The Devops Guy

4. Azure AI Devops & tools

by

thedevopsguy.co.in
in
Prev Post
Next Post

Introduction

Artificial Intelligence

Artificial Intelligence(AI) is the simulation of human intelligence & capabilities by computer software.

Machine Learning is a subcategory of AI where computer software is “taught” to draw conclusions and make predictions from data

Azure Machine Learning 

Train → Package →  Validate →  Deploy → Monitor

Key Characteristics 

  • Cloud-based platform for creating, managing and publishing machine learning models.
  • Platform as a Service(PaaS)
  • Machine Learning Workspace – top level resource
  • MAchine Learning studio – web portal for end-2end development.
  • Features
    • Notebooks – using Python and R
    • Automated ML – run multiple algorithms/parameters combinations, choose the best model.
    • Designer – graphical interface for no-code development
    • Data & Compute – management of storage and compute resources
    • Pipelines – orchestrate model training, deployment and management tasks

Azure Serverless Computing 

Serverless computing is a cloud-hosted execution environment that allows customers to run their applications in the cloud while completely abstracting the underlying infrastructure

Azure Functions(Function Apps)

Key Characteristics 

  • Serverless coding platform(Functions as Service, Faas)
  • Design for nano-service architectures and event-based applications 
  • Scales up and down very quickly
  • Highly scalable
  • Supports popular languages and frameworks 
  • (.NET & Core Java,Node.js, Python, PowerShell, etc.)

Azure Logic Apps

Key Characteristics

  • Serverless Enterprise Integration Service(PaaS)
  • 200+ connectors for popular services
  • Designed for Orchestration of
    • Business processes
    • Integration workflows for applications, data, systems and services
  • No-code solution

Event Grid

Key Characteristics

  • Fully manages serverless event routing service
  • Uses publish-subscribe model
  • Designed for event-based and near-real time applications
  • Supports dozen of built-in events from most common Azure services

Azure Devops Solutions

DevOps is a set of practices that combine both development(Dev) and Operations(Ops).

DevOps aims to shorten the development life cycle by providing continuous integration and delivery(CI/CD) capabilities while ensuring high quality of deliverables.

Azure DevOps

Key Characteristics 

  • Collection of services for building solution issuing DevOps practices

Services included

  • Boards

Tracking work

  • Repos

Code collaborations and versioning with Git

  • Pipelines

Building CI/CD workflows(build, test and deploy apps)

  • Artifacts

Manage project deliverables

  • Test Plans

Manual and exploratory testing

  • Extensible with the marketplace – over 1000 of available apps
  • Evolved from TFS (TeamFoundation Server), through VSTS (Visual Studio Team Services)

Azure DevTest Labs

Key Characteristics 

  • Service sandbox environment for developers/testers(PaaS)
  • Quick setup of self-managed virtual machines
  • Preconfigured templates for VMs
  • Plenty of additional artifacts(tools,apps,custom actions)
  • Lab policies(quotas,sizes,auto-shutdowns)
  • Share and automate labs via custom images
  • Premade plugins/APItools for CI/CD pipeline automation

Azure Tools

Azure Portal

Key Characteristics 

  • Public web-based interface for management of Azure Platform
  • Designed for self-service
  • Customizable
  • Simple tasks

Azure PowerShell

Key Characteristics 

  • PowerShell and modules
  • Designed for automation
  • Multi-Platform with PowerShell Core
  • Simple to use
    • Connect–AzAccount – log into Azure
    • Get–AzResourceGroup – list resource groups
    • New – AZResourceGroup – Create new resource group
    • New– AzVm – Create virtual machine

Azure CLI

Key Characteristics 

  • Command Line Interface for Azure 
  • Designed for automation
  • Multi– platform (python)
  • Simple to use
    • Az login – log into Azure
    • Azgroup list – list resource groups
    • Az group create – create new resource group
    • Az vm create – create virtual machine 
  • Native OS terminal Scripting 

Azure Cloud Shell

Key Characteristics 

  • Cloud –based scripting environment
  • Completely free
  • Supports both Azure Powershell and Azure CLI
  • Dozen of additional tools 
  • Multiple client interface
    • Azure Portal Integrations(portal.azure.com)
    • Shell Portal(shell.azure.com)
    • Visual Studio Code Extension
    • Windows TErminal Code Extension 
    • Windows TErminal
    • Azure Mobile App
    • Microsoft Doc Integration

