Online Resources

Pluralsight - Learning Path - Microsoft Azure Architect Design (AZ-301)

Determine Workload Requirements (10-15%)

Gather Information and Requirements
 Identify compliance requirements,
 identity and access management infrastructure, and service-oriented architectures
(e.g., integration patterns, service design, service discoverability);
 identify accessibility (e.g. Web Content Accessibility Guidelines), availability (e.g.
Service Level Agreement), capacity planning and scalability, deploy-ability (e.g.,
repositories, failback, slot-based deployment), configurability, governance,
maintainability (e.g. logging, debugging, troubleshooting, recovery, training), security
(e.g. authentication, authorization, attacks), and sizing (e.g. support costs,
optimization) requirements;
 recommend changes during project execution (ongoing);
 evaluate products and services to align with solution;
 create testing scenarios

Pluralsight - Gathering Information About Existing Enterprise Architecture in Microsoft Azure

Pluralsight - Gathering Non-functional Requirements for Microsoft Azure
Pluralsight - Determining Feasibility and Refining Requirements for Microsoft Azure
Azure - Trust Center

Optimize Consumption Strategy

 Optimize app service, compute, identity, network, and storage costs

Pluralsight - Estimating One-time and Recurring Costs for Microsoft Azure

Pluralsight - Design a Compute Strategy for Microsoft Azure
App Service Pricing

Design an Auditing and Monitoring Strategy

 Define logical groupings (tags) for resources to be monitored;
o Use tags to organize your Azure resources
 determine levels and storage locations for logs;
o Collect and consume log data from your Azure resources
o Azure logging and auditing
 plan for integration with monitoring tools;
o Azure Monitor overview
o End-to-end monitoring solutions in Azure for Apps and Infrastructure
o What is Application Insights?
 recommend appropriate monitoring tool(s) for a solution;
o Event Grid
o What is Azure Event Grid?
o Stream Azure Diagnostic Logs to an event hub
 specify mechanism for event routing and escalation;
o Archive activity log
o Archive diagnostic logs
o Store diagnostic logs
o Azure resource data to Event Hub
o Stream activity log to Event Hubs
o Diagnostic logs to Event Hub
o Application data to Log Analytics
 design auditing for compliance requirements;
o Compliance and supporting information for Azure Information Protection
 design auditing policies and traceability requirements
o Azure logging and auditing

Pluralsight - Designing a Monitoring Strategy for a Solution in Microsoft Azure

Pluralsight - Design Auditing for Microsoft Azure

Design for Identity and Security (20-25%)
Design Identity Management
 Choose an identity management approach;
o Azure Identity Management and access control security best practices
o Identity and access management (IAM)
 design an identity delegation strategy, identity repository (including directory,
application, systems, etc.);
o When to Use Identity Delegation
o Azure AD Connect and federation
 design self-service identity management and user and persona provisioning;
o Managing user account provisioning for enterprise apps in the Azure portal
o How to configure self-service application assignment
 define personas and roles;
 recommend appropriate access control strategy (e.g., attribute-based, discretionary
access, history-based, identity-based, mandatory, organization-based, role-based,
rule-based, responsibility-based)
o What is role-based access control (RBAC) for Azure resources?
o What is Azure AD Privileged Identity Management?
o How To: Configure the sign-in risk policy
o What is conditional access in Azure Active Directory?
o How it works: Azure Multi-Factor Authentication

Pluralsight - Design Identity Management in Microsoft Azure

Azure Active Directory (AD) Domain Services
How to decide if Azure AD Domain Services is right for your use-case
Topologies for Azure AD Connect
The Four Pillars of Identity - Identity Management in the Age of Hybrid IT

Design Authentication
 Choose an authentication approach;
o What is authentication?
o Choose the right authentication method for your Azure Active Directory hybrid identity
solution
o What are authentication methods?
 design a single-sign on approach; logon, multi-factor, network access, and remote
authentication
o Single sign-on to applications in Azure Active Directory
o How it works: Azure Multi-Factor Authentication
o What is conditional access in Azure Active Directory?

Pluralsight - Design Authentication for Microsoft Azure

Application types for v2.0
About Microsoft identity platform

Design Authorization
 Choose an authorization approach;
 Identity and access management (IAM)
 What is role-based access control (RBAC) for Azure resources
 define access permissions and privileges;
 design secure delegated access (e.g., oAuth, OpenID, etc.);
 How to recognize differences between delegated and application permissions
 Authorize access to Azure Active Directory web applications using the OAuth 2.0
code grant flow
 v2.0 Protocols - OAuth 2.0 authorization code flow
 recommend when and how to use API Keys.
 Protect an API by using OAuth 2.0 with Azure Active Directory and API
Management

Pluralsight - Design Authorization for Microsoft Azure

Design for Risk Prevention for Identity

 Design a risk assessment strategy (e.g., access reviews, RBAC policies, physical
access);
o What are Azure AD Access Reviews?
 evaluate agreements involving services or products from vendors and contractors;
 update solution design to address and mitigate changes to existing security policies,
standards, guidelines and procedures

Pluralsight - Design for Risk Prevention in Microsoft Azure

Azure Active Directory risk events
Microsoft Password Guidance

Design a Monitoring Strategy for Identity and Security

 Design for alert notifications;
 design an alert and metrics strategy;
 recommend authentication monitors

Pluralsight - Design a Monitoring Strategy for Identity and Security in Microsoft Azure
Create, view, and manage metric alerts using Azure Monitor
Design a Data Platform Solution (15-20%)
Design a Data Management Strategy
 Choose between managed and unmanaged data store;
o IaaS vs. PaaS offering understanding.
 choose between relational and non-relational databases;
o Choose the right SQL Server option in Azure
o Choose the right data store
o Criteria for choosing a data store
o https://docs.microsoft.com/en-us/azure/sql-database/sql-database-features
 design data auditing and caching strategies;
o Caching
o Azure Cache for Redis
o Content Delivery Network
 identify data attributes (e.g., relevancy, structure, frequency, size, durability, etc.);
 recommend Database Transaction Unit (DTU) sizing;
o Service tiers in the DTU-based purchase model
o Resource limits for single databases using the DTU-based purchasing model
 design a data retention policy;
o Manage Azure SQL Database long-term backup retention
o Azure Blob Storage lifecycle management in public preview
 design for data availability, consistency, and durability;
 design a data warehouse strategy
o What is Azure SQL Data Warehouse?

Pluralsight - Design a Data Management Strategy for Microsoft Azure

Pluralsight - Plan for Data Warehousing with Microsoft Azure

Design a Data Protection Strategy

 Recommend geographic data storage;
o Azure Storage redundancy
o Locally redundant storage
o Zone-redundant storage
o Geo-redundant storage
o Disaster recovery and failover
o Designing HA Apps using RA-GRS
 design an encryption strategy for data at rest, for data in transmission, and for
data in use;
o Azure Data Encryption-at-Rest
o Azure encryption overview
 design a scalability strategy for data;
o Scalability Checklist
 design secure access to data;
o Azure Data Security and Encryption Best Practices
o Virtual Network Service Endpoints
  design a data loss prevention (DLP) policy
o Data loss prevention (DLP) policies
o Azure Information Protection

Pluralsight - Design a Data Protection Strategy with Microsoft Azure

Design and Document Data Flows

 Identify data flow requirements;
 create a data flow diagram;
 design a data flow to meet business requirements;
 design a data import and export strategy
o What is Azure Import/Export service?
o Azure Data Box
o Azure Data Box for offline data transfer

Pluralsight - Design and Document Data Flows with Microsoft Azure

Design a Monitoring Strategy for the Data Platform

 Design for alert notifications;
 design an alert and metrics strategy
Design a Business Continuity Strategy (15-20%)
Design a Site Recovery Strategy
 Design a recovery solution;
o Site Recovery Documentation
 design a site recovery replication policy;
o Replicate Azure virtual machines to another Azure region
 design for site recovery capacity and for storage replication;
o Plan capacity for Hyper-V VM disaster recovery
o Plan capacity and scaling for VMware disaster recovery to Azure
o Azure Site Recovery capacity-planning guide for migrations
 design site failover and failback (planned/unplanned);
o Run a disaster recovery drill to Azure
o Fail over VMs and physical servers
 design the site recovery network; recommend recovery objectives (e.g., Azure, on-
prem, hybrid, Recovery Time Objective (RTO), Recovery Level Objective (RLO),
Recovery Point Objective (RPO));
o About Site Recovery
 identify resources that require site recovery;
 identify supported and unsupported workloads;
o Support matrix for disaster recovery of VMware VMs and physical servers to Azure
o Support matrix for disaster recovery of on-premises Hyper-V VMs to Azure
 recommend a geographical distribution strategy
o Reduce RTO by using Azure Traffic Manager with Azure Site Recovery(old)

Pluralsight - Designing a Site Recovery Strategy on Microsoft Azure

Design for High Availability

 Design for application redundancy, auto-scaling, data center and fault domain
redundancy, and network redundancy;
o Manage the availability of Windows virtual machines in Azure
o Availability Set, Fault Domains And Update Domains In Azure Virtual Machine
o Azure Autoscale
 identify resources that require high availability; identify storage types for high
availability
o Azure Storage redundancy
o Regions and availability for virtual machines in Azure

