JON BONSO AND GEROME PAGATPATAN

AZURE
CERTIFIED
AZ-104
Microsoft Azure
Administrator

Tutorials Dojo Study Guide

 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

TABLE OF CONTENTS

INTRODUCTION 5
AZ-104 MICROSOFT AZURE ADMINISTRATOR EXAM OVERVIEW 6
Exam Details 6
Exam Domains 8
Exam Scoring System 9
Exam Benefit 10
AZ-104 MICROSOFT AZURE ADMINISTRATOR EXAM - STUDY GUIDE AND TIPS 11
Study Materials 11
Azure Services to Focus On 12
Validate Your Knowledge 13
Final Remarks 18
CLOUD COMPUTING CONCEPTS 19
Cloud Service Models 19
Platform as a service (PaaS) 20
Software as a service (SaaS) 20
Serverless Computing 20
Cloud Architecture Models 21
Public Cloud 21
Private Cloud 21
Hybrid Cloud 22
AZURE BASICS 23
Azure Overview 23
Advantages of Azure Cloud Computing 23
Azure Global Infrastructure 24
Azure Security and Compliance 25
Azure Pricing 25
Azure Well-Architected Framework - Five Pillars 27
Best Practices when Architecting in the Cloud 27
THE DIFFERENT AZURE SERVICES 28
DEEP DIVE 29
Azure Virtual Machines 29
Components of a Virtual Machine 29
Types of Virtual Machines 30
Virtual Machine Disks 31
Payment options for Virtual Machines 34
Availability Options for Virtual Machines 35

https://portal.tutorialsdojo.com/ 1
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

Virtual Machine Scale Sets 36

Proximity Placement Groups 42
Backup Azure Virtual Machines 43
vCPU quotas 46
Azure App Service 47
App Service Plans 47
Deployment Slots 49
Diagnostics Logging 52
App Service Environments 53
Azure Container Instances (ACI) 56
Sizing and Scaling 56
Container Groups 56
Configuring Container Apps 57
Azure Kubernetes Service (AKS) 65
Components 65
Storage 65
Scaling 66
Network Connections 67
Azure Resource Manager (ARM) 69
Resource groups 69
ARM templates 69
Infrastructure as Code, YAML & JSON 70
Deploying ARM templates 71
Exporting Template 73
Creating ARM templates 73
Azure Storage Accounts 79
Types of Storage Accounts 79
Storage Account Endpoint 81
Storage Account Redundancy 81
Storage Encryption 84
Azure Blob Storage 85
Blob Storage Resources 85
Access Tiers 86
Transfer Data with AzCopy 89
Import/Export Data to and from Azure 90
Azure Files 93
Storage Tiers 93
Azure File Sync 94
Azure Virtual Network 95

https://portal.tutorialsdojo.com/ 2
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

Components of a Virtual Network 95

Network Security Group (NSG) and Application Security Group (ASG) 95
Virtual Network Peering 97
Azure Load Balancer 98
Components of a Load Balancer 98
Load Balancing Algorithm 99
Azure DNS 101
Public and Private DNS 101
DNS Record Types 101
Import/Export a DNS Zone File 101
Azure VPN Gateway 102
VPN Gateway Connections 102
VPN Types 103
Azure Active Directory 104
Managing Users, Groups, Roles and Devices 104
Azure RBAC 107
How Permissions are Enforced 107
Different Types of Roles 108
Role Definition Structure 110
Azure Policy 112
Policy Components 112
Policy Definition Structure 112
Policy Effects 114
Azure Monitor 115
Log Analytics 115
Alert Rules and Action Groups 115
Azure Network Watcher 118
Network Connectivity Monitoring 118
Diagnosing Virtual Machine Network Traffic 118
Verify a TCP connection from a Virtual Machine 118
Analyze the ingress and egress IP traffic through a Network Security Group 118
COMPARISON OF AZURE SERVICES 120
Azure Virtual Machine vs Web App 120
Azure Container Instances (ACI) vs Azure Kubernetes Service (AKS) 121
Azure Scale Set vs Availability Set 123
Azure Blob vs Disk vs File Storage 124
Locally Redundant Storage vs Zone-Redundant Storage vs Geo-Redundant Storage 126
Azure Load Balancer vs App Gateway vs Traffic Manager vs Front Door 128
Network Security Group (NSG) vs Application Security Group (ASG) 130

https://portal.tutorialsdojo.com/ 3
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

Azure Policy vs Azure Role-Based Access Control (RBAC) 131

Azure Active Directory (AD) vs Azure Role-Based Access Control (RBAC) 132
ABOUT THE AUTHORS 134

https://portal.tutorialsdojo.com/ 4
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

INTRODUCTION
With the rapid advancement of technology, enterprises are adopting newer technologies that will help
their businesses transform and grow. Microsoft Azure is one of the emerging technologies that you can
leverage in this age since a lot of companies are shifting their existing infrastructures in the cloud. Unlike
the traditional setup, cloud computing allows you to obtain resources on-demand with just one click on
their platform, including the servers, storage, databases, networking, analytics, artificial intelligence, and
a lot more.

Microsoft Azure offers a range of cloud services, depending on your business needs. These services are
continuously upgrading, and new features are being added every year to deliver customer satisfaction.
Since Azure's resources and services are too vast, the Microsoft Azure Certification program offers
different certification paths that will help aspiring candidates and IT professionals validate their skills
and knowledge to maximize the solutions created in the cloud.

Microsoft Azure is the second biggest cloud service provider in the market next to AWS, and a lot of
companies are now adopting a multicloud strategy, which makes it all the more beneficial for IT
professionals like you to expand your skill set and learn multiple cloud technologies. Learning is a lot
more fun if you merge it with various cloud services. It will be an exciting and enjoyable journey for you,
and the first step is to become AZ-104 Microsoft Azure Administrator certified. This eBook will help
familiarize yourself with the basic cloud concepts as well as the core services of Microsoft Azure, which
are the building blocks that will help you pass the exam and make a successful career shift to cloud
computing.

Note: We took extra care to come up with these study guides and cheat sheets, however, this is meant to
be just a supplementary resource when preparing for the exam. We highly recommend working on
hands-on sessions and practice exams to further expand your knowledge and improve your test-taking
skills.

https://portal.tutorialsdojo.com/ 5
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

CLOUD COMPUTING CONCEPTS

Cloud computing is the delivery of services over the Internet that helps you reduce your operating costs,
run your infrastructure efficiently, and scale as business requirements change.

Cloud Service Models

● The three cloud computing service models are IaaS, PaaS, and SaaS.
● You can also use serverless computing to eliminate the need to manage infrastructure.
● The shared responsibility model determines the security tasks that are handled by the cloud
provider and handled by the customer.
○ Azure is responsible for protecting the infrastructure such as hosts, network, and
data center.
○ The customer is responsible for protecting their data, endpoints, account, and
access management.
● IaaS, PaaS, and SaaS have different levels of managed services:

Infrastructure as a service (IaaS)

● Most user management

● You are responsible for managing the operating systems, data, and applications.
● IaaS helps you to extend resources rapidly to meet the spikes required for your application.

https://portal.tutorialsdojo.com/ 19
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

● Used in the following scenarios:

○ Migrating workloads – move existing applications to the cloud.
○ Test and development – quickly set up and dismantle test and development environments.
IaaS makes scaling development and testing environments fast and economical.
○ Storage, backup, and recovery – simplify the planning and management of backup and
recovery systems.
○ Website hosting – less expensive than traditional web hosting.
○ High-performance computing (HPC) – clusters of computers that help solve complex
problems involving millions of variables or calculations.
○ Big data analysis – for massive data sets that require a huge amount of processing power.

Platform as a service (PaaS)

● Less user management

● The operating systems are managed by the cloud provider, while the user is responsible for the
applications and data they run and store.
● PaaS offers all the functionality you need to support the entire lifecycle of web applications:
building, testing the application, deploying the source code, managing, and updating within the
same integrated environment.
● Used in the following scenarios:
○ Development framework – a framework for creating or customizing cloud-based
applications.
○ Analytics or business intelligence – find insights and patterns, and predict outcomes to
improve business decisions.

Software as a service (SaaS)

● Least amount of management

● The cloud provider is responsible for managing everything, and the end-user just uses the software.

Serverless Computing

● Function as a Service (FaaS)

● You simply deploy the code with a serverless platform, and it runs at high availability.
● Dynamically scales up and down to meet the demands of each workload within seconds.
● A pay-per-execution model that charges sub-second billing only for the time and resources required
to execute the code.

https://portal.tutorialsdojo.com/ 20
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

Cloud Architecture Models

● Three deployment methods of cloud computing: Public vs Private vs Hybrid.

● The model you choose for cloud deployment depends on your budget, security, scalability, and
maintenance needs.

Public Cloud

● Focus on maintaining your applications without having to worry about purchasing, managing, or
maintaining the hardware on which it runs.
● You can use multiple public cloud providers of varying scale.

Advantages Disadvantages

High scalability/agility. Specific security requirements.

Pay-as-you-go pricing. Government policies, industry

standards, or legal requirements.

You are not responsible for the updates You don’t own the hardware or services
and maintenance of the hardware. and you also can’t manage them as
you may want to.

The required technical knowledge is Maintaining a legacy application might

minimal. be hard to meet.

Private Cloud

● A dedicated on-premises datacenter configured to be a cloud environment that provides users in

your organization with self-service access to compute resources.
● You are responsible for the purchase and maintenance of the hardware and software services.
● You can use a private cloud when an organization has data that cannot be put in the public cloud,
perhaps for legal reasons.

Advantages Disadvantages

Any scenario or legacy application CapEx involved – principal cost is the

configuration is supported. procurement of the equipment.

You have control (and responsibility) To scale, you must buy, install, and set
over security. up new hardware.

https://portal.tutorialsdojo.com/ 21
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

Compliance or security requirements in Private clouds require IT skills and

your organization. expertise.

Hybrid Cloud

● Data and applications can move between private and public clouds.
● When there is a spike in demand in your private cloud, you can “burst through” to the public cloud
for additional computing resources.

Advantages Disadvantages

Maintain a private infrastructure for More expensive than selecting one

sensitive assets. deployment model since it involves
some CapEx cost upfront

Take advantage of the resources in the It can be more complicated to set up

public cloud when needed. and manage

With the ability to scale to the public cloud,

you pay for extra computing power only
when needed.

Allows you to use your own equipment to

meet the security and compliance
requirements in your organization.

https://portal.tutorialsdojo.com/ 22
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

DEEP DIVE

Azure Virtual Machines

Components of a Virtual Machine

1. When creating a virtual machine, you always start off by choosing a subscription and resource
group. A subscription is a container where you can provision Azure resources. Before you can
deploy resources, you also need to create a new resource group. This is a logical group to organize
and manage all your resources in your subscription.

2. After you have chosen the resource group, you configure the availability option of your virtual
machine. You can choose between the availability zone, availability set or no infrastructure
redundancy option. The option you selected here would determine the availability and resiliency of
your applications.

3. The image of your virtual machine contains the OS, settings, and other applications that you will use
in your server. In the Azure Marketplace, you can choose between images provided by Microsoft or
your own custom image

4. Once you have chosen the image of your virtual machine, select the type and size of your virtual
machine. This will determine the physical properties of your instance, such as vCPUs, RAM, disks,
and more.

5. During the creation of your virtual machine, you can also specify whether you'd like to launch it in a
spot instance or use another instance billing type (pay as you go or reserved).

6. To access your virtual machine, you will need to use a key pair. It is generated after you launch your
virtual machine. Make sure to secure your copy of your public key. Once you delete your public key,
you wouldn't be able to directly access your instance.

7. After you have configured the basic settings, you need to add storage for your virtual machine. The
disks that can be added are the operating system disk, data disk, and temporary disk. Encryption for
your disks is automatically configured.

8. You also need to configure which virtual network the virtual machine should be launched in. And
the network security group will serve as a firewall to your servers. It contains rules that allow or
deny network traffic coming to or from your firewall.

https://portal.tutorialsdojo.com/ 29
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

9. When you have configured the network settings of your virtual machines, you can also enable
monitoring, auto-shutdown, and backup in the management options.

10. In the advanced configuration option of your virtual machine, you can add extensions for
post-deployment configuration, custom and user data to execute certain commands while the
instance is being provisioned, and proximity placement group to enable you to group your resources
closer in the same region.

11. Lastly, you can add tags to easily identify and classify your resources.

12. Once you have reviewed the configuration of your instance, proceed with the launch. Wait for your
virtual machine to finish preparing itself, and you should be able to connect to it if there aren’t any
issues.

13. If you are having difficulties connecting to a virtual machine, you can try redeploying the VM to
move it to a new node in the Azure infrastructure. Don’t worry, all of the existing configurations in
the resource will still be there after completing the redeployment.

Types of Virtual Machines

1. General Purpose - provides a balanced CPU-to-memory ratio. This instance is ideal for testing,
development, and low to medium-traffic web servers. The B-series have burstable performance that
allows the VM to use the build-up credits when the application requires higher CPU performance.

2. Compute Optimized - designed to have a high CPU-to-memory ratio. Instances belonging to this
family are well suited for medium-traffic web servers, network appliances, batch processes,
analytics, application, and gaming servers.

3. Memory Optimized - offers a high memory-to-CPU ratio. Ideal for relational database servers,
medium to large caches, and in-memory analytics.

4. Storage Optimized - provides high disk throughput and IO. This VM size is ideal for SQL, NoSQL
databases, big data, data warehousing, and large transactional databases.

5. GPU - designed for compute-intensive, graphics-intensive, and visualization workloads. It is

available in single, multiple, or fractional GPUs.

6. High-performance compute - the HPC VM size is the most powerful and fastest CPU with high
throughput network interfaces. It is optimized for fluid dynamics, explicit and implicit finite element
analysis, weather modeling, seismic processing, reservoir simulation, and RTL simulation.

https://portal.tutorialsdojo.com/ 30
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

Virtual Machine Disks

The disks of a virtual machine are block-level storage volumes. This storage is managed by Azure and
mainly used for Azure VMs. With managed disks, all you have to do is specify the type and size of the
disk and provision it.

In Azure, there are three types of disk roles:

1. Operating system (OS) disk - in order for the virtual machine to operate, it must have an OS disk.
There are a variety of images that you can choose from in the Azure Marketplace. An example of
images that you can use are Windows Server, Ubuntu, Debian, RHEL, etc. There are two types of OS
disk:
a. Persistent OS disk - this type of disk supports all sizes of VM, and the data is preserved even
if you upgrade your OS disk and VM size.
b. Ephemeral OS disk - use ephemeral OS disks if you need lower read/write latency and faster
VM reimage. This type of disk is ideal for stateless applications, and it can be stored on VM
cache or VM temp/resource disk if sufficient space is available.

2. Data disk - this disk is also managed by Azure, and you can store your application data or any other
data that you need to keep. Before you use a data disk, there are two options that you can select:
a. Create and attach a new disk - you have the option to create the new disk from a snapshot,
storage blob, or an empty disk.
b. Attach an existing disk - allows you to add the disks you’ve already created. It’s also
important to know that the number of data disks that you can attach will depend on the size
of your VM.

3. Temporary disk - provides you short-term storage to store pages and swap files. Take note that the
data on this disk may be lost when you redeploy a VM or during a maintenance event. Also, to
configure a server-side encryption on this disk, you need to enable encryption at host.

The available disks that you can choose from are:

1. Ultra Disk - ideal for IO-intensive workloads, top-tier databases, and other transaction-heavy
workloads. This storage has the highest disk size, throughput, and IOPS.
2. Premium SSD - designed for production and performance-sensitive workloads.
3. Standard SSD - used for web servers and dev/test environments.
4. Standard HDD - ideal for backup, non-critical data, and infrequent access.

https://portal.tutorialsdojo.com/ 31
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

Detai Standar Standar Premium SSD Ultra Disk

l d HDD d SSD

Disk HDD SSD SSD SSD

type

Scen Backup, Web Production IO-intensive

ario non-crit servers, and workloads, top
ical, and performance tier databases,
infrequ light sensitive and other
ent applicat workloads transaction-he
access ions of avy workloads
enterpri
se

Max 32,767 32,767 32,767 GiB 65,536 GiB

Disk GiB GiB
Size

Max 500 750 900 MB/s 2,000 MB/s

Thro MB/s MB/s
ughp
ut

Max 2,000 6,000 20,000 160,000

IOPS

It’s also very important to understand how you can secure your data inside your virtual machine disks.
Let’s now take a look at disk encryption, Azure managed disks supports three types of encryption:
1. Server Side Encryption (SSE) - the data stored on managed disks are automatically encrypted at
rest by default when persisting it to the cloud.
a. Platform-managed keys - the keys are managed by Azure. The data, images, and snapshots
written to an existing managed disks are automatically encrypted-at-rest.
b. Customer-managed keys - since you are providing your own keys, you also manage the level
of encryption on each managed disk. To manage your own keys, you can use Azure Key
Vault. This service enables you to import your own RSA keys or generate a new ones.

2. Azure Disk Encryption (ADE) - provides volume encryption on both OS and data disks of Azure VMs.
The encryption for Windows is done using BitLocker. On the other hand, the encryption for Linux is
done using DM-Crypt.

https://portal.tutorialsdojo.com/ 32
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

3. Encryption at host - this type of encryption is different from SSE. The encryption of data is provided
by the server hosting your virtual machine and the encrypted data flows into the Azure Storage
service.

Encry Temp Encry Encry Cust Encry

ption Disk ption pted omer ption
at Encry of Data Keys Statu
rest ption Cach Flow s
es s

Encryption ✓ - - - - Unhe
at rest with althy
PMK

Encryption ✓ - - - ✓ Unhe
at rest with althy
CMK

Azure Disk ✓ ✓ ✓ ✓ ✓ Healt

Encryption hy

Encryption ✓ ✓ ✓ ✓ ✓ Unhe
at Host althy

Note:
● The encrypted data flows are between Compute and Storage service.
● The disk encryption status is labeled by Azure Security Center.

When creating a copy of your managed disks, there are comparisons between images and snapshots.
As discussed earlier in data disks, snapshots allow you to create a point in time recovery. But how is it
different from images?

Let's look at the differences between the two:

1. Snapshots - a full, read-only copy of your virtual hard drive. It can be taken at any point in time. The
existence of a managed disk snapshot is independent of the source disk. This means that it applies
only to one disk. You can also use snapshots to create a new disk and attach it to a virtual machine.
2. Images - contain all the managed disks associated with the virtual machine. The created image can
be used to launch hundreds of virtual machines without managing any storage accounts.

https://portal.tutorialsdojo.com/ 33
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

To conclude the comparison, a snapshot is only aware of the disk that it contains. For scenarios that
require the coordination of multiple disks, like striping, snapshot wouldn’t be able to meet this
requirement. Therefore, this is where you would want to use custom images.

When talking about how the virtual machine handles unexpected disk traffic, Azure offers a feature
called bursting. This will grant the virtual machine and disk the ability to boost the IOPS and MB/s
performance for a period of time. In other words, it will allow you to get more use out of your disk and
also helps you avoid upgrading the disk just to accommodate traffic spikes. The bursting on virtual
machines and disks are independent from one another. So if you need to burst the disk performance,
you don't need to burst the virtual machine. Bursting is enabled by default for both virtual machine and
disk.

The following resources support bursting:

1. Burstable Virtual Machines:
a. General Purpose: B, Dsv3, Dasv4, Ddsv4, and Dsv4 series
b. Compute Optimized: Fsv2 series
c. Memory Optimized: Esv3, Easv4, Edsv4, and Esv4 series
d. Storage Optimized: Lsv2 series
2. Burstable Disk:
a. Premium SSD
b. Standard SSD

Payment options for Virtual Machines

Azure provides you with a variety of options to pay for compute capacity. Here are the following payment
options:
1. Pay as you go - you are billed on a per-second basis. You can start or stop anytime, and you only
pay for what you use. This payment option is ideal for users who prefer flexibility or have
unpredictable workloads that cannot be interrupted.
2. Reserved Instance - you get up to 72 percent price savings compared to pay-as-you-go, but in
return, you need to pay the upfront cost and be committed for one or three years in a specified
region. There are three options to scope a reservation:
a. Single resource group - the reservation discount applies solely to the corresponding
resources in the resource group you've chosen. Keep in mind that discounts will not be
applied if the resource group is moved or deleted.
b. Single subscription - the reservation discount applies only to the corresponding resources
in the subscription you've selected.
c. Shared - the reservation discount is applied to the corresponding resources in eligible
subscriptions within the billing context. If the subscription is moved to a different billing

https://portal.tutorialsdojo.com/ 34
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

context, the discounts no longer apply to that subscription but will continue to apply to the
remaining subscriptions in the billing context.
i. The billing context for Enterprise Agreement customers is enrollment. In an
enrollment, the reservation shared scope contains multiple Active Directory tenants.
ii. The billing scope for Microsoft Customer Agreement customers is billing profile.
iii. The billing scope for individual subscriptions with pay-as-you-go rates is all eligible
subscriptions.
After purchasing a reservation, you can always update the scope. Go to the reservation, click
Configuration, and then rescope the reservation. Rescoping a reservation won't change the
reservation term.

3. Spot - save up to 90 percent when you purchase unused compute capacity. This is only ideal for
workloads that can tolerate interruptions. Discounts may vary based on:
a. Region
b. Virtual machine type
c. Compute capacity

Since Azure Spot Virtual Machines are unused capacity, at any point in time, Azure infrastructure can
evict Spot VMs with 30 seconds notice. Eviction is based on the capacity or the max price you've set.
When creating a Spot VMs, you can set the eviction policy to Deallocate (default) or Delete.

The Deallocate policy moves your virtual machine to the stopped-deallocated state, allowing you to
redeploy it later. However, there is no assurance that the allocation will be successful. Your quota will be
depleted by the deallocated VMs, and you will be charged for the underlying disks.

If you want your virtual machines to be deleted when it is evicted, you can set the eviction policy to
Delete. The underlying disks are also deleted, so you won't be charged for the storage. In the portal, you
can look up the eviction rates by size in a certain region. Go to View pricing history and compare prices
in nearby regions to see a table or graph of pricing for a specific size.

Availability Options for Virtual Machines

There are two ways to manage the availability and resiliency of your applications in a virtual machine:
1. Availability zones - to protect your resources from an entire data center failure, you need to deploy
the VMs to a minimum of three Availability Zones to ensure resiliency. Azure services that support
Availability Zones are classified into two types:
a. Zonal services - resources are pinned to a specific Availability Zone.
Examples: Virtual machines, Managed disks, Standard IP addresses
b. Zone-redundant services - replicate resources automatically across Availability Zones to
protect from single points of failure.

https://portal.tutorialsdojo.com/ 35
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

Examples: Zone-redundant storage, SQL Database

2. Availability sets - to protect from hardware failures within a data center, you can deploy the virtual
machine to an availability set. Each VM in an availability set is assigned to an update domain and
fault domain. This option ensures that at least one is available during planned or unplanned
maintenance events.
a. Update domains (planned maintenance)
i. A logical group of virtual machines that can undergo maintenance at the same time.
By default, it has five non-user-configurable update domains. It can be increased up
to 20 update domains and given 30 minutes to recover before maintenance is
initiated on a different update domain.
b. Fault domains (unplanned maintenance)
i. A logical group of virtual machines that share a common power source and network
switch. By default, VMs within an availability set are separated up to three fault
domains.

Virtual Machine Scale Sets

When you need to improve the performance of your applications and also provide redundancy, you
should scale your resources horizontally. Horizontal scaling means you are adding more servers to the
system. By doing this, the workload will be distributed across multiple resources and accommodate the
increasing demand. Take note that this type of scaling is different from vertical scaling. When you say
scale vertically, you are increasing or decreasing the resources of a single server instead of adding new
servers to the system.

The horizontal scaling service in Azure is called virtual machine scale sets. A VM scale set allows you to
create and manage a group of load-balanced VMs. Since the workload is distributed, if one VM fails, you
can still continue to access your application through other VMs with minimal interruption. You can also
distribute VMs in a scale set within a single data center or across various data centers. This service
supports both layer 4 basic traffic distribution and layer 7 advanced traffic distribution and TLS
termination.

Virtual Machine Scale Sets provide the following key benefits:

● By creating scaling policies, you can automatically add or remove virtual machines based on host
metrics. A host metric provides you visibility into the performance of the virtual machines in a scale
set without the need to install and configure agents. An example of host metrics can be CPU
Utilization, Network In, and many more.
● You can create health checks and set a repair policy to automatically replace unhealthy virtual
machines. Unhealthy instances are reported by Application Health extension or Load Balancer
health probes.

https://portal.tutorialsdojo.com/ 36
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

● You can associate virtual machine scale sets with a load balancer. This will allow you to distribute
virtual machines across Availability Zones. By implementing this practice, you can make your
application redundant and highly available.
● Lastly, virtual machine scale sets allow you to scale hundreds or even thousands of virtual
machines.

Now that we know scale sets can be associated with load balancers, this will help us implement one of
the best practices on architecting in the cloud by evenly distributing the virtual machines across
different Availability Zones. The main reason why you need to configure it with a load balancer is to give
you high availability. An application that can run continuously even if one of the virtual machines fails.
Aside from distributing the load across AZs, one of the added benefits is you can use Load Balancer
health probes for more robust health checks.

When associating scale sets with a load balancer, you have two options:
1. Azure Application Gateway - is an HTTP/HTTPs web traffic load balancer that has the capability to
do the following: URL-based routing, SSL termination, session persistence, and web application
firewall.
2. Azure Load Balancer - a TCP/UDP network traffic load balancer that supports port forwarding and
outbound flows.

After going through load balancing, let’s now talk about the scaling policy and how it works. A scaling
policy can determine when a virtual machine should be added or removed to meet the current capacity
requirements of your application. When you create a virtual machine scale set, you would see this
configuration in the portal.

https://portal.tutorialsdojo.com/ 37
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

These configurations can only be seen if you select the custom scaling policy option. The first thing that
you can set is the number of instances. But let’s focus on the remaining two options, the scaling out and
the scaling in. Scale out is when you need to add virtual machines to the scale set to increase the
current capacity. In order to scale out, you should input certain values on the following fields:
● CPU threshold - is the CPU usage percentage threshold on when to trigger the scale out rule.
● Duration in minutes - is the amount of time that the autoscale will check the threshold again.
● Number of instances to increase by - this will determine how many virtual machines should be
added when the scale out rule is triggered.

On the other hand, the scale in rule is when should the scale sets remove a virtual machine in order to
decrease the capacity. Unlike scale out, you only need to input two values in the scale in fields. After you
create a virtual machine scale set, you will see a lot of options available that you can configure in the
scaling policy.

https://portal.tutorialsdojo.com/ 38
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

As seen in the image above, you can still configure other options in order to meet certain requirements
on when to scale your virtual machines. Here are the options that you can customize:
1. Metric Name - allows you to set the metric that will be collected to your virtual machine. Some of
the metrics that you can choose from are:
○ Percentage CPU

https://portal.tutorialsdojo.com/ 39
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

○ Network In or Out
○ Disk Read or Write Bytes
○ Disk Read or Write Operations/Sec
○ CPU Credits Consumed or Remaining
2. Aggregates - it is how you want to collect the data. For example, TimeAggregation = “Sum” will
aggregate the sampled metrics by taking the sum. The methods that you can select from are:
○ Average
○ Minimum
○ Maximum
○ Sum
○ Last
○ Count
3. Operators - this will determine when to trigger scale action.
○ Greater than
○ Greater than or equal to
○ Less than
○ Less than or equal to
○ Equal to
○ Not equal to
4. Actions - what should the scaling policy do after it is triggered.
○ Increase count by
○ Increase percent by
○ Increase count to
○ Decrease count by
○ Decrease percent by
○ Decrease count to

If you want to collect more information based on different metrics, you need to install the following:
● App Insights - when you want to collect application metrics such as page load performance and
session counts, you can install app insights in your application, and it will monitor your app and
send telemetry to Azure.
● Azure Diagnostic Extension - when you want detailed Host-based metrics, you can install this
extension. This agent will run inside your virtual machine. It will monitor and save performance
metrics to an Azure storage service to collect more detailed information.

https://portal.tutorialsdojo.com/ 40
 Tutorials Dojo Study Guide - AZ-104 Microsoft Azure Administrator
by Jon Bonso and Gerome Pagatpatan

There are also other options that you can configure when creating a virtual machine scale set:
1. Scale-In Policy - allows you to specify the order in which virtual machines are deleted during a
scale-in operation. The options that you can select from are:
a. Default
■ Balance across availability zones and fault domains
■ Deletes the VM with the highest instance ID
b. Newest VM
■ Balance across availability zones
■ Deletes the newest created virtual machine
c. Oldest VM
■ Balance across availability zones
■ Deletes the oldest created virtual machine
2. Update Policy - allows you to set how you can upgrade your virtual machines to the latest scale set
model.
a. Automatic - upgrades will start immediately in random order.
b. Manual - the existing virtual machines must be manually upgraded.
c. Rolling - upgrades are rolled out in batches with the option to pause.
3. Automatic OS Upgrades - by enabling this option, the upgrades on the OS disk will be done
automatically for all virtual machines.
4. Health Monitoring - helps you determine if your resources are healthy or unhealthy. There are two
modes that you can select:
a. Application Health Extension - pings an HTTP/HTTPs request with a specific path and
returns an HTTP status.
b. Load Balancer Probe - checks are done through TCP/UDP or HTTP/HTTPs requests. You
can only select this option if you have an associated load balancer.
5. Automatic Repair Policy - automatically replace unhealthy virtual machines with a new one.
6. Allocation Policy - allows you to scale beyond 100 instances (default).

https://portal.tutorialsdojo.com/ 41