2178-2023620250-AZ305T00A01

pptx

School

Brilliant Institute Of Engineering & Technology *

*We aren’t endorsed by this school

Course

104

Subject

Information Systems

Date

Nov 24, 2024

Type

pptx

Pages

28

Uploaded by HighnessGoldfinch825

Report
© Copyright Microsoft Corporation. All rights reserved. AZ-305T00A Designing Microsoft Azure Infrastructure Solutions
© Copyright Microsoft Corporation. All rights reserved. Design a governance solution
© Copyright Microsoft Corporation. All rights reserved. Introduction Design for governance Design for management groups Design for Azure subscriptions Design for resource groups Design for resource tagging Design for Azure Policy and RBAC Design with Azure Blueprints Design for Azure Landing Zones Case study Summary and resources AZ-305: Design Identity, Governance, and Monitoring Solutions (25-30%) Design Governance Recommend an organizational and hierarchical structure for Azure resources Recommend a solution for enforcing and auditing compliance
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
© Copyright Microsoft Corporation. All rights reserved. Design for governance
© Copyright Microsoft Corporation. All rights reserved. Govern resources in Azure Governance provides mechanisms and processes to maintain control over your applications and resources in Azure. Determine your requirements, plan your initiatives, and set strategic priorities Plan for governance at every level Management groups Subscriptions Resource groups Resources Tenant root group Manageme nt groups Subscriptio ns Resource groups Resources
© Copyright Microsoft Corporation. All rights reserved. Design for management groups
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
© Copyright Microsoft Corporation. All rights reserved. Plan your management groups Management groups manage access, policy, and compliance for multiple subscriptions. Keep the management group hierarchy reasonably flat Consider a top-level management group Consider an organizational or departmental structure Consider a geographical structure Consider a production management group Consider a sandbox management group Consider isolating sensitive information in a separate management group Tenant root group Tailwinds Sales Corporate IT Production
© Copyright Microsoft Corporation. All rights reserved. Design for Azure subscriptions
© Copyright Microsoft Corporation. All rights reserved. Designing for multiple subscriptions Azure subscription are logical containers for management and billing. Align your subscriptions with business needs and priorities – consider billing and cost reporting Consider subscription scale limits – specialized workloads, IoT, SAP Consider administrative management – centralized or decentralized Consider a dedicated shared services subscription – common services everyone shares Group subscriptions together under management groups – apply common policies and role assignments. Make subscription owners aware of their roles and responsibilities
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
© Copyright Microsoft Corporation. All rights reserved. When to use subscriptions - example Secure workloads that require additional policies and role-based access control to achieve compliance Specialized workloads and the need to scale outside the subscription limits Manage and track costs for your organizational structure Identify different environments such as development, test, and production that are often isolated from a management perspective Productio n Tenant root group Tailwinds Corporat e IT R&D Legal HR App2 App1 Shared
© Copyright Microsoft Corporation. All rights reserved. Design for resource groups
© Copyright Microsoft Corporation. All rights reserved. Plan your resource groups A resource group is a container that holds related resources for an Azure solution. RG 1 RG 1 RG 2 RG 3 Subscription A Subscription A Single resource group Multiple resource groups Group resources that share the same life cycle Group by type, app, department, location, or billing Apply RBAC and policies to a group of resources Use resource locks to protect individual resources from deletion or change
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
© Copyright Microsoft Corporation. All rights reserved. Design for resource tagging
© Copyright Microsoft Corporation. All rights reserved. Plan your resource tagging Resource tagging can be business-aligned or IT-aligned Consider your organization’s taxonomy Determine the reason for the tagging - functional, classification, accounting, partnership, or purpose Start with a few tags (mission- critical resources) and then scale out Policies could be used to apply tags and enforce tagging rules and conventions - mimic inheritance Productio n Tenant root group Tailwinds Corporat e IT R&D Legal HR App2 App1 Shared Classificatio n : Internal, NDA Product : App1, App2, Shared
© Copyright Microsoft Corporation. All rights reserved. Design for Azure Policy and RBAC
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
© Copyright Microsoft Corporation. All rights reserved. When to use Azure Policy Azure Policy helps to enforce organizational standards and to assess compliance at- scale. Production App2 App1 Virtual machines limited to certain SKUs Enforce product tag and value Deploy only in certain locations – different for each app Enable auditing and logging for SQL apps Large number of built-in policies and you can create custom policies Examples Allow only certain virtual machines sizes for your project Ensure all resources are correctly tagged – if not, apply the tag Recommend system updates on your servers Enable multifactor authentication for all subscription accounts