Pluralsight - Designing for High Availability on Microsoft Azure

Creating and using active geo-replication

Use auto-failover groups to enable transparent and coordinated failover of multiple databases
Design a disaster recovery strategy for individual workloads
 Design failover/failback scenario(s);
o Run a disaster recovery drill to Azure
o Fail over VMs and physical servers
 document recovery requirements;
 identify resources that require backup;
 recommend a geographic availability strategy

Pluralsight - Designing a Disaster Recovery Strategy on Microsoft Azure

Business continuity and disaster recovery (BCDR): Azure Paired Regions
Azure Region Pairs Explained

Design a Data Archiving Strategy

 Recommend storage types and methodology for data archiving;
o Azure Archive Storage
o Azure Blob storage: hot, cool, and archive access tiers
o Managing the Azure Blob Storage Lifecycle
 identify requirements for data archiving and business compliance requirements for
data archiving;
 identify SLA(s) for data archiving

Pluralsight - Designing a Data Archiving Strategy on Microsoft Azure

Design for Deployment, Migration, and Integration (10-15%)
Design Deployments
 Design a compute, container, data platform, messaging solution, storage, and web
app and service deployment strategy

Pluralsight - Designing Deployments in Microsoft Azure

Building microservices on Azure
Azure Reference Architectures

Design Review Framework

 Design for resiliency

 Failure mode analysis
 Availability checklist
 DevOps checklist
 Resiliency checklist (general)
 Resiliency checklist (Azure services)
 Scalability checklist

Design Migrations
 Recommend a migration strategy;
o Azure migration center
o Start your cloud migration process
 design data import/export strategies during migration;
o What is Azure Import/Export service?
o Azure Data Box
o Azure Data Box for offline data transfer
 determine the appropriate application migration, data transfer, and network
connectivity method;
 determine migration scope, including redundant, related, trivial, and outdated data;
o Using Service Map solution in Azure
 determine application and data compatibility
o Microsoft Assessment and Planning Toolkit
o Migrate to Azure App Service
o Download Migration Assistant
o Overview of Data Migration Assistant

Pluralsight - Designing Migrations for Microsoft Azure

CosmosDB Content:
 https://datamigration.microsoft.com/scenario/mongo-to-cosmos?step=1
 https://azure.microsoft.com/en-ca/resources/videos/using-mongodb-tools-with-azure-cosmos-
db/
  https://docs.microsoft.com/en-us/azure/cosmos-db/mongodb-introduction

Design an API Integration Strategy

API Management documentation

 Design an API gateway strategy;

o API Management
 determine policies for internal and external consumption of APIs;
o API Management Policies
o How to use Azure API Management with virtual networks
o Azure DDoS Protection: Best practices and reference architectures
 recommend a hosting structure for API management

Pluralsight - Designing an API Management Strategy for Microsoft Azure

Design an Infrastructure Strategy (15-20%)
Design a Storage Strategy
 Design a storage provisioning strategy;
o Introduction to Azure Storage
 design storage access strategy; identify storage requirements;
o Deciding when to use Azure Blobs, Azure Files, or Azure Disks
 recommend a storage solution and storage management tools
o Azure Storage Explorer
o Azure Blobs/queues/files/tables
o AzCopy

Pluralsight - Design a Storage Strategy for Microsoft Azure

Design a Compute Strategy

 Design compute provisioning and secure compute strategies;
 determine appropriate compute technologies (e.g., virtual machines, functions,
service fabric, container instances, etc.);
o Overview of Azure compute options
o Decision tree for Azure compute services
o https://docs.microsoft.com/en-us/azure/architecture/guide/technology-
choices/compute-comparison
o Azure Service Fabric Documentation
o Azure Kubernetes Service (AKS)
o Azure Container Instances Documentation
o Azure Functions
 design an Azure HPC environment;
o Big Compute: HPC & Batch
o Azure CycleCloud
 identify compute requirements;
 recommend management tools for compute

Pluralsight - Design a Compute Strategy for Microsoft Azure

Design a Networking Strategy

 Design network provisioning and network security strategies;
o Network Components
 Vnets
 Virtual Network Gateways
 ExpressRoute
 VNet peering
 Global Peering
o Security
  Azure Firewall
 Azure NSGs
 Network Virtual Appliances
 Application Gateways
 determine appropriate network connectivity technologies;
o S2S
o P2S
o ExpressRoute
o VNet peering
 identify networking requirements;
 recommend network management tools
o Azure Network Watcher
o Azure Network Performance Monitor

Pluralsight - Design a Networking Strategy for Microsoft Azure

Design a Monitoring Strategy for Infrastructure

 Design for alert notifications;
 Design an alert and metrics strategy

Overview of alerts in Microsoft Azure

Monitoring data collected by Azure Monitor
Pluralsight - Design a Monitoring Strategy for Infrastructure in Microsoft Azure