Azure 70-532 Revision Day 4

Ensure no interruption in services when Azure maintenance task completed

Place web server VMs into single availability group. – This instruct Azure at least one VM should available at all times

Place database server VMs into separate availability group.

Ensure incoming internet web requests are shared equally between VMs and at least one VM is online at all times

  1. Add VMs into single availability group. – Ensure VMs are placed in different maintenance and fault domains
  2. Create a new public load balancer. – Handle traffic from public internet
  3. Create a back-end address pool in the new load balancer that includes all VMs. – define the VMs that traffic will be balanced between
  4. Create a health probe in the new load balancer. – define how the VMs are polled to check their responsiveness
  5. Create a load balancing rule in the new load balancer. – define details of traffic distribution
  6. Create a Network Address Translation rule for each of the VMs. – define internal IP address for each VM

Windows Server roles currently supported by Azure

  • Active Directory Domain Services
  • Active Directory Federation Services
  • Domain Name System (DHCP)

De-provision image before upload to Azure

Linux virtual server – execute waagent tool

Windows virtual server, execute sysprep.exe tool

Implement Desire State Configuration for Azure IaaS

  1. New-AzureVMConfigcreate VM config
  2. Add-AzureProvisioningConfig additional config elements such as username and password.
  3. Set-AzureVMDSCExtensionenable Desire Configuration State extension. ConfigurationArchive parameter set to .zip file which contains the script to execute the configuration settings

VM can open and execute scripts stored in multiple storage accounts that already used by other applications

Generate shared access signature for each blob – A shared access signature can be one-time or multi-use key that enables one or more applications to access the secured blob

Minimize potential data loss due to disk failures

Create multiple VHD in LRS (locally-redundant storage), and the configure as single storage based volume. – Azure will separate the disks into different update and fault domains, ensuring disk availability in event of outage or planned recycle.

ZRS (zero-redundant storage) does not support page blobs, unsuitable for VHD storage.

Provision VM and assign availability set

  • From Azure Management Portal, select From Gallery
  • Run New-AzureQuickVM cmdlet


Azure 70-532 Revision Day 2

Check Service Availability

Endpoint monitoring allow configure HTTP or HTTPS URLs that can be monitored from up to 3 different geographic locations.

Capture runtime application errors

Application logging – incudes application level logging either to file system, table storage, or blog storage.

Deploy Azure WebJob package and configure to execute daily

  1. Get-AzureWebSiteobtain reference to site
  2. New-AzureWebSiteJobdeploy the zip file containing WebJob package
  3. New-AzureSchedulerJobCollectioncreate collection of Azure WebJobs
  4. New -AzureSchedulerHttpJobschedule WebJob has HTTP actions
  5. Interval 1-Frequency Daydaily

Implement administrative monitoring for VM high CPU usage

Alert rule – can be configured to send email  and to trigger disc activity read/write, network send/receive, and CPU thresholds.

Setting up Azure Traffic Manager

  1. New-AzureTrafficManagerProfileCreate a profile which provides parameters for domain to be managed and LoadBalancingMethod to be used.
  2. Add-AzureTrafficManagerEndPoint – adding endpoints to direct traffic to
  3. Set-AzureTrafficManagerProfileapplies settings in profile and activates profile.

Entity framework class for connection resiliency strategy

DbConfiguration class has a SetExecutionStrategy method that enables control over retry logic via IDBExecutionStrategy Interface.

Configure logging operations for storage service

Set-AzureStorageServiceLoggingProperty configures logging operations for storage service.

  • Service Type
    • Blob
    • Table
    • Queue
    • File
  • LoggingOperations
    • None
    • Read
    • Write
    • Delete
    • All

External identity provider

Create Access Control namespace. – Azure app uses Access Control Service (ACS) to authenticate users using token provided by external identity provider (e.g: Google, Facebook) or from other identity providers such as Active Directory Federation Services (AD FS).

Add WS-Federation identity providers custom identity providers that support the WS-Federation protocol

Add cloud service web role as a relying party application – relies on identity provider to authenticate users.