© Copyright Microsoft Corporation. All rights reserved. Considerations for Azure Policy Apply policy at the highest scope possible Know when policies are evaluated Decide what to do if a resource is non-compliant Consider when to automatically remediate non-compliant resources Use the Azure policy compliance dashboard for auditing and review Effectively combine Azure policy with RBAC (next slide)
© Copyright Microsoft Corporation. All rights reserved. Design for Azure role-based access control (RBAC) Azure RBAC allows you to grant access to Azure resources that you control. Only grant users the access they need Assign at the highest scope level that meets the requirements Assign roles to groups, not users Know when to create a custom role Consider what happens if you have overlapping role assignments
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
© Copyright Microsoft Corporation. All rights reserved. When to combine Azure Policy and Azure RBAC Azure Admin Deploy cloud resource Does the Admin have the necessary rights? Is a restricting policy defined? Cloud resource No Yes RBAC Azure Policy Cloud resource No Deny Cloud resource Yes RBAC examples Does the Admin have the right to deploy? Does the Admin have the right to deploy this resource type? Does the Admin have the right to deploy this resource group? Policy examples Is the region restricted? Is the resource type restricted? Should a tag be applied?
© Copyright Microsoft Corporation. All rights reserved. Design for Azure Blueprints
© Copyright Microsoft Corporation. All rights reserved. Design with Azure Blueprints Azure Blueprints lets you define a repeatable set of governance tools and standard Azure resources that your organization requires. Role-based access control ARM templates Policy definitions Resource groups Blueprints definition Blueprints assignmen t Subscription A Subscription B Subscription C Compose Manage Scale
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
© Copyright Microsoft Corporation. All rights reserved. Design for Landing Zones
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
© Copyright Microsoft Corporation. All rights reserved. Implement Landing Zones A landing zone provides an infrastructure environment for hosting your workloads. Implements key foundational principles of governance, security, networking, management, and identity Pre-provisions the environment through code Good for both migrations and green field situations You can transition existing architectures Part of the Cloud Adoption Framework Ready phase
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
© Copyright Microsoft Corporation. All rights reserved. Case Studies and Review
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
© Copyright Microsoft Corporation. All rights reserved. Case study – Cost and accounting Tailwind Traders has two main business units that handle Apparel, and Sporting Goods. Each of the business units consist of three departments: Product Development, Marketing, and Sales. Each business unit and subunit will be responsible for tracking their Azure spend. The Enterprise IT team will be responsible for providing company-wide Azure cost reporting. What are different ways Tailwind Traders could organize their subscriptions and management groups. Which would be the best to meet their requirements? Design two alternative hierarchies and explain your decision-making process.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
© Copyright Microsoft Corporation. All rights reserved. Case study – New development project The company has a new development project for customer feedback. The CFO wants to ensure all costs associated with the project are captured. For the testing phase workloads should be hosted on lower cost virtual machines. The virtual machines should be named to indicate they are part of the project. Any instances of non-compliance with resource consistency rules should be automatically identified. What are the different way Tailwind Traders could track costs for the new development project? How are you ensuring compliance with the requirements for virtual machine sizing and naming? Propose at least two ways of meeting the requirements. Explain your final decision.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
© Copyright Microsoft Corporation. All rights reserved. Summary and resources Check your knowledge Microsoft Learn Modules (docs.microsoft.com/Learn) Control and organize Azure resources with Azure Resource Manager Describe core Azure architectural components Build a cloud governance strategy on Azure Introduction to enterprise-scale landing zones in the Microsoft Clou d Adoption Framework for Azure Choose the best Azure landing zone to support your requirements f or cloud operations Optional hands-on exercise - List access using Azure RBAC and the Azure portal
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
© Copyright Microsoft Corporation. All rights reserved. End of presentation
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Administracion de empresas de servicios Puntos extra 2 autocalificable_ Revisión del intento.pdf
687116385-Estadistica-Examen-Final-Estadistica.pdf
Management plans.docx
HCD402 – Human Centered Design.pptx
HI5019 Final Assessment.docx
SPN 1121 Extended Writing Homework Set 5.docx
C838 (2).pdf
How to Use Secure Access Software Programming for conducting digital investigations.docx
BSBOPS502 Assessment 2.docx
_wgu_course_c838___managing_cloud_security_exam-280.pdf
Hands-on Assignment 7.docx
Screenshot 2023-12-25 8.25.20 PM.png