Azure Advisor 

Key Characteristics 

  • Personalized consultant service 
  • Designed to provide recommendations and best practices for
    • Cost(SKU sizes, idle services, reserved instances, etc.)
    • Security(MFA settings, vulnerability settings, agent installations, etc)
    • Reliability(redundancy settings, soft delete on blobs, etc)
    • Performance(SKU sizes, SDK versions, IO throttling, etc.)
    • Operational Excellence 
  • Actionable recommendations
  • Free 

Azure Security Groups

Network Security Groups

Network Security Groups

  • Designed to filter traffic to (inbound) and from (outbound) Azure
  • resources located in Azure Virtual Network.
  • Filtering controlled by rules.
  • Ability to have multiple inbound and outbound rules.
  • Rules are created by specifying
    • Source/Destination(Ip addresses, Service tags, application security groups)
    • Protocol(TCP, UDP, any)
    • Port(or Port Ranges, ex. 3389 – RDP, 22 – SSH. 80 HTTP, 443 HTTPS)
    • Direction(inbound or outbound)
    • Priority(order of evaluation)

Application Security Groups

Key Characteristics 

  • Feature that allows grouping of virtual machines located in Azure virtual network
  • Designed to reduce the maintenance effort(assign ASG instead of the explicit IP address)

Azure Routing – User-defined Routes(UDR)

Key Characteristics

  • Custom(user-defined, static) routes(UDRs)
  • Designed to override Azure default routing or add new routes
  • Manages via Azure Route Table resource
  • Associated with a zero or more Virtual Network subnets

Azure Firewall

Firewall is a network security service that monitors and controls incoming and outgoing traffic. 

Key Characteristics

  • Managed, cloud-based firewall service(PaaS, Firewall as a Service)
  • Built-in high availability
  • Highly Scalable 
  • Inbound & outbound traffic filtering rules
  • Support for FQDN(Fully Qualified Domain Name), ex. Microsoft.com
  • Fully integrated with Azure monitor for logging and analytics

Azure DDOS Protection

DoS- Denial of Service

Cyber-attack with intent to cause temporary or indefinite disruption of service 

DDoS – Distributed Denial of Service

Key Characteristics

  • DDOS protection service in Azure
  • Designed to
    • Detect malicious traffic and block it while allowing legitimate users to connect 
    • Prevent additional costs for auto-scaling environments
  • Two Tiers
    • Basic – Automatically Enabled for Azure Platform
    • Standards – additional mitigation & monitoring capabilities for Azure Virtual NEtwork resources
  • Standard tier uses machine learning to analyze traffic patterns for better accuracy.

Azure Identity Services 

Identity

The fact of being something or someone 

A user with a username and password.

Also applications or other servers with secret keys or certificates

Authentication

The process of verification/assertion of identity

Authorization

The process of ensuring that only authenticated identities get access to the resources for which they have been granted access

Access Management

The process of controlling, verifying, tracking and managing access to authorized users and applications .

Azure Active Directory

Key Characteristics

  • Identity and Access Management service in Azure
  • Identities management – users, groups, applications
  • Access management – subscriptions, resource groups, roles, role assignments,
  • Authentication & authorization settings, etc.
  • Used by multiple Microsoft cloud platforms
    • Azure
    • Microsoft 365
    • Office 365
    • Live.com services(Skype, OneDrive, etc.)
  • Syncs with on-premises Active Directory via sync services

Multi-Factor Authentication

Process of presenting two or more pieces of evidence to prove one’s identity.

Key Characteristics

  • Process of authentication using more than one factor(evidence) to prove identity
  • Factor types
    • Knowledge Factor – “Something you know”, ex. Password, pin
    • Possession Factor – “Something you have”, ex. Phone, token, card, key
    • Physical Characteristics Factor – “Something you are”, ex. fingerprint , voice, face, eye iris
    • Location Factor – “Somewhere you are”, ex.GPS location
  • Supported by Azure AD by default(simple on-off switch)

Azure Security Center

Key Characteristics

  • Centralized/unified infrastructure and platform security management service 
  • Natively embedded in Azure Services 
  • Integrated with Azure Advisor 
  • Two tiers
    • Free(Azure defender OFF) – included in all Azure services, provides continuous assessments, security score, and actionable security recommendations.
    • Paid(Azure defender ON) – hybrid security, threat protection alerts, vulnerability scanning, just in time(JIT) VM access, etc

Azure Key Vault

Key Characteristics

  • Managed service for securing sensitive information(application/platform)(PaaS)
  • Secure storage service for
    • Keys,
    • Secrets and
    • Certificates
  • Highly integrated with azure services(VMs, Logic Apps, Data Factory, Web Apps, etc )
  • Centralization
  • Access monitoring and logging

Azure Role Based Access Controls(RBAC)

Roles

Role(role definitions) is a collection of actions that the assigned identity will be able to perform.

Role definition is an answer to a question “What can be done ?”

Security Principles

Security Principal is an azure object(identity) that can be assigned to a role(ex. users , groups or applications).

Security Principal assignment is an answer to a question “who can do it ?”

Scope

Management Group → Subscription → Resource Group → Resource


Scope one or more Azure resources that the access applies to.

Scope assignment is an answer to question “where can it be done”

Role assignment is a combination of the role definition, security principal and scope.

Key Characteristics

  • Authorization System built on Azure Resource Manager(ARM)
  • Designed for fine-grained access management of Azure REsources
  • Role assignment is combination of
    • Role definition – list of permissions like create VM, delete SQL, assign permissions, etc
    • Security principal – user, group, service principal and managed identity and 
    • Scope – resource, resource groups, subscription, management group
  • Scopes are hierarchical
    • Management Groups > Subscriptions > Resource Groups > Resources 
  • BUilt-in and custom roles are supported

Azure Resource Locks

Key Characteristics

  • Designed to prevent accidental deletion and/or modification.
  • Used in conjunction with RBAC.
  • Two types of locks
    • Read-only(Read only) – only read actions are allowed
    • Delete(CanNotDelete) – all actions except delete are allowed
  • Scopes are hierarchical(inherited)
    • Subscriptions > Resource Groups > Resources
  • Management Groups can’t be locked
  • Only Owner and User Access Administrator roles can manage locks(built-in roles)

Azure Resource Tags

Key Characteristics

  • Tags are simple Name(Key) – value pairs
  • Designed to help with organization of Azure resources
  • Used for resource governance, security, operations management, cost management, automation, etc.
  • Typical tagging strategies
    • Functional – mark by function(ex: environment = production)
    • Classification – mark by policies used(ex:classification = restricted)
    • Finance/Accounting – mark for billing purposes(ex:department = finance)
    • Partnership – mark by association of users/groups(ex: owner = adam)
  • Applicable for resources, resource groups and subscriptions
  • NOT inherited by default

Azure Policy 

Key Characteristics

  • Designed to help with resource governance, security, compliance, cost management, etc.
  • Policies focus on resource properties(RBAC focused on user actions)
  • Policy definition – defines what should happen
    • Define the condition(if/else) and the effect(deny, audit, append, modify, etc)
    • Examples include allowed resource types, allowed locations, allowed SKUs, inherit resource tags
    • Built-in and custom policies are supported
  • Policy initiative – a group of policy definitions
  • Policy assignment – assignment of a policy definition/initiative to a scope
    • Scopes can be assigned to management groups, subscriptions, resource groups and resources
    • Policies allow for exclusions of scopes

Azure Blueprints

Blueprint 

A blueprint is a guide, pattern or design for making something 

Key Characteristics

  • Package of various components(artifacts)
    • Resource Groups
    • ARM Templates
    • Policy Assignments
    • Role Assignments
  • Centralized storage for organizational approved design patterns
  • Blueprint definition – describing what should happen (reusable package)
  • Blueprint assignment – describing where it should happen(package deployment)

Comments

One response to “4. Azure AI Devops & tools”

  1. 5. Cloud Adoption Framework – The Devops Guy

    […] thedevopsguy.co.in in Blog Prev Post […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *