Curriculum Overview: Azure Compute and Networking Services

This document provides a structured roadmap for mastering Skill 2.2 of the AZ-900: Microsoft Azure Fundamentals certification. It focuses on the core infrastructure services that power applications and connectivity in the Azure cloud.

Prerequisites

Before diving into compute and networking, learners should have a foundational understanding of the following:

• Cloud Concepts: Understanding of IaaS, PaaS, and SaaS models, as well as the Shared Responsibility Model.
• Azure Hierarchy: Familiarity with the relationship between Management Groups, Subscriptions, and Resource Groups.
• Basic Virtualization: A general understanding of what a virtual machine is and how it differs from physical hardware.
• Networking Basics: Familiarity with IP addressing, DNS, and the general concept of a firewall.

[!IMPORTANT] You cannot create Azure compute or networking resources without a Resource Group. All resources must reside within a group for management and billing purposes.

Module Breakdown

Learning Objectives per Module

MOD-01 & MOD-02: Compute Services

In these modules, you will learn to select the right compute power for specific workloads.

• Compare Compute Types: Differentiate between Virtual Machines (IaaS), App Services (PaaS), and Azure Functions (Serverless).
• Scalability: Understand how Virtual Machine Scale Sets provide automatic scaling and high availability.
• Containerization: Describe the purpose of Azure Container Instances (ACI) and Azure Kubernetes Service (AKS).

MOD-03 & MOD-04: Networking Services

These modules cover how resources talk to each other and the outside world.

• Isolation: Define the role of Virtual Networks (VNets) and Subnets in isolating cloud resources.
• Connectivity: Compare VPN Gateway (encrypted over public internet) vs. ExpressRoute (private, dedicated connection).
• Resolution: Understand how Azure DNS manages domain names within the cloud infrastructure.

MOD-05: Secure Endpoints

• Public Endpoints: Used for resources that need to be accessible from the internet.
• Private Endpoints: Used to provide a private IP address to an Azure service, ensuring traffic never leaves the Microsoft network.

Success Metrics

To verify mastery of this curriculum, the learner should be able to:

1. Selection Logic: Explain why a company would choose Azure App Service over a Virtual Machine for a standard web application.
2. Architecture Mapping: Diagram a simple VNet with two subnets and explain how they communicate via Peering.
3. Connectivity Comparison: List three key differences between a Site-to-Site VPN and ExpressRoute (e.g., speed, security, cost).
4. Resiliency Planning: Define how Availability Sets and Scale Sets protect against hardware failure and traffic spikes.

Real-World Application

Understanding these services is critical for several career paths:

• Cloud Administrators: Use these skills to provision resources, manage virtual networks, and ensure secure connectivity between on-premises offices and the cloud.
• Solutions Architects: Use this knowledge to design cost-effective and resilient systems, choosing the right compute tier (e.g., Serverless vs. VMs) to meet business requirements.
• DevOps Engineers: Leverage Azure App Service and Container services to automate the deployment of applications without managing underlying server hardware.

[!TIP] In a real-world production environment, always use Private Endpoints for database access to minimize the attack surface of your application.

Visualizing a Simple Virtual Network

\begin{tikzpicture}[node distance=2cm, every node/.style={rectangle, draw, rounded corners, fill=blue!10, minimum width=3cm, minimum height=1cm, align=center}]

\end{tikzpicture}

Figure 1: High-level overview of a segmented Azure VNet structure using subnets for security isolation.