create. o Runtime binaries that cloud service projects require for communicating with their runtime environment and for diagnostics. Enables you to work with your Azure-based websites to: o Publish web projects to Azure websites. o Create Windows PowerShell scripts. Service Bus. • Microsoft Azure Storage Tools. o The CSEncrypt command-line tool for encrypting passwords that you can use to access cloud service role instances using a remote desktop connection. and publish cloud service projects. include: o NuGet packages for Azure Storage.MCT USE ONLY. Uses a SQL Server instance and the local file system to simulate Azure Storage (queues. Simulates the cloud service environment so that you can test cloud service projects locally on your computer before you deploy them to Azure. o Create deployment packages for cloud service projects. o View and manage cloud service project settings. downloading. o Manage and troubleshoot Azure Websites. • Microsoft Azure Libraries for .NET and Web Tools for Visual Studio. o Publish console application projects. so that you can test locally. Includes the following: o The CSPack command-line tool for creating deployment packages. virtual machines. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 8-9 • • • Microsoft ASP. • Microsoft Azure Emulator. Note: NuGet is the package manager for the Microsoft development platform. tables. and Service Bus. open. o View and manage cloud services. o Create Azure websites and Windows Azure SQL Database resources. . o A Visual Studio plug-in that enables Azure In-Role Cache projects to run locally in Visual Studio. • Microsoft Azure Storage Emulator. SQL Database.microsoft. Azure cross-platform command-line interface provides much of the same functionality found in the Azure portal. you must sign in to your Azure subscription. 4.publishsettings file] command. such as the ability to manage websites. 2. Note: Both the Visual Studio Updates and the Azure SDK for . This cache can be used by any roles within the same cloud service deployment. Note: All commands must be preceded with the word azure. Introduction to the Azure Cross-Platform Command-Line Interface The Azure Cross-Platform Command-Line Interface provides a set of cross-platform commands you use to work with the Azure your Azure subscription. perform the following procedure: 1.publishsettings extension. • LightSwitch for Visual Studio publishing add-on. or by downloading and using a publish settings file. and other services. virtual machines. Additional Reading: To download the Azure cross-platform command-line interface. Run the azure account import [path to . go to http://go. You can either sign in by using an organizational account. You can use this add-on to publish LightSwitch projects to Azure Websites. STUDENT USE PROHIBITED 8-10 Microsoft Azure Management Tools 3. After you have installed the Azure Cross-Platform Command-Line Interface. mobile services. Open Windows PowerShell.NET include the LightSwitch add-on. 2. Run the azure account download command. You are prompted to download the publish settings file. A web browser window opens. You now can use the azure command from the Windows PowerShell command-line to manage your Azure subscription. Run the azure login [username] [password] command. Use the following procedure to sign in by using an organization account: 1. Note: If you are not already connected to your Azure subscription. . you will be prompted to sign in. Open Windows PowerShell.com/fwlink/?LinkID=517448.Note: In-Role Cache allows you to host caching within your roles. you can ensure that you have the latest version of the add-on. By installing the SDK. To sign in using a publish settings file. This file has a . MCT USE ONLY. Install the Microsoft Azure Cross-platform Command Line Tools. you will see how to: • Install the Microsoft Azure Cross-platform command-line tools.0 window. Export the account information required to sign in to your Azure subscription. you can manage your websites by using the Azure Cross-Platform Command-Line Interface. Any lines that match are then piped to the awk command. • Use the Microsoft Azure Cross-platform command-line tools.MCT USE ONLY. Azure account download 3. Use the Microsoft Azure Cross-platform command-line tools 1. and then sign in to your Azure subscription. Import the account information. 2. For example. Switch to the Web Platform Installer 5. Demonstration Steps Install the Microsoft Azure Cross-platform command-line tools 1. Open Windows PowerShell ISE. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 8-11 You can manage Azure services easily from the command prompt. this inspects each line for the string 'Running'. Use the following command to create a new website: azure site create mywebsite Use this command to list your websites: azure site list The following command will delete a named website: azure site delete mywebsite You can also create complex scripts by using this command: azure site list | grep 'Running' | awk '{system("azure site stop "$2)}' The preceding code pipes a list of websites to the grep command. Azure account import filename . Demonstration: Installing and Using the Azure Cross-Platform CommandLine Interface In this demonstration. 2. this calls Azure site stop and uses the second column passed to it (the running site name) as the site name to stop. MCT USE ONLY. Stop the website: Azure site stop MySite#### 6. and close all open applications. List all available websites within your subscription. STUDENT USE PROHIBITED 8-12 Microsoft Azure Management Tools . Azure site list 5.4. Sign out from your Azure subscription. MCT USE ONLY. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 8-13 Lab: Using Microsoft Azure Management Tools Scenario Much of your on-premises administration is automated with Windows PowerShell scripts, and you have decided to test the use of Windows PowerShell and the Microsoft Azure Cross-platform command-line tools with Microsoft Azure to help to automate administrative tasks. Objectives After they complete this lab, the students will have: • Installed and used Azure PowerShell. • Installed and used the Azure cross-platform command-line tools. Lab Setup Estimated Time: 40 minutes Sign in to your classroom computer by using the credentials your instructor provides. Note: To complete the lab in this module, you must have completed the labs in Module 1 of this course. Exercise 1: Use the Azure PowerShell Modules Scenario In this exercise, you will install and use the Windows PowerShell module for Microsoft Azure. The main tasks for this exercise are as follows: 1. Install the Windows PowerShell Azure module. 2. Connect to your Azure subscription. 3. Use Azure PowerShell cmdlets.  Task 1: Install the Windows PowerShell Azure module • Download and install the Windows PowerShell modules for Azure from http://azure.microsoft.com/en-us/downloads/.  Task 2: Connect to your Azure subscription 1. Start the Windows PowerShell interactive scripting environment (ISE) as Administrator. 2. Add your Azure account to the local PowerShell environment by using Azure AD authentication. When prompted, sign in by using the Microsoft account associated with your Azure subscription. Add-AzureAccount  Task 3: Use Azure PowerShell cmdlets 1. Verify that your account and subscription are connected to the local Windows PowerShell environment: Get-AzureAccount Get-AzureSubscription Note: If you have more than one subscription, you must select the Azure Pass subscription. Run the following command: select-azuresubscription -subscriptionName "Azure Pass" 2. Create a new website, and view its properties. Substitute the #### with a random number. Use the same number in both commands. New-AzureWebsite MySite#### get-AzureWebsite MySite#### 3. When you have finished, leave Windows PowerShell ISE running. 4. In Internet Explorer, open a new tab and browse to http://azure.microsoft.com, click Portal, and then sign in using the Microsoft account that is associated with your Azure subscription. Verify that your website exists. Results: After you complete this exercise, you will have successfully installed and used the Windows PowerShell module for Microsoft Azure. Exercise 2: Use the Azure Cross-Platform Command-Line Interface Scenario In this exercise, you will install and use the Microsoft Azure cross-platform command-line tools. The main tasks for this exercise are as follows: 1. Install the Microsoft Azure Cross-platform command-line tools. 2. Use the Microsoft Azure cross-platform command-line tools.  Task 1: Install the Microsoft Azure Cross-platform command-line tools 1. Switch to the Web Platform Installer 5.0 window. 2. Install the Microsoft Azure Cross-platform Command Line Tools.  Task 2: Use the Microsoft Azure cross-platform command-line tools 1. Switch to Administrator: Windows PowerShell ISE. 2. At the command prompt, type the following command, and then press Enter. This command downloads the credentials needed to connect to your Azure subscription. Azure account download Note: If you are prompted, sign in to your Azure subscription. MCT USE ONLY. STUDENT USE PROHIBITED 8-14 Microsoft Azure Management Tools MCT USE ONLY. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 8-15 3. Internet Explorer is opened and you are prompted to download a file. This is your published settings file. Click the down arrow next to Save, and then click Save As. 4. In the Save As dialog box, in the navigation pane, double-click Local Disk (C:), double-click Labfiles, and then click Save. 5. Switch to Administrator: Windows PowerShell ISE. 6. At the command prompt, type the following command. This command imports the credentials needed to connect to your Azure subscription. Note: When you type C:\labfiles\, Intellisense prompts you to select a file. Click the file you created earlier and press Tab. Azure account import C:\labfiles\ 7. Press Enter to complete the import command. 8. At the command prompt, type the following command, and then press Enter. Azure site list 9. At the command prompt, type the following command, and then press Enter. Substitute the #### with the number you used in the last lesson to create your website. Azure site stop MySite#### 10. At the command prompt, type the following command and then press Enter. Substitute account for the credentials you use to connect to your Azure subscription. Azure logout account Note: If you receive an error, continue. 11. Close all open windows and applications. Results: After completing this exercise, you will have successfully installed and used the Microsoft Azure cross-platform command-line tools. Module Review and Takeaways Review Question Question: With Azure PowerShell, what is one advantage of using certificate authentication over Azure AD authentication when running long Windows PowerShell scripts? MCT USE ONLY. STUDENT USE PROHIBITED 8-16 Microsoft Azure Management Tools Please work with your training provider to access the course evaluation form. Your open and honest feedback is valuable and appreciated. STUDENT USE PROHIBITED Microsoft Azure Fundamentals 8-17 Course Evaluation Your evaluation of this course will help Microsoft understand the quality of your learning experience. .MCT USE ONLY. Microsoft will keep your answers to this survey private and confidential and will use your responses to improve your future learning experience. MCT USE ONLY. STUDENT USE PROHIBITED . at the bottom of this pane. 6. At the bottom of the screen. 4. start Internet Explorer. in the EMAIL ADDRESS box. in the Azure portal. Select the check box next to your subscription in the SUBSCRIPTION list below. 5. Then.  Task 2: Add a co-administrator 1. you should have successfully added a co-administrator to your Azure subscription. click ADD. note the pane containing icons for each service. In Internet Explorer.MCT USE ONLY.microsoft. type Admin@Contoso. click SETTINGS (you might need to use the scroll bar for the pane).com. STUDENT USE PROHIBITED L1-1 Module 1: Getting Started with Microsoft Azure Lab: Use the Microsoft Azure Portal Exercise 1: Add a Co-Administrator  Task 1: Connect to the Azure Portal 1. and then click OK (the check box). 2. If necessary. on the left side of the page. 3. Click the ADMINISTRATORS tab and verify that your Microsoft account is listed as the service administrator. . click Portal. note the details of your subscription. Results: After you complete this exercise. 2. and sign in using the Microsoft account that is associated with your Azure subscription. In the Specify a co-administrator for subscriptions dialog box.com. Ensure that you are signed in to your local host. On the settings page. on the SUBSCRIPTIONS tab. browse to http://azure. Do not save the worksheet. click Download Usage. This opens a new tab in Internet Explorer.  Task 2: View billing period 1. 3. In Internet Explorer. 4. click Open. sign in using the Microsoft account credentials associated with your Azure subscription. 2. . you should have successfully viewed your Azure subscription billing data. the file opens in Microsoft Excel. When prompted. at the top-right of the Microsoft Azure management portal. Depending on installed software on your local computer. Close the current Internet Explorer tab. In the Summary screen. click your subscription. 3. Review the information and then close Excel. Then review the summary of usage and billing that is displayed. Results: After you complete this exercise. On the subscriptions page. click your Microsoft account name and then click View my bill. 2. Click Download usage details. If prompted.Exercise 2: View Billing Data  Task 1: View subscription usage MCT USE ONLY. STUDENT USE PROHIBITED L1-2 Getting Started with Microsoft Azure 1. 