Table Of ContentExam Ref 70-534
7E Architecting
0x
Prepare for Microsoft Exam 70-534—and help demonstrate your Architecting Microsoft -a
5m
real-world mastery of Microsoft Azure solution design and Azure Solutions
3
architecture. Designed for experienced IT pros ready to advance
4R
their status, Exam Ref focuses on the critical-thinking and
e Microsoft Azure
decision-making acumen needed for success at the Microsoft About the Exam
f
Specialist level.
Exam 70-534 focuses on the skills and
knowledge needed to design effective
AA
Microsoft Azure public and hybrid cloud
Focus on the expertise measured by these zr
objectives: solutions. u ch Solutions
r
ei
• Describe Microsoft Azure infrastructure and networking About Microsoft te
S
• Help secure resources Certification oc
t
• Design an application storage and data access strategy Passing this exam earns you a Microsoft luin
Specialist certification in Microsoft tg
• Design an advanced application i
Azure, demonstrating your expertise o
• Design websites with the Microsoft Azure enterprise- nM
• D esign a management, monitoring, and business continuity grade cloud platform. sic
strategy You can earn this certification by passing ro
Exam 70-532, Developing Microsoft s
Azure Solutions; or Exam 70-533, Imple- o
This Microsoft Exam Ref: f
menting Microsoft Azure Infrastructure t
Solutions; or Exam 70-534, Architecting
• Organizes its coverage by exam objectives
Microsoft Azure Solutions.
• Features strategic, what-if scenarios to challenge you
See full details at:
• Assumes you have experience designing Microsoft Azure
microsoft.com/learning
cloud or hybrid solutions and supporting application life cycle
management Exam Ref 70 534
About the Authors
Haishi Bai, Senior Technical Evangelist
at Microsoft, focuses on the Microsoft
Azure compute platform, including IaaS,
PaaS, networking, and scalable comput-
ing services. Bai
Steve Maier, Senior Technical Evangelist Maier
Stolts
at Microsoft, specializes in Microsoft
Azure.
microsoft.com/mspress Dan Stolts, Senior Technical Evangelist
at Microsoft, is a technology expert
proficient in datacenter technologies.
Haishi Bai
ISBN 978-0-7356-9744-7 U.S.A. $39.99
5 3 9 9 9 Canada $45.99
Steve Maier
[Recommended]
Dan Stolts
9 780735 697447 Certification/Microsoft Azure
9780735697447_ER70_534_cover.indd 1 5/4/2015 1:39:43 PM
Architecting Microsoft Azure
Solutions
Exam Ref 70-534
Haishi Bai
Steve Maier
Dan Stolts
669977444477__EERR7700--553344..iinnddbb ii 55//55//22001155 11::5599::2233 PPMM
PUBLISHED BY
Microsoft Press
A division of Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052-6399
Copyright © 2015 by Microsoft Corporation
All rights reserved. No part of the contents of this book may be reproduced or
transmitted in any form or by any means without the written permission of the
publisher.
Library of Congress Control Number: 2014958516
ISBN: 978-0-7356-9744-7
Printed and bound in the United States of America.
First Printing
Microsoft Press books are available through booksellers and distributors
worldwide. If you need support related to this book, email Microsoft Press
Support at mspinput@microsoft.com. Please tell us what you think of this book
at http://aka.ms/tellpress.
This book is provided “as-is” and expresses the author’s views and opinions. The
views, opinions and information expressed in this book, including URL and other
Internet website references, may change without notice.
Some examples depicted herein are provided for illustration only and are fi ctitious.
No real association or connection is intended or should be inferred.
Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/
us/IntellectualProperty/Trademarks/EN-US.aspx are trademarks of the Microsoft
group of companies. All other marks are property of their respective owners.
Acquisitions Editor: Karen Szall
Developmental Editor: Karen Szall
Editorial Production: Dianne Russell, Octal Publishing, Inc.
Technical Reviewer: Roberto Freato; Technical Review services provided by
Content Master, a member of CM Group, Ltd.
Copyeditor: Bob Russell, Octal Publishing, Inc.
Indexer: Ellen Troutman, Octal Publishing, Inc.
Cover: Twist Creative • Seattle
669977444477__EERR7700--553344..iinnddbb iiii 55//55//22001155 11::5599::2266 PPMM
Contents at a glance
Microsoft certifi cations xv
Preparing for the exam xviii
CHAPTER 1 Design Microsoft Azure infrastructure and networking 1
CHAPTER 2 Secure resources 63
CHAPTER 3 Design an application storage and data access strategy 129
CHAPTER 4 Design an advanced application 189
CHAPTER 5 Design Web Apps 251
CHAPTER 6 Design a management, monitoring, and business
continuity strategy 305
Index 381
669977444477__EERR7700--553344..iinnddbb iiiiii 55//55//22001155 11::5599::2266 PPMM
669977444477__EERR7700--553344..iinnddbb iivv 55//55//22001155 11::5599::2266 PPMM
Contents
Introduction xv
Microsoft certifi cations xv
Acknowledgments xvi
Free ebooks from Microsoft Press xvi
Microsoft Virtual Academy xvi
Errata, updates, & book support xvi
We want to hear from you xvii
Stay in touch xvii
Preparing for the exam xviii
Chapter 1 Design Microsoft Azure infrastructure and
networking 1
Objective 1.1: Describe how Azure uses Global Foundation
Services (GFS) datacenters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Azure’s global footprints 2
Designing cloud-scale datacenters 4
Designing for the cloud 8
Objective summary 11
Objective review 12
Objective 1.2: Design Azure virtual networks, networking services,
DNS, DHCP, and IP addressing confi guration . . . . . . . . . . . . . . . . . . . . . .12
Creating a cloud-only virtual network 13
Understanding Access Control Lists and Network Security
Groups 18
Objective summary 22
Objective review 22
What do you think of this book? We want to hear from you!
Microsoft is interested in hearing your feedback so we can continually improve our
books and learning resources for you. To participate in a brief online survey, please visit:
www.microsoft.com/learning/booksurvey/
v
669977444477__EERR7700--553344..iinnddbb vv 55//55//22001155 11::5599::2266 PPMM
Objective 1.3: Design Azure Compute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Selecting VM sizes 24
Managing images 31
Managing VM states 33
Capturing infrastructure as code 36
Scaling applications on VMs 40
Objective summary 44
Objective review 44
Objective 1.4: Describe Azure virtual private network (VPN)
and ExpressRoute architecture and design . . . . . . . . . . . . . . . . . . . . . . . .45
Designing hybrid solutions with Virtual Network and
ExpressRoute 45
ExpressRoute 48
vNet-to-vNet VPN 49
Multi-site VPN 50
Understanding other hybrid solution options 51
Objective summary 52
Objective review 52
Objective 1.5: Describe Azure Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
Using Azure Traffi c Manager 53
Using CDN 54
Objective summary 55
Objective review 55
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
Objective 1.1: Thought experiment 56
Objective 1.1: Review 56
Objective 1.2: Thought experiment 57
Objective 1.2: Review 57
Objective 1.3: Thought experiment 58
Objective 1.3: Review 58
Objective 1.4: Thought experiment 59
Objective 1.4: Review 59
Objective 1.5: Thought experiment 60
Objective 1.5: Review 60
vi Contents
669977444477__EERR7700--553344..iinnddbb vvii 55//55//22001155 11::5599::2266 PPMM
Chapter 2 Secure resources 63
Objective 2.1: Secure resources by using managed identities . . . . . . . . . .63
Understanding claims-based architecture 64
Understanding basic authentication and authorization
workfl ow 66
Working with native clients and multitiered applications 67
Working with multitiered applications 68
Additional scenarios 69
Azure Active Directory 69
A sample scenario with ADAL and Visual Studio 71
Azure AD Graph API 74
Objective summary 76
Objective review 76
Objective 2.2: Secure resources by using hybrid identities . . . . . . . . . . . . .77
Setting up directory synchronization with AD FS 77
Confi guring Azure AD Application Proxy 82
Objective summary 85
Objective review 86
Objective 2.3: Secure resources by using identity providers . . . . . . . . . . . .86
Understanding Azure ACS 87
Using Azure ACS with AD FS 89
Using Azure ACS with social networks 90
Using identity providers with ASP.NET applications 90
Using external identity providers with Azure Mobile Services 94
Objective summary 94
Objective review 95
Objective 2.4: Identify an appropriate data security solution . . . . . . . . . . .95
Understanding data protection technologies 96
Implementing effective access control policies 98
Using data reliability and disaster recovery services 102
Understanding Azure Rights Management Services 106
Managing security keys with Azure Key Vault 107
Objective summary 108
Objective review 108
Contents vii
669977444477__EERR7700--553344..iinnddbb vviiii 55//55//22001155 11::5599::2266 PPMM
Objective 2.5: Design a role-based access control strategy . . . . . . . . . . .109
Understanding access control challenges faced by large
enterprises 109
Implementing RBAC 110
Using RBAC for Azure resources 111
Empowering users with self-service 112
Using Azure AD Access Panel 115
Managing devices with Azure AD Device Registration Service 116
Improving security policies over time 117
Objective summary 120
Objective review 120
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
Objective 2.1: Thought experiment 122
Objective 2.1: Review 122
Objective 2.2: Thought experiment 123
Objective 2.2: Review 123
Objective 2.3: Thought experiment 124
Objective 2.3: Review 124
Objective 2.4: Thought experiment 125
Objective 2.4: Review 126
Objective 2.5: Thought experiment 127
Objective 2.5: Review 127
Chapter 3 Design an application storage and data access
strategy 129
Objective 3.1: Design data storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
Designing storage options for data 130
Designing security options for SQL Database or Storage 136
Identifying the appropriate VM type and size for the solution 137
Objective summary 139
Objective review 140
Objective 3.2: Design applications that use Mobile Services . . . . . . . . . .141
Azure Mobile Services 141
Consuming Mobile Services 143
viii Contents
669977444477__EERR7700--553344..iinnddbb vviiiiii 55//55//22001155 11::5599::2266 PPMM
Offl ine Sync 145
Implementing Mobile Services 147
Secure Mobile Services 148
Extending Mobile Services by using custom code 150
Objective summary 151
Objective review 151
Objective 3.3: Design applications that use notifi cations . . . . . . . . . . . . .153
Implementing push notifi cation services in Mobile Services 153
Sending push notifi cations 155
Objective summary 157
Objective review 157
Objective 3.4: Design applications that use a web API . . . . . . . . . . . . . . . .158
Implementing a custom Web API 159
Scaling by using Azure App Service Web Apps 161
WebJobs 163
Securing a Web API 165
Objective summary 167
Objective review 168
Objective 3.5: Design a data access strategy for hybrid applications . . .168
Connect to on-premises data by using Azure Service
Bus Relay 169
Azure App Service BizTalk API Apps Hybrid Connections 170
Web Apps virtual private network capability 171
Identify constraints for connectivity with VPN 172
Identify options for domain-joining Azure Virtual Machines
and Cloud Services 172
Objective summary 174
Objective review 174
Objective 3.6: Design a media solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175
Azure Media Services overview 175
Key components of Media Services 176
Objective summary 179
Objective review 179
Contents ix
669977444477__EERR7700--553344..iinnddbb iixx 55//55//22001155 11::5599::2266 PPMM
Description:These ebooks are available in PDF, EPUB, and. Mobi for that you augment your exam preparation plan by using a combination of available study.
