Exam Ref 70-535 Architecting Microsoft Azure Solutions Haishi Bai Dan Stolts Santiago Fernández Muñoz Exam Ref 70-535 Architecting Microsoft Azure Solutions Published with the authorization of Microsoft Corporation by: Pearson Education, Inc. Copyright © 2018 by Pearson Education All rights reserved. This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. For information regarding permissions, request forms, and the appropriate contacts within the Pearson Education Global Rights & Permissions Department, please visit www.pearsoned.com/permissions/. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. ISBN-13: 978-1-5093-0468-4 ISBN-10: 1-5093-0468-1 Library of Congress Control Number: 2018939074 1 18 Trademarks Microsoft and the trademarks listed at https://www.microsoft.com on the “Trademarks” webpage are trademarks of the Microsoft group of companies. All other marks are property of their respective owners. Warning and Disclaimer Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an “as is” basis. The authors, the publisher, and Microsoft Corporation shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or programs accompanying it. Special Sales For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales department at [email protected] or (800) 382-3419. For government sales inquiries, please contact [email protected]. For questions about sales outside the U.S., please contact [email protected]. Editor-in-Chief Greg Wiegand Senior Acquisitions Editor Laura Norman Development Editor Troy Mott Managing Editor Sandra Schroeder Senior Project Editor Tracey Croom Editorial Production Backstop Media Copy Editor Christina Rudloff Indexer Julie Grady Proofreader Liv Bainbridge Technical Editor Jason Haley Cover Designer Twist Creative, Seattle I would like to dedicate this book to editors, technical reviewers and co-authors. It’s been a long and collaborative process to get the book out. I appreciate your dedication, professionalism and persistence to complete the quest. —HAISHI BAI I would like to dedicate this book to my son Brad. His love, encouragement, drive and motivation gave me the strength to get to the finish line. —DAN STOLTS I would like to dedicate this book to my wife Rocio, for supporting me all the time I spent on this and other projects and being the most important reason on my life to be a better person. —SANTIAGO FERNÁNDEZ MUÑOZ Contents at a glance Introduction Important: How to use this book to study for the exam CHAPTER 1 Design compute infrastructure CHAPTER 2 Design data implementation CHAPTER 3 Design networking implementation CHAPTER 4 Design security and identity solutions CHAPTER 5 Design solutions by using platform services CHAPTER 6 Design for operations Index Contents Introduction Acknowledgments Organization of this book Microsoft certifications Microsoft Virtual Academy Quick access to online references Errata, updates, & book support Stay in touch Important: How to use this book to study for the exam Chapter 1 Design compute infrastructure Skill 1.1: Design solutions using virtual machines Design VM deployments by leveraging Availability sets, Fault Domains, and Update Domains in Azure Design for compute-intensive tasks using Azure Batch Define a migration strategy from cloud services Skill 1.2: Design solutions for serverless computing Use Azure Functions to implement event-driven actions Design for serverless computing using Azure Container Instances Design Application Solutions by using Azure Logic Apps, Azure Functions, or both Determine when to use API Management service Skill 1.3: Design microservices-based solutions Determine when a container-based solution is appropriate Determine when container-orchestration is appropriate Determine when Azure Service Fabric (ASF) is appropriate Determine when Azure Functions is appropriate Determine when to use the API Management service Determine when Web API is appropriate Determine which platform is appropriate for container orchestration Consider migrating existing assets versus cloud native deployment Design lifecycle management strategies Skill 1.4: Design web applications Design Azure App Service Web Apps Design custom web APIs Secure Web API Design Web Apps for scalability and performance Design for high availability using Azure Web Apps in multiple regions Determine which App Service Plan to use Design Web Apps for business continuity Determine when to use Azure App Service Environment (ASE) Design for API apps Determine when to use Web Apps on Linux Determine when to use a CDN Determine when to use a cache, including Azure Redis Cache Skill 1.5: Create compute-intensive applications Design high-performance computing (HPC) and other compute- intensive applications using Azure Services Determine when to use Azure Batch Design stateless components to accommodate scale Design lifecycle strategy for Azure Batch Thought experiment Thought experiment answers Chapter summary Chapter 2 Design data implementation Skill 2.1: Design for Azure Storage solutions Skill 2.2: Design for Azure Data Services Skill 2.3: Design for relational database storage Skill 2.4: Design for NoSQL storage Skill 2.5: Design for Cosmos DB storage Thought experiment Thought experiment answers Chapter summary Chapter 3 Design networking implementation Skill 3.1: Design Azure Virtual Networks Create and manage virtual networks IP Addresses Name resolution Load balancing ARM object model Traffic Manager CDN Routes Skill 3.2: Design external connectivity for Azure Virtual Networks Hybrid connectivity Skill 3.3: Design security strategies Network Security Groups Azure Application Gateway Skill 3.4: Design connectivity for hybrid applications Connect to on-premises data by using Azure Service Bus Relay Hybrid Connections Web Apps virtual private network capability Identifying options for domain-joining Azure Virtual Machines Thought experiment Thought experiment answers Chapter summary Chapter 4 Design security and identity solutions Skill 4.1: Design an identity solution Claim-based architecture Basic authentication and authorization workflow Working with Native Clients Working with multi-tiered applications Additional scenarios Azure Active Directory Sample scenario with Azure Active Directory Authentication and Visual Studio Authentication frameworks Microsoft Graph API Secure resources by using hybrid identities Skill 4.2: Secure resources by using identity providers Sample scenario with external Identity Provider and ASP.NET Core Azure B2C Azure B2B Skill 4.3: Design a data security solution Data protection Data encryption Access Control Data reliability and disaster recovery Azure Rights Management Services Azure Key Vault Skill 4.4: Design a mechanism of governance and polices for administrating Azure resources Access control challenges faced by large enterprises Role Based Access Control (RBAC) RBAC for Azure Resources Empowering a user with self-service Azure AD Application Access Panel Skill 4.5: Manage security risks by using an appropriate security solution Azure security solutions Managing security risks Thought experiment
Description: