2 videos 📅 2024-03-04 09:00:00 Asia/Brunei
Watch Video
5:33:57
2024-03-04 09:24:48
4:22:45
2024-03-05 08:33:45

Course recordings on DaDesktop for Training platform

Visit NobleProg websites for related course

Visit outline: Architecting Microsoft Azure Solutions (Course code: azurearchitectures)

Categories: Azure

Summary

Overview

This course provides a comprehensive overview of Azure architecture and cloud adoption strategies, focusing on Microsoft’s Cloud Adoption Framework (CAF) and Well-Architected Framework (WAF). The session guides learners through the business and technical dimensions of designing, migrating, and managing cloud solutions in Azure. Key topics include cloud economics, organizational readiness, infrastructure design, governance, cost optimization, reliability, security, and DevOps integration. The training emphasizes decision-making over hands-on deployment, with practical exercises using Azure tools like the Cloud Journey Tracker and Azure DevOps templates. The goal is to equip IT professionals with structured methodologies to plan, execute, and govern cloud adoption at scale.

Topic (Timeline)

1. Introduction to Azure AD and Network Extension Concepts [00:00:00 - 00:05:13]

  • Clarifies that Azure Active Directory (Azure AD) is the modern identity and access management service controlling resource access in Azure.
  • Explains that policies in Azure AD govern permissions for objects within the directory.
  • Addresses a quiz question: “What Azure service extends your private network into the Microsoft cloud?”
  • Corrects misconceptions: CDN (content delivery) improves performance but does not extend networks; Blob Storage is for object storage; App Service is for web hosting.
  • Confirms ExpressRoute as the correct answer — a dedicated private connection from on-premises infrastructure to Azure, enabling secure, high-bandwidth network extension.

2. Course Logistics, Instructor Introduction, and Training Objectives [00:05:16 - 00:11:14]

  • Instructor introduces himself as Andres Mujica with 3 years of IP/cloud experience.
  • Outlines daily schedule: two 15-minute coffee breaks (10:45 AM, 3:45 PM) and lunch at 1:00 PM.
  • Describes training goals: improve Azure solution design skills, understand service capabilities, and make informed decisions for public/hybrid cloud architectures.
  • Emphasizes this is an architecture-focused course, not a hands-on deployment lab, but includes 40 labs for self-paced practice.
  • Highlights that only selected labs will be executed live; all materials (slides, diagrams, code) are provided in a shared repository.
  • Encourages active participation, questions, and sharing of real-world experience.

3. Tool Setup and Material Access [00:11:14 - 00:29:11]

  • Guides participants to access course materials on the desktop: “materials” folder containing slides, architectural frameworks, and diagram templates.
  • Introduces Draw.io (now diagrams.net) as the primary tool for creating Azure architecture diagrams.
  • Demonstrates how to open and use the Azure Public Service Items library (ZIP file) to import official Azure icons into Draw.io.
  • Shows how to create and edit diagrams using Azure component shapes (e.g., App Service, SQL Database, Virtual Network).
  • Recommends exploring pre-built Azure reference architectures included in the materials.
  • Notes that participants may use other diagramming tools, but Azure-specific shapes are essential for consistency.

4. Cloud Adoption Framework (CAF) – Strategy and Business Alignment [00:29:15 - 00:59:17]

  • Introduces CAF as Microsoft’s structured approach to cloud adoption across business, technical, and operational domains.
  • Explains CAF’s purpose: to answer “why,” “how,” and “what” of cloud migration, aligning it with business outcomes.
  • Discusses the misconception that cloud = cost savings; clarifies that cloud shifts CapEx to OpEx and often increases total cost unless optimized.
  • Cites real-world examples: Roblox and SpaceX moved back on-premises due to cost overruns.
  • Outlines CAF’s lifecycle: Strategy → Plan → Ready → Adopt → Manage.
  • Emphasizes the “5R” migration strategy: Rehost, Refactor, Revise, Replace, Retire.
  • Highlights the importance of innovation over simple lift-and-shift: decompose monoliths into PaaS services (e.g., App Service + Azure SQL).
  • Introduces the Cloud Journey Tracker assessment tool to evaluate organizational maturity and generate a personalized adoption roadmap.

5. Cloud Adoption Framework (CAF) – Planning, Readiness, and Governance [00:59:17 - 01:40:32]

  • Details the “Plan” phase: inventorying digital assets, aligning stakeholders, identifying skills gaps, and creating a backlog.
  • Explains the need for a Cloud Center of Excellence (CCoE) to coordinate cross-functional teams (IT, security, finance, operations).
  • Discusses the “Ready” phase: establishing the landing zone — foundational Azure environment with networking, identity, subscriptions, and governance policies.
  • Describes key landing zone components: subscription hierarchy, resource naming conventions, tagging strategy, network topology (VPN/ExpressRoute), and security baselines.
  • Introduces the Cloud Adoption Plan Generator in Azure DevOps as a template to codify the adoption plan using Agile boards, user stories, and tasks.
  • Demonstrates how to create an Azure DevOps project using the Cloud Adoption Framework template.
  • Highlights the importance of infrastructure-as-code (IaC) and automation in enabling scalable, repeatable deployments.

6. Cloud Adoption Framework (CAF) – Adoption, Migration, and Innovation [01:40:32 - 02:40:12]

  • Distinguishes between integration (lift-and-shift) and innovation (re-architecting for cloud-native services).
  • Reinforces that innovation (e.g., using App Service, Functions, Containers) unlocks cloud benefits: scalability, resilience, cost efficiency.
  • Explains the role of DevOps in enabling continuous integration/continuous delivery (CI/CD) for containerized and serverless workloads.
  • Introduces chaos engineering as a method to test system resilience by intentionally inducing failures.
  • Covers the “Manage” phase: establishing operational baselines, ownership models, and monitoring.
  • Introduces Azure Monitor, Security Center, and Advisor as tools for governance, cost control, and security compliance.
  • Discusses blueprints (now Policy as Code) and management groups to enforce consistent resource governance across subscriptions.
  • Emphasizes the importance of cost management: using reservations, spot instances, auto-shutdown schedules, and right-sizing VMs.

7. Well-Architected Framework (WAF) – Five Pillars and Review Process [02:40:12 - 04:01:13]

  • Introduces the Well-Architected Framework as a technical review methodology for evaluating cloud workloads.
  • Explains the five pillars:
    1. Reliability: System recovery from failures, redundancy, and failover.
    2. Security: Identity management, RBAC, encryption, network security, and vulnerability scanning.
    3. Cost Optimization: Right-sizing, reservations, spot instances, and monitoring spend.
    4. Operational Excellence: Automation, monitoring, incident response, and DevOps practices.
    5. Performance Efficiency: Scalability, efficient resource use, and load balancing.
  • Describes the WAF review process: Discovery → Analysis → Implementation → Continuous Review.
  • Uses Azure Advisor and Power BI dashboards (Governance, Infrastructure, DevOps) to visualize optimization opportunities.
  • Demonstrates how to calculate SLA/availability (e.g., 99.9% = ~8.76 hours downtime/year; 99.99% = ~52.6 minutes/year).
  • Explains single points of failure (SPOF) and how redundancy (e.g., multiple VM instances) improves availability.
  • Highlights the importance of APM tools (Application Performance Monitoring) to detect and resolve performance bottlenecks.

8. WAF Deep Dive: Security, Performance, and Operational Best Practices [04:01:13 - 05:30:03]

  • Expands on security layers: physical, network, identity, application, and data encryption.
  • Emphasizes zero trust principles: least privilege access, conditional access, and MFA.
  • Discusses operational excellence through automation: IaC (Terraform, ARM), CI/CD pipelines, and automated testing.
  • Covers performance optimization: CDN for static content, database read replicas, asynchronous messaging (queues), and caching.
  • Explains cost-performance trade-offs: over-provisioning for peak load vs. auto-scaling based on demand.
  • Introduces Azure Policy and Resource Tags to enforce naming, location, and cost-center compliance.
  • Reinforces that WAF is a continuous cycle: review, act, measure, repeat.
  • Concludes with a live demo of the WAF Assessment Tool (similar to CAF’s Cloud Journey Tracker) to evaluate workload maturity.

Appendix

Key Principles

  • Cloud is not cheaper by default — it shifts CapEx to OpEx; cost control requires active management.
  • Innovation > Lift-and-Shift — decompose monoliths into PaaS, serverless, and containerized services to unlock scalability and resilience.
  • DevOps is non-negotiable — automation, CI/CD, and IaC are essential for sustainable cloud operations.
  • Governance must be proactive — use Azure Policy, management groups, and tagging to enforce standards at scale.
  • Architecture is iterative — use CAF and WAF as living frameworks, not one-time checklists.

Tools Used

  • Draw.io (diagrams.net): For creating Azure architecture diagrams using official Azure icons.
  • Azure DevOps: For generating and managing Cloud Adoption Plans via Agile boards and templates.
  • Cloud Journey Tracker: Microsoft’s assessment tool to evaluate cloud adoption maturity.
  • Well-Architected Framework Tool: For technical workload reviews across five pillars.
  • Azure Advisor: For cost, security, and performance recommendations.
  • Power BI Dashboards: For executive-level visibility into governance, cost, and DevOps metrics.
  • Azure Policy & Blueprints: For enforcing compliance and standardization.

Common Pitfalls

  • Assuming cloud migration reduces costs without optimization.
  • Deploying workloads without architecture diagrams or planning.
  • Ignoring identity and access governance (e.g., public S3 buckets, exposed Kubernetes APIs).
  • Over-provisioning resources to handle peak loads, leading to unnecessary OpEx.
  • Treating cloud adoption as a one-time project rather than an ongoing, iterative process.

Practice Suggestions

  • Complete the Cloud Journey Tracker assessment for your organization.
  • Build a sample architecture diagram in Draw.io using Azure components (e.g., App Service + SQL + VNet + Load Balancer).
  • Create an Azure DevOps project using the Cloud Adoption Framework template.
  • Run an Azure Advisor review on a test subscription and implement 3 recommendations.
  • Simulate a failure in a lab environment (e.g., shut down a VM) to test recovery procedures.
  • Review your organization’s current cloud resources: identify SPOFs, untagged resources, and unmonitored services.