5. 2. Site Title: AdatumMyBlog#### Where #### is a unique number. In the Azure portal.  Task 2: Install WordPress 1. type AdatumBlog####. In Internet Explorer.MCT USE ONLY. click WEBSITES. In the websites list. Internet Explorer opens a new tab and navigates to your new website. complete the Information needed section with the following information: a. click BLOGS.  Task 3: Create a blog post 1. 2. Click NEW.microsoft. and then click Complete.com. Username: The email address associated with your Azure subscription. In the REGION list. click Log In. Note: Your website is created. click Portal. 6. . twice: Pa$$w0rd. 9. Select the I agree to ClearDB’s legal terms … check box. 3. 3. and then click FROM GALLERY. If your URL is unique. type the email address associated with your Azure subscription. 2. In the Password box. and browse to http://azure. b. 7. 4. click the URL for your new website. and then click Next. On the Configure Your App page. on the Success webpage. On the New MySQL Database page. click the appropriate region. 5. where #### is a unique number. accept the default name. in the languages list. Password. 10. In the Username box. 8. type Pa$$w0rd. On the Welcome page. d. in the URL column. Click Install WordPress. In the A-Z list. This may take a few minutes. click English (United States). c. 3. On the WordPress website. and then click Next. Leave DATABASE and WEBSCALEGROUP configured with default values. and sign in using the Microsoft account that is associated with your Azure subscription. 11. click WordPress. In the ADD WEB APP Wizard. 4. Your E-mail: The email address associated with your Azure subscription. Select the appropriate REGION. Start Internet Explorer. on the navigation pane. STUDENT USE PROHIBITED L2-3 Module 2: Websites and Cloud Services Lab: Websites and Cloud Services Exercise 1: Create a WordPress Website  Task 1: Create a website 1. in the URL box. a green check mark displays. and then click Continue. on the Find Apps for Microsoft Azure page. and then click Log In. type AdatumWeb####. and double-click ServiceConfiguration. a green check mark is displayed. 2. In the Upload a package dialog box. 5. Navigate to C:\Labfiles. 3. Navigate to C:\Labfiles. When deployment is finished. click the CONFIGURE tab. Note: Deployment begins. Note: If prompted by Internet Explorer to store the password for the website. and return to the Azure portal tab. 3. where #### is a unique number. Click Publish. In the REGION OR AFFINITY GROUP list. and then click CREATE CLOUD SERVICE. click FROM LOCAL. click Not for this site. 4. click your new cloud service. Exercise 2: Create a Cloud Service  Task 1: Create a Cloud Service 1.Cloud. 6. In the Azure portal.cspkg. In the URL text box. and double-click AdatumAds. For example. click Write your first blog post. click the SCALE tab. Next to the PACKAGE box. click CLOUD SERVICE. 8. type Welcome to the Adatum Blog. Your new post in displayed.Websites and Cloud Services 4. 10. type Adatum App ####. (where #### is the same number you typed earlier). 8. click your local region. 5. and then click QUICK CREATE. Click UPLOAD A NEW PRODUCTION DEPLOYMENT. 10. 6. Close the current tab in Internet Explorer.cscfg. 9. in the NAME list. 7. In the main text box. 9. Select both check boxes. 7. 2. In the Azure portal. If the name is valid and unique. Click View Post. in the Enter title here box. In the Dashboard. type a valid unique cloud service name. Next to the CONFIGURATION box. Click COMPUTE. In the results pane.  Task 2: Deploy a Cloud Service 1. click NEW. On the Add New Post page. This could take 10 to 15 minutes. Select the Remember Me check box. click FROM LOCAL. and then click OK. 4. you will have successfully created and configured an Azure website to support WordPress blogs. type Welcome to the Adatum blog. MCT USE ONLY. Results: After you complete this exercise. STUDENT USE PROHIBITED L2-4 . in the DEPLOYMENT LABEL box. Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4. Note: The app is for demonstration purposes and is not completely functional. 2. you will have successfully created. 3. The Adatum Ads webpage displays. Under adatumadsworkerrole. adjacent to SCALE BY METRIC.  Task 3: Verify a Cloud Service Note: It might take a few minutes for your website to display. On the SCALE page. in the URL column. Results: After you complete this exercise. 14. Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4.MCT USE ONLY. deployed. Drag the TARGET CPU slider bar so that the maximum is 90. In the list of cloud services. Close the Adatum Ads Home Page tab. . click the URL for your cloud service. 16. Close Internet Explorer. 13. STUDENT USE PROHIBITED Microsoft Azure Fundamentals L2-5 11. and configured an Azure Cloud Service. Drag the TARGET CPU slider bar so that the maximum is 90. 15. 17. 5. click CPU. in the navigation pane. Click SAVE. 1. click CLOUD SERVICES. adjacent to SCALE BY METRIC. 4. Under adatumadswebrole. 12. click CPU. STUDENT USE PROHIBITED .MCT USE ONLY. 8. and then sign in by using the Microsoft account that is associated with your Azure subscription. and then click Virtual Machines. 2. review settings without making changes.microsoft. Sign in to the classroom computer. click Create a storage account. 7. and then in the Optional Config pane. 10. In the NEW pane. click Windows Server 2012 R2 Datacenter. Ensure that the virtual machine that you created shows a status of Running. 14. If the status is not Running. In the PASSWORD field. type server<your_initials>-10979 in the HOST NAME field. type server<initials>-admin. Click OPTIONAL CONFIGURATION. 12. browse to http://azure. In the Network pane. STUDENT USE PROHIBITED L3-7 Module 3: Virtual Machines in Microsoft Azure Lab: Create a Virtual Machine in Microsoft Azure Exercise 1: Create a Virtual Machine from the Gallery  Task 1: Select and create a virtual machine 1. Wait for a couple of minutes to allow the virtual machine creation to proceed and the storage to be written to your storage account. and then click Select. . close any initial welcome messages for the new portal. click BROWSE. 3. 9. click A2 STANDARD. In the bottom left pane. 13. click Portal. and then in the Network pane. click + NEW. In the left pane. and then click Switch to new portal. type Moc1500!. click Create. click your Microsoft account name. Results: After completing this exercise. In the CREATE VM pane. click OK. 11. Close any initial welcome messages. In the CREATE VM pane. click STORAGE ACCOUNT. 4. 6. In the Optional Config pane. 5. Then. In the USER NAME field.com.MCT USE ONLY. click NETWORK. and then in the Storage account pane.  Task 2: Verify virtual machine creation 1. review settings and click OK. In Internet Explorer. in the new tab that is opened. At the top right. Click PRICING TIER. 2. click OK. In the Optional Config pane. you will have created and verified a Microsoft Azure virtual machine. wait a few minutes until the status changes to Running. In the Virtual machines pane. 3. 9. In the Remote Desktop Connection window. click AZURE PORTAL. In the Browse pane. On the HOME pane. In the Windows Security dialog box: a. 8. and then click Virtual Machines. In User Name. review available options. click your user account in top right corner. type server<initials>-admin. Click the serveryour_initials-10979 virtual machine. click VIRTUAL MACHINES. STUDENT USE PROHIBITED L3-8 12. In the Azure portal. 2. 2. 4. . Navigate around the server configuration and evaluate basic functionality. In the Remote Desktop Connection window. Click the DASHBOARD tab and review the available information and settings. In the Internet Explorer notification popup. In the Azure preview portal. 9. Review available options for configuring connections to the virtual machine. 5. b. click Save. In the Remote Desktop Connection window. and then click Open. click serveryour_initials-10979. Click HOME. Click the CONFIGURE tab. and then click CONNECT in the top of the right pane. Click the ENDPOINTS tab. Click OK. click BROWSE. Review the available options but do not make any changes to the virtual machine. 6. 6. 8. and then click Switch to new portal. Results: After completing this exercise. When finished.Virtual Machines in Microsoft Azure Exercise 2: Verify the Functionality of the Virtual Machine  Task 1: View the properties of the virtual machine 1. such as Server Manager and File Explorer. In Password. click Yes. 11. click OK. In the Azure preview portal. 3. just switch to Microsoft Azure tab in Internet Explorer. 10. 10. MCT USE ONLY. 4. On the Microsoft Azure portal. click BROWSE in the left navigation pane. click the X in the upper right corner of the Remote Desktop Connection session to disconnect. click Virtual machines. type Moc1500!. In the server-yourinitials-10979 pane. If the new portal is already open. click Connect. 7. c. Click the MONITOR tab and review the available information about virtual machine performance. you will have established a connection to the virtual machine. 7. 5. Click the server<initials>-10971 virtual machine.  Task 2: Connect to a virtual machine 1. you will have attached a new disk to a virtual machine. 4. In the Computer Management console. click server<yourinitials>-10979. click CONNECT. In User Name. c. 11. In the Choose a container pane. In the Choose a container pane. MCT USE ONLY. click Yes. . review the available information and ensure that you see only OS DISK. 4. and ensure that you have one OS disk. In the Disks pane. In the Storage container pane. click Tools. Click Attach New. In the Internet Explorer notification popup. Results: After completing this exercise.Exercise 3: Attach a Data Disk  Task 1: View virtual machine disks 1. type server<initials>-admin. In the Remote Desktop Connection window. Review the available disks in the Disk Management right pane. 8. click OK. In the Attach a new disk pane. Scroll left and in the server<yourinitials>-10979 pane. In the Initialize Disk window. 19. click OK. Close the Computer Management console. 18. In the Disks pane. STUDENT USE PROHIBITED Microsoft Azure Fundamentals L3-9 16. a new disk with capacity of 5 GB is displayed. After you have signed in to the virtual machine. click BROWSE. 3. and then click Virtual Machines. click CHOOSE STORAGE ACCOUNT. type 5 in the SIZE (GB) text box. In Password. 2. click Save. click vhds. click Disk Management. In the Storage account pane. 7. b. In the left pane of the Azure preview portal. click STORAGE CONTAINER. Click OK. 10. and then select Computer Management. 15. click Connect. In the Choose a container pane. 3. 17. In the Remote Desktop Connection window. 6. 2. click CHOOSE CONTAINER. one temporary disk. scroll down. in the Server Manager console. 5. 20. Click the virtual machine that you created earlier. In the server<yourinitials>-10979 pane. 9. In the Attach a new disk pane. and then click OK. type Moc1500!. and then click Open.  Task 2: Attach a data disk 1. 5. In the Windows Security dialog box: a. and one new disk with capacity of 5 GB. review the available information and ensure that you see only OS DISK. 12. Wait for up to one minute and ensure that in the Disks pane. 13. Ensure that the virtual machine that you created shows a status of Running. 14. and then click the Disks tile. STUDENT USE PROHIBITED .MCT USE ONLY. In the CIDR (ADDRESS COUNT) drop-down list. It will take a few minutes for the network to be created. In the CIDR (ADDRESS COUNT) drop-down list. 2. and then select 172.windowsazure. on the Virtual Network Details page. choose /16 (65536). 8. click /24 (256). Click CUSTOM CREATE to begin the configuration wizard. On the Virtual Network Address Spaces page. scroll down and click NETWORKS. In the second address space that is added. click NEW.0. In the left navigation page. Click add address space.MCT USE ONLY. Ensure that there are no virtual networks created. click NETWORK SERVICES. 12. Click the forward arrow in the lower-right corner. choose the region that is closest to you. 4. In the navigation pane.com. you will have created a new virtual network. In the CREATE A VIRTUAL NETWORK Wizard. 3. Results: After completing this exercise. 9. 6. . Click the arrow in the lower right corner. review the available options.168. Sign in to the Azure management portal on https://manage. In the LOCATION drop-down list.0. and then click VIRTUAL NETWORK. 10. In the lower left corner of the screen. and then click 192.0. click West US.0. in the ADDRESS SPACE section. On the DNS Servers and VPN Connectivity page. but do not make any changes. 11. type VNET1 in the NAME text box. 5. click add subnet and ensure that Subnet-2 is added. Click the checkmark in the lower right corner to finish the wizard and create a virtual network. open the dropdown list under STARTING IP. 13. 14.16. open the drop-down list under STARTING IP. 7. Note: If you do not have West US as available region. STUDENT USE PROHIBITED L4-11 Module 4: Virtual Networks Lab: Create a Virtual Network Exercise 1: Creating a Virtual Network  Task 1: Create a virtual network 1. In the SUBNETS section. In the Virtual Network pane. Ensure that the virtual machine that you created shows a status of Running. Click the Server1 VM. Type server2-admin in USER NAME. Click OPTIONAL CONFIGURATION. 11. In the bottom left pane in the Azure preview portal. and then click OK on the Optional Config pane. click + NEW. In the Optional Config pane. On the CREATE VM pane. click Create. 11. click NETWORK. STUDENT USE PROHIBITED L4-12 1. and then click VIRTUAL NETWORK. click Windows Server 2012 R2 Datacenter. under Use an existing virtual network. 5. 2. select VNET1. Wait a couple of minutes to allow the virtual machine (VM) creation to finish. 8. and then click Virtual Machines. under Use an existing virtual network. click Get Started on the Welcome to Microsoft Azure page.com. 6. Browse to https://portal.azure. In the left pane of the Azure preview portal. 5. and then click Open. 7. select VNET1. In the Internet Explorer notification popup. On the CREATE VM pane. Click OK on the Network pane. Type Moc1500! in the PASSWORD field. In the Optional Config pane. type Server1 in HOST NAME. and then click CONNECT in the top of the left pane. 3. 3. 9. and sign in by using the Microsoft account that is associated with your Microsoft Azure subscription. 6. click + NEW.  Task 2: Create a second virtual machine 1. 7. 10. 8. click BROWSE. Click OK on the Network pane. Type server1-admin in USER NAME. 3. In the Virtual Network pane. ensure that Basic A1 is selected. click NETWORK. click Connect. wait a few minutes until the status changes to Running. In the CREATE VM pane. Click OPTIONAL CONFIGURATION. 4. For the PRICING TIER ensure that Basic A1 is selected. 5. In the NEW pane. if they appear. 4. and then click OK on the Optional Config pane.Virtual Networks Exercise 2: Creating Virtual Machines from the Gallery  Task 1: Create a virtual machine MCT USE ONLY. Wait a couple of minutes to allow the VM creation to finish. type Server2 in HOST NAME. click Create. Type Moc1500! in the PASSWORD field. In the Remote Desktop Connection window. For the PRICING TIER. In the CREATE VM pane. click Save. Close any initial welcome messages. 4. In the bottom left pane. . 9. click Windows Server 2012 R2 Datacenter. 2. In the NEW pane. If the status is not Running. 10. 2.  Task 3: Test virtual network connectivity 1. and then click VIRTUAL NETWORK. 12. type \\IPaddressofServer2. On the Server1 machine. Ensure that the server opens (it will be an empty window).0/24 is selected. STUDENT USE PROHIBITED Microsoft Azure Fundamentals L4-13 11. 12. click Change advanced sharing settings.6.0. open File Explorer. then click OK. 9. 9. below File and printer sharing section. 4. In the Windows Security dialog box. 2. Exercise 3: Add Point-to-Site Connectivity  Task 1: Add point-to-site connectivity 1. click NETWORKS. 16. 3. o Type Moc1500! in Password. Notice that you have options for ADDRESS SPACE available in the point-to-site connectivity section. click Turn on file and printer sharing. and then press Enter. In the point-to-site connectivity section. In the Remote Desktop Connection window. On the Server1 machine. 10. in the left pane. open File Explorer. and then click YES. In the left navigation page. Click the CONFIGURE tab. Click SAVE in the lower part of the screen.windowsazure. Switch to the Server2 machine and note the Internal IP value shown on the desktop. click Use another account and then use following data to connect: o Type server1-admin in User name. o Click OK. you will have created two new virtual machines and assigned them to VNET1. Click the VNET1 network. 13. enter user name: server2-admin and password: Moc1500!. Close Network and Sharing Center window. . 7. under Guest or Public section. MCT USE ONLY. 15.com. Note: You should type IP address of Server2 after \\. click VNET1. Minimize Server1 window. On the Windows Security window. 7. Open the Azure management portal at https://manage. 14. 5. and then click the CONFIGURE tab. in the address bar. click Yes. then click Save changes button. On the Server2. which confirms that your servers can communicate via virtual network VNET1. In the Network and Sharing Center window.0. note the Internal IP value shown on the desktop. Wait for a few minutes for the network to be updated. 8. 6. In the central pane. right click Network and then click Properties. click the option Configure point-to-site connectivity. In the Advanced sharing settings window. 8. Ensure that 10. Results: After completing this exercise. Repeat steps 1 through 7 for the Server2 machine (use server2-admin as the user name). and then. In the connection pane. click VNET1. and then press Enter. In the quick glance section. Open Command Prompt. and then click Continue on the prompt window. and then ensure that the VNET1Cert certificate file is created. navigate to C:\temp. click BROWSE FOR FILE.Virtual Networks 10.exe -n "CN=VNET1Client" -pe -sky exchange -m 96 -ss My -in "VNET1Cert" -is my -a sha1. Close the warning prompt if it appears. type: makecert -sky exchange -r -n "CN=VNET1Cert" -pe -a sha1 -len 2048 -ss My "C:\temp\VNET1Cert. click the DASHBOARD tab. click Unblock. click Yes and wait until the virtual private network (VPN) client installs. Restore the command prompt window. 26. 24. Do not close the command prompt window. click Download the 64-bit Client VPN Package. 15. 18. When prompted. 25. . In the Properties window. Wait until the gateway is created. 22. 28. and then click Properties. 27. 30.cer". and then click Open. click Connect. Double click the file. In the VPN client window. navigate to C:\temp. and then click the CERTIFICATES tab on VNET1 portal. and then click OK. Click the checkmark icon to upload a certificate. click Yes. Open File Explorer. MCT USE ONLY. open the Developer Command Prompt for VS2012 as administrator. 16. 31. 14. 17. STUDENT USE PROHIBITED L4-14 11. browse to C:\temp. In the Choose File to Upload window. save the file to the C:\temp location. click the network icon in the taskbar. 29. After the file downloads. select the VNET1Cert file. On your classroom machine. 13. Click UPLOAD A ROOT CERTIFICATE. In the VNET1 window. 12. Note: This might take up to 15 minutes. right-click the file that you just downloaded. Press Enter. 20. click YES. Ensure that the connection is established. Switch back to the Azure management portal. Click CREATE GATEWAY and when prompted. Ensure that the certificate appears in the Azure portal. The name of the file will be similar to 1c586c97-442b-4c85-9ea6-45a5d0c5d3a1. and then click Connect. exe”. 19. in the VNET1 configuration pane. 21. On your classroom computer machine. 23. In the Upload a Certificate window. Switch back to the Azure portal. In the command prompt window. Type the following command: makecert. In the User Account Control window (if it appears). STUDENT USE PROHIBITED Microsoft Azure Fundamentals L4-15 33. Ensure that you have the IP address from the 10.32. type ipconfig. click VNET1. . Results: After completing this exercise. and then press Enter. In the connection pane.0/24 scope. and then click Disconnect.0. In the Command prompt window. 34.0. you will have established a point-to-site connectivity. On your classroom machine. Look for the Point-to-Point Protocol (PPP) adapter in the VNET1 section. click the network icon in the taskbar. MCT USE ONLY. STUDENT USE PROHIBITED .MCT USE ONLY. view the information available on the dashboard. In Internet Explorer. Results: After you complete this exercise. On the host computer. In the Storage pane. In the 10979s<initials> pane. If the name is already in use. 10. 3. At the bottom of the Storage account pane. type 10979s<yourinitials>. 9. 4. or a location is not selected. Click LOCATION. In the Azure portal. 8. 7.com. click the 10979s<initials> storage account. In the far right pane. 3. 6. then the URL would be 10979sma. Click PRICING TIER. click PROPERTIES to view the properties of the storage account. use your initials in place of <initials>. in STORAGE. on the left side. It might take few minutes for storage account to be created. and then click the Internet Explorer icon. click + NEW.  Task 2: View the properties of your storage account 1. click Get Started to close it.MCT USE ONLY. you will have created your Azure storage. Near the top of the 10979s<initials> pane. click Start. In the Recommend pricing pane. and then click Storage. In the New popup menu. Note: Replace <initials> with your own initials. click the location closest to you. Review the available properties of your storage account. and then click Storage. click Create to complete the creation. If a welcome window appears.azure. scroll down. 4. and then click Select. click L1. For example. In the bottom pane. browse to the Azure management portal at https://portal. Sign in to your Azure account. 2. 5. if your name is Margo Ayers. If the selected location is not the closest location to you. For the remainder of the demonstrations. click BROWSE. 2. 5. 6. add a number after your initials until the name is accepted. STUDENT USE PROHIBITED L5-17 Module 5: Cloud Storage Lab: Configure Azure Storage Exercise 1: Create an Azure Storage Account  Task 1: Create a storage account in Azure 1. . and leave the storage pane open. Close the Properties pane. in the left pane. In File Explorer. In the right pane. and then click Open. in the navigation pane. add a number after your initials until the name is accepted. 10.wav. 18. In the Choose File to Upload window. 9. 7. and then double-click the media folder. and then double-click the images folder. 13. type http://azurestorage. 5. 5. 19. Click Browse.net/login. double-click Local Disk (C:). doubleclick Program Files. 8. Click the Upload button to upload Alarm01. STUDENT USE PROHIBITED L5-18 12. replace New Text Document with storage-key. and then click OK to complete the creation of the new container.png. 16. In the Choose File to Upload window. In the Internet Explorer Address bar. 2. . 21. type 10979s<initials>. In the Manage keys pane. 2. click Documents. double-click Internet Explorer. and then click Enter. In the Manage keys pane. 3. 17.  Task 2: Add data to the container using Azure Web Storage Explorer 1.wav. MCT USE ONLY. 20. doubleclick Windows. click Containers. 4. click the X to close the pane.azurewebsites. Double-click storage-key. and then press Enter. Click the File Explorer icon on the taskbar. paste the access key that you copied to the Clipboard in step 2 into the file. click Blob. The file will open in Notepad. On the Azure Web Storage Explorer page. 6. press Ctrl+N to open a new browser window. Click File. If the name is already in use.Cloud Storage Exercise 2: Create and Manage Blobs  Task 1: Add a container 1. and then click Open. In the 10979s<initials> pane. 3. Click the X icon in the upper right corner of the Containers pane to close it. copy the access key shown in PRIMARY ACCESS KEY to the clipboard.txt. Click Browse. 14. In Internet Explorer. In the Storage pane. In the file name. right-click an empty area. Click 10979c<initials>. click splashscreen. Scroll down. double-click Local Disk (C:). and then click Save. In Notepad. click KEYS. Click Alarm01. click ADD +. type 10979c<initials> in the NAME text box.contrast-white_scale-180. and then click Text Document. double-click Computer. double-click Computer. paste your access key into the Key box. scroll down. click New. 15. and then press Enter. in Account. 11. Close Notepad. In the Access type settings.aspx. In the Add a container pane. In the Containers pane. 4. Results: After completing this exercise. Click the Upload button to upload splashscreen.png. Close Internet Explorer. you will have created a blob container and uploaded the data. STUDENT USE PROHIBITED Microsoft Azure Fundamentals L5-19 22.MCT USE ONLY. 24.contrast-white scale-180. In the file list.core. 23. click http://10979s<initials>.png. .windows.net/10979c<initials> /splashscreen.blob.contrast-white_scale-180. and verify that you see a large Internet Explorer logo graphic display in the browser window. STUDENT USE PROHIBITED .MCT USE ONLY. type testDB. Start Internet Explorer. enter the following settings.MCT USE ONLY. On the New blade. and then click CONFIGURE. 2. In Internet Explorer. At the top right. click Portal. . click Create a new server. 8. 5. Click SERVER. 2. 9. and then in the Server blade. Then wait for the SQL Database to be created. and then in the Resource group blade. ensure that Add to Startboard is selected. Click the PRICING TIER section. 3. 11. click RESOURCE GROUP. 5. switch to the tab containing the Azure portal. In the SQL database blade. On the sql databases page.microsoft. in the NAME box. click your Microsoft account name. and then click OK. click the B Basic pricing tier. 12. 3. click New. in the NAME box. and then verify that the testDB database you created in the new portal is listed. Ensure that you are signed in to the classroom computer. browse to http://azure. and then verify that the uniquely named server you created in the previous task is listed.  Task 2: Configure a SQL Server firewall rule by using Azure portal 1. In the SQL database blade. 4. click SQL DATABASES. and then sign in by using the Microsoft account that is associated with your Azure subscription. scroll down to and click the SQL Database entry. click Save. Note the CURRENT CLIENT IP ADDRESS. and then click Switch to new portal. Click the server name. click Create a new resource group. In the service pane on the left. In the New server blade. STUDENT USE PROHIBITED L6-21 Module 6: Microsoft Azure Databases Lab: Create a SQL Database in Azure Exercise 1: Create a New SQL Database in Azure and Configure SQL Server Firewall Rules  Task 1: Create a new SQL database by using the preview Azure portal 1. and then click OK: o SERVER NAME: Any valid unique name o SERVER ADMIN LOGIN: Student o PASSWORD: Pa$$w0rd o CONFIRM PASSWORD: Pa$$w0rd o LOCATION: Any available region 10. In the Resource group blade. and then click Create. 4. In the SQL database blade. click SERVERS. At the bottom of the page. and then click Select. In the Hub vertical menu on the left. and click the ADD TO THE ALLOWED IP ADDRESSES icon. 6. type testRG. 7.com. Note: This opens a Transact-SQL template that you can use to create a table. Results: After completing this exercise.testTable is listed (if not. On your classroom computer.testTable ( id integer identity primary key.net o Authentication: SQL Server Authentication o Login: Student o Password: Pa$$w0rd 2. In Object Explorer. and then verify that the testDB database is listed. 6. expand Databases. 7. ensure that testDB is selected. SQL Server Management Studio has no graphical tools for creating SQL database objects in Azure. 4.windows. and then click Execute. and in the Connect to Server dialog box.database. start SQL Server Management Studio. you should have created a Microsoft Azure SQL Database named testDB on a new server with a name of your choice. right-click its Tables folder and then click New Table. specify the following settings (replacing server_name with the unique name you specified when creating your SQL Database server). . Click the new allowed ip addresses entry and change it to a more descriptive name that will allow you to identify it in the future. Leave the SQL Server Management Studio open for the next task. right-click Tables and click Refresh). Replace all Transact-SQL code in the template with the following code. in Object Explorer. On the toolbar. CREATE TABLE dbo. 7.Microsoft Azure Databases MCT USE ONLY. which allow connectivity from your on-premises management tools and applications to the newly created SQL database in Azure. in the Available Databases list. You will have also configured Microsoft SQL Server firewall rules in Azure. click SAVE. STUDENT USE PROHIBITED L6-22 6. under the server name. 3. At the bottom of the page. expand the Tables folder and verify that dbo. GO 5. dataval nvarchar(50) ). and then click Connect: o Server type: Database Engine o Server name: server_name. Expand the testDB database. In SQL Server Management Studio. Exercise 2: Add Data to a SQL Database in Azure by Using SQL Server Management Studio  Task 1: Add a table to a SQL database in Azure by using SQL Server Management Studio 1. Leave the SQL Server Management Studio open for the next task. point to SELECT To. Click Execute. MCT USE ONLY.testTable VALUES (newid()). STUDENT USE PROHIBITED Microsoft Azure Fundamentals L6-23 Click New Query and enter the following Transact-SQL code in the new query pane. This generates a Transact-SQL query that retrieves data from the table. and then click Execute. populated it with sample data. View the query results and verify that a table of id and dataval values is returned. right-click dbo. and then click New Query Editor Window. . On the toolbar. in the Available Databases list. point to Script Table as. 3. This code inserts 100 rows containing automatically generated globally unique identifier (GUID) values into the table. you should have created a test table in the SQL database in Azure named testDB on an existing SQL Server in Azure with a name of your choice. ensure that testDB is selected. 3. On the toolbar. In Object Explorer. 4. 2. in the Available Databases list. GO 100 2. and queried its content. ensure that testDB is selected.testTable. Task 2: Add data to a table of a SQL database in Azure by using SQL Server Management Studio 1.  Task 3: Query a table of a SQL database in Azure by using SQL Server Management Studio 1. Results: After completing this exercise. INSERT INTO dbo. Close SQL Server Management Studio and Internet Explorer. STUDENT USE PROHIBITED .MCT USE ONLY. microsoft. Click DIRECTORY. adatum123456).com. 3. enter the following settings. enter the following settings. you will have created a new Microsoft Azure Active Directory (Azure AD) directory by using Azure Portal. o COUNTRY OR REGION: United States Results: After completing this exercise.g. change the numbers until you see a green checkmark. Start Internet Explorer. o TYPE OF USER: New user in your organization o USER NAME: deanna In the user profile dialog box. In the navigation panel on the left. 3. click ACTIVE DIRECTORY. 5. Click CUSTOM CREATE. STUDENT USE PROHIBITED L7-25 Module 7: Azure Active Directory Lab: Create Users in Azure Active Directory Exercise 1: Create an Azure AD Directory  Task 1: Create an Azure AD directory 1. if you see a The domain is not unique message. 2. and sign in by using the Microsoft account that is associated with your Azure subscription. 6. 2. Exercise 2: Create Users in Azure Active Directory  Task 1: Create users in an Azure AD directory 1. enter the following settings. browse to http://azure. Click ADD USER. click Portal. and then click Next: 5. 4. In the Add directory dialog box. In the Tell us about this user dialog box. Click +NEW. Click Adatum. and then click Next: o FIRST NAME: Deanna o LAST NAME: Ball o DISPLAY NAME: Deanna Ball .MCT USE ONLY. and then select the Complete check box: o DIRECTORY: Create new directory o NAME: Adatum o DOMAIN NAME: Use the same name as the NAME field + random numbers (e. Click USERS. 4. note the value for NEW PASSWORD. On the Get temporary password page. enter the following settings. Click create. o TYPE OF USER: User with an existing Microsoft account o USER NAME: type the name of an existing Microsoft account that the instructor provided In the user profile dialog box. and then click Next: o TYPE OF USER: New user in your organization o USER NAME: kari 11. 10. On the Get temporary password page. Select the Complete check box. in the SEND PASSWORD IN EMAIL box. and then click Next: o FIRST NAME: Kari o LAST NAME: Tran o DISPLAY NAME: Kari Tran o ROLE: Global Administrator o ALTERNATE EMAIL ADDRESS: type the email address of your Azure subscription o Enable Multi-Factor Authentication: Not selected 12. as a backup. 2. in the SEND PASSWORD IN EMAIL box. 13. STUDENT USE PROHIBITED L7-26 . 14. as a backup. 9. note the value for NEW PASSWORD.Azure Active Directory o ROLE: User o Enable Multi-Factor Authentication: Not selected 6. In the Tell us about this user dialog box. enter the following settings. Click create. enter the following settings. 8.  Task 2: Add a Microsoft account to an Azure AD directory 1. enter the following settings. Click ADD USER. type the email address of your Azure subscription. and then click Next: o FIRST NAME: Leave blank o LAST NAME: Instructor o DISPLAY NAME: Instructor o ROLE: User Click the checkmark in the lower right corner of the user profile dialog box. MCT USE ONLY. In the Tell us about this user dialog box. type the email address of your Azure subscription. 4. and then click Next: 3. In the user profile dialog box. Click ADD USER. Click Complete (check mark). 7. on the Sign-in page. and the account type. you will have used Azure Portal to create an Azure AD directory user account. by default. . 2. 6. and view the results of these actions. 8. add a Microsoft Account to Azure AD directory and configure it as a Global Administrator. you can see all Sign-in allowed users. In the Adatum directory. If prompted to sign-in. To view all members of built-in Azure AD organizational roles. click the Instructor entry. Scroll down to the role section. 3. should include Windows Azure Active Directory or Microsoft Account. note that. Verify that you can see all users that have been assigned the Global Administrator role. which in our case. click MANAGE MULTI-FACTOR AUTH. Note that this allows you to view the list of user display names. sign in by using the Microsoft account that is associated with your Azure subscription. 7. 4. user names.  Task 4: View Azure AD directory users and administrators 1. In the ORGANIZATIONAL ROLE list box. 5. Click the left arrow in the navigation pane to return to the main page of the Adatum Azure AD directory.MCT USE ONLY. Click SAVE. In the View drop-down list. in the DISPLAY NAME column. 4. 2. 5. on the USERS tab. On the multi-factor authentication page. Ensure that the USERS tab of the Adatum Azure AD page is selected. select Global Administrators. select Global Administrator. Results: After completing this exercise. Close Internet Explorer. Make sure that the content of the PROFILE tab is displayed. 3. STUDENT USE PROHIBITED Microsoft Azure Fundamentals L7-27  Task 3: Configure a user account as a Global Administrator of an Azure AD directory 1. MCT USE ONLY. STUDENT USE PROHIBITED . On the task bar. and verify that your subscription is listed.0 window open. in the command prompt pane. When prompted Do you want to run or save WindowsAzurePowerShell. sign in by using the Microsoft account associated with your Azure subscription. In the Web Platform Installer 5. in the command prompt pane. Enter the following command to view the subscriptions that are connected to the local PowerShell session. 9. 3.3f.3f. In the Windows PowerShell ISE. click Run. In the PowerShell ISE. under Command-line tools. 4. On the Downloads webpage. Add-AzureAccount 3. Open Internet Explorer and navigate to http://azure. sign in to your local computer. Beneath Windows PowerShell. Click Yes when prompted. Note: The actual filename might vary. 5. 6. right-click Windows PowerShell and click Run ISE as Administrator.com/en-us/downloads/. enter the following command to view the Azure accounts in your local Windows PowerShell environment. click I Accept. STUDENT USE PROHIBITED L8-29 Module 8: Microsoft Azure Management Tools Lab: Using Microsoft Azure Management Tools Exercise 1: Use the Azure PowerShell Modules  Task 1: Install the Windows PowerShell Azure module 1.0 dialog box.3fnew. If prompted by User Account Control. Leave the Web Platform Installer 5.  Task 2: Connect to your Azure subscription 1. click Install. 7. If necessary. 2. 8. click Finish. and verify that your account is listed: Get-AzureAccount 2.0 Wizard. Get-AzureSubscription .MCT USE ONLY.exe. enter the following command to add an Azure account to the local PowerShell environment. In the Web Platform Installer 5. When the installation is complete. click Yes. locate Windows PowerShell. When prompted.microsoft. click Install.  Task 3: Use Azure PowerShell Cmdlets 1. 2. 8. but leave Internet Explorer open. and verify that your new website has been created. 3. In the list. and then sign in using the Microsoft account that is associated with your Azure subscription. sign in to your Azure subscription. 6. Substitute the #### with the number you used in step 3. Azure account download Note: If you are prompted. Close the portal tab. next to Microsoft Azure Cross-platform Command Line Tools. open a new tab and browse to http://azure.0 dialog box.microsoft. MCT USE ONLY. 5. type the following command.0 window. Exercise 2: Use the Azure Cross-Platform Command-Line Interface  Task 1: Install the Microsoft Azure Cross-platform command-line tools 1.Microsoft Azure Management Tools Note: If you have more than one subscription. click Finish. Note: If you accidentally closed the Web Platform Installer 5. Results: After you complete this exercise. New-AzureWebsite MySite#### 4. click Exit. and then click Web Platform Installer 5. Enter the following command to create a new website. and then click Install. 2. STUDENT USE PROHIBITED L8-30 Enter the following command to view your new website. In the Web Platform Installer 5. In Internet Explorer.0. In the navigation pane on the left. This command downloads the credentials needed to connect to your Azure subscription. In the Web Platform Installer 5. Run the following command: select-azuresubscription -subscriptionName "Azure Pass" 3. Switch to the Web Platform Installer 5.  Task 2: Use the Microsoft Azure cross-platform command-line tools 1. 4. Substitute the #### with a random number. you must select the Azure Pass subscription. and then press Enter. Switch to Administrator: Windows PowerShell ISE. click Portal. you will have successfully installed and used the Windows PowerShell module for Microsoft Azure. click I Accept. Do not close the Windows PowerShell ISE. click Add. At the command prompt. get-AzureWebsite MySite#### 5. click WEBSITES.0 window. When the installation has completed.com.0 window. . 2. switch to Start. 7. Switch to Administrator: Windows PowerShell ISE. Close all open windows and applications. double-click Labfiles. . Azure site list 9. type the following command. type the following command. Note: When you type C:\labfiles\. in the navigation pane. At the command prompt. and then click Save. This command imports the credentials needed to connect to your Azure subscription. At the command prompt. Click the file you created earlier and press Tab. Results: After completing this exercise. and then click Save As. This is your published settings file. In the Save As dialog box. type the following command and then press Enter. and then press Enter. 11. Click the down arrow next to Save.MCT USE ONLY. you will have successfully installed and used the Microsoft Azure cross-platform command-line tools. Substitute account for the credentials you use to connect to your Azure subscription. Press Enter to complete the import command. At the command prompt. Azure site stop MySite#### 10. Substitute the #### with the number you used in the last lesson to create your website. 6. type the following command. double-click Local Disk (C:). continue. 5. At the command prompt. 4. Azure logout account Note: If you receive an error. Intellisense prompts you to select a file. Internet Explorer is opened and you are prompted to download a file. 8. Azure account import C:\labfiles\ 7. STUDENT USE PROHIBITED Microsoft Azure Fundamentals L8-31 3. and then press Enter. STUDENT USE PROHIBITED .MCT USE ONLY.