Curriculum Overview: Unit 2 - Azure Architecture and Services
Unit 2: Describe Azure architecture and services
Curriculum Overview: Unit 2 - Azure Architecture and Services
This unit provides a deep dive into the foundational infrastructure and core services that make up the Microsoft Azure ecosystem. It transitions from general cloud concepts to specific Azure implementations, covering how resources are organized, secured, and connected.
Prerequisites
Before starting this unit, learners should have a solid grasp of the following:
- Unit 1: Cloud Concepts: Understanding of the shared responsibility model, cloud service types (IaaS, PaaS, SaaS), and cloud models (Public, Private, Hybrid).
- Basic Networking: Conceptual knowledge of IP addresses, subnets, and the purpose of a DNS.
- Basic Computing: Familiarity with virtual machines, operating systems, and file storage.
Module Breakdown
| Module | Focus Area | Difficulty |
|---|---|---|
| Module 1 | Azure Core Architecture (Regions, Zones, Hierarchy) | Intermediate |
| Module 2 | Compute & Networking Services | Advanced |
| Module 3 | Azure Storage Services & Migration | Intermediate |
| Module 4 | Identity, Access, & Security Foundations | Intermediate |
Learning Objectives per Module
Module 1: Core Architectural Components
- Define Physical Infrastructure: Explain the relationship between Azure Datacenters, Regions, Region Pairs, and Sovereign Regions.
- Explain Fault Tolerance: Describe how Availability Zones provide high availability.
- Master the Management Hierarchy: Visualize and explain the structure of Management Groups, Subscriptions, and Resource Groups.
Module 2: Compute and Networking
- Compute Selection: Compare Virtual Machines, Containers (ACI/AKS), and Serverless Functions.
- App Hosting: Differentiate between Azure App Service and Virtual Machines.
- Connectivity: Describe Virtual Networks (VNet), peering, and hybrid connectivity via VPN Gateway and ExpressRoute.
Module 3: Azure Storage Services
- Storage Comparison: Identify the use cases for Blob, File, Queue, and Disk storage.
- Data Protection: Explain redundancy options (LRS, GRS) and storage tiers (Hot, Cool, Cold, Archive).
- Migration Tools: Select the appropriate tool (AzCopy, Storage Explorer, or Data Box) for various data transfer scenarios.
Module 4: Identity, Access, and Security
- Identity Management: Explain Microsoft Entra ID (formerly Azure AD) and its role in authentication.
- Access Control: Implement Role-Based Access Control (RBAC) and Conditional Access policies.
- Security Frameworks: Apply the Zero Trust and Defense-in-Depth models using tools like Microsoft Defender for Cloud.
Success Metrics
You will have mastered this curriculum when you can:
- Architecture Design: Draw the hierarchy of an Azure environment from a Management Group down to an individual storage account.
- Service Selection: Given a business scenario, recommend whether to use a VM, a Container, or a Web App.
- Security Audit: Explain how MFA and RBAC work together to secure a resource according to the principle of least privilege.
- Network Logic: Diagram the flow of traffic through a VNet, including public and private endpoints.
Real-World Application
Understanding Azure Architecture and Services is critical for several professional roles:
- Cloud Architects: Use knowledge of Regions and Availability Zones to design resilient, global applications that survive datacenter failures.
- Cloud Administrators: Manage costs and permissions effectively by utilizing the Management Group and Subscription hierarchy.
- Security Engineers: Use Microsoft Entra ID and Zero Trust principles to ensure that only authorized users can access sensitive corporate data.
- DevOps Engineers: Automate the deployment of compute and networking resources using standardized Azure patterns.
[!TIP] Focus heavily on the "Hierarchy of Resources" and "Storage Redundancy" sections, as these are high-yield topics for the AZ-900 certification exam.
\begin{tikzpicture} % Representing Availability Zones within a Region \draw[thick] (0,0) rectangle (8,5); \node at (4,4.5) {\textbf{Azure Region}};
\draw[dashed] (0.5,0.5) rectangle (2.5,3.5); \node at (1.5,2) {Zone 1}; \node[draw, circle, inner sep=2pt] at (1.5,1) {DC};
\draw[dashed] (3,0.5) rectangle (5,3.5); \node at (4,2) {Zone 2}; \node[draw, circle, inner sep=2pt] at (4,1) {DC};
\draw[dashed] (5.5,0.5) rectangle (7.5,3.5); \node at (6.5,2) {Zone 3}; \node[draw, circle, inner sep=2pt] at (6.5,1) {DC};
\draw[<->, thick] (2.5,2.5) -- (3,2.5); \draw[<->, thick] (5,2.5) -- (5.5,2.5); \node at (4,0.2) {Low-Latency Sync Replication}; \end{tikzpicture}