Exam Ref 70-533 Implementing Microsoft Azure Infrastructure Solutions 2nd Edition Rick Rainey Michael Washam Dan Patrick Steve Ross Exam Ref 70-533 Implementing Microsoft Azure Infrastructure Solutions, 2nd Edition Published with the authorization of Microsoft Corporation by: Pearson Education, Inc. Copyright © 2018 by Pearson Education All rights reserved. Printed in the United States of America. This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. For information regarding permissions, request forms, and the appropriate contacts within the Pearson Education Global Rights & Permissions Department, please visit www.pearsoned.com/permissions/. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. ISBN-13: 978-1-5093-0648-0 ISBN-10: 1-5093-0648-X Library of Congress Control Number: TK 2 18 Trademarks Microsoft and the trademarks listed at https://www.microsoft.com on the “Trademarks” webpage are trademarks of the Microsoft group of companies. All other marks are property of their respective owners. Warning and Disclaimer Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an “as is” basis. The authors, the publisher, and Microsoft Corporation shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or programs accompanying it. Special Sales For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales department at [email protected] or (800) 382-3419. For government sales inquiries, please contact [email protected]. For questions about sales outside the U.S., please contact [email protected]. Editor-in-Chief Greg Wiegand Senior Acquisitions Editor Laura Norman Development Editor Troy Mott Managing Editor Sandra Schroeder Senior Project Editor Tracey Croom Editorial Production Backstop Media Copy Editor Christina Rudloff Indexer Julie Grady Proofreader Christina Rudloff Technical Editor Tim Warner Cover Designer Twist Creative, Seattle Contents at a glance Introduction Preparing for the exam CHAPTER 1 Design and implement Azure App Service Web Apps CHAPTER 2 Create and manage Compute Resources CHAPTER 3 Design and implement a storage strategy CHAPTER 4 Implement Virtual Networks CHAPTER 5 Design and deploy ARM templates CHAPTER 6 Manage Azure Security and Recovery Services CHAPTER 7 Manage Azure Operations CHAPTER 8 Manage Azure Identities Index Contents Introduction Organization of this book Microsoft certifications Acknowledgments Microsoft Virtual Academy Quick access to online references Errata, updates, & book support We want to hear from you Stay in touch Preparing for the exam Chapter 1 Design and implement Azure App Service Web Apps Skill 1.1: Deploy web apps Create an App Service Plan Create a web app Define deployment slots Swap deployment slots Deploy an application Migrate a web app to separate App Service Plan Skill 1.2: Configure web apps Configuring application settings Configure a custom domain for a web app Configure SSL certificates Configuring handler mappings Configuring virtual applications and directories Skill 1.3: Configure diagnostics, monitoring, and analytics Enabling application and web server diagnostics Retrieving diagnostic logs Viewing streaming logs Monitor web app resources Monitor App Service Plan resources Monitor availability, performance, and usage Monitor Azure services Configure backup Skill 1.4: Configure web apps for scale and resilience Scale up or down an app service plan Scale app service instances manually Scale app service instances using Autoscale Configure Azure Traffic Manager Thought experiment Thought experiment answers Chapter summary Chapter 2 Create and manage Compute Resources Skill 2.1: Deploy workloads on Azure Resource Manager (ARM) virtual machines (VMs) Identify and run workloads in VMs Create virtual machines Connecting to virtual machines Skill 2.2: Perform configuration management PowerShell Desired State Configuration Using the custom script extension Enable remote debugging Skill 2.3: Design and implement VM Storage Virtual machine storage overview Operating system images Virtual machine disk caching Planning for storage capacity Disk encryption Using the Azure File Service Skill 2.4: Monitor ARM VMs Monitoring options in Azure Configuring Azure diagnostics Configuring alerts Skill 2.5: Manage ARM VM availability Configure availability zones Configure availability sets Skill 2.6 Scale ARM VMs Change VM sizes Deploy and configure VM scale sets (VMSS) Skill 2.7 Manage containers with Azure Container Services (ACS) Configure for open-source tooling Create and manage container images Implement Azure Container Registry Deploy a Kubernetes cluster in ACS Manage containers with Azure Container Services (ACS) Scale applications using Docker Swarm, DC/OS, or Kubernetes Migrate container workloads to and from Azure Monitor Kubernetes by using Microsoft Operations Management Suite (OMS) Though experiment Thought experiment answers Chapter summary Chapter 3 Design and implement a storage strategy Skill 3.1: Implement Azure Storage blobs and files Manage blob storage Using the async blob copy service Configuring the Content Delivery Network Configuring custom domains for storage and CDN Skill 3.2: Manage access Manage storage account keys Creating, and using, shared access signatures Using a stored access policy Virtual Network Service Endpoints Skill 3.3: Configure diagnostics, monitoring, and analytics Configuring Azure Storage Diagnostics Analyzing diagnostic data Enabling monitoring and alerts Skill 3.4: Implement storage encryption Encrypt data using Azure Storage Service Encryption (SSE) Implement encryption and role based access control with Azure Data Lake Store Thought experiment Thought experiment answers Chapter summary Chapter 4 Implement Virtual Networks Skill 4.1: Configure Virtual Networks Create a Virtual Network (VNet) Design subnets Gateway subnets Setup DNS at the Virtual Network level User Defined Routes (UDRs) Connect VNets using VNet peering Implement Application Gateway Skill 4.2: Design and implement multi-site or hybrid network connectivity Choose the appropriate solution between ExpressRoute, Site-to-Site and Point-to-Site Choose the appropriate gateway Identify network prerequisites Implement Virtual Network peering service chaining Configure Virtual Network and Multi-Site Virtual Networks Skill 4.3: Configure ARM VM Networking Configure Private Static IP Addresses Public IP Address DNS at the Network Interface (NIC) Level Network Security Groups (NSGs) User Defined Routes (UDR) with IP Forwarding External and Internal load balancing with HTTP and TCP health probes Direct Server Return Design and Implement Application Gateway (App Gateway) Skill 4.4: Design and implement a communication strategy Leverage Site-to-Site (S2S) VPN to connect to an on-premises infrastructure Implement Hybrid Connections to access data sources on-premises Thought experiment Thought experiment answers Chapter summary Chapter 5 Design and deploy ARM templates Skill 5.1: Implement ARM templates Author ARM templates Deploy an ARM template Skill 5.2: Control access Leverage service principals with ARM authentication Set management policies Lock resources Skill 5.3: Design role-based access control (RBAC) Implement Azure RBAC standard roles Design Azure RBAC custom roles Thought experiment Thought experiment answers Chapter summary Chapter 6 Manage Azure Security and Recovery Services