AZ-900 Microsoft Azure Fundamentals Exam

Differentiate Between Storage Tiers

Azure Storage provides different storage tiers to help you manage costs and performance based on how often your data is accessed. These tiers include Hot, Cool, and Archive, each designed for different use cases. Understanding these tiers is essential for optimizing storage costs and ensuring efficient data management. Each tier has different pricing, performance, and minimum retention periods.

The Hot tier is designed for data that is frequently accessed. It has the highest storage costs but the lowest access costs. This tier is ideal for active data that is regularly read and written. The Cool tier is for data that is infrequently accessed but still needs to be readily available. It has lower storage costs than the hot tier but higher access costs. This tier is suitable for data that is accessed less often, such as backups or older project files.

The Archive tier is for data that is rarely accessed and has the lowest storage costs but the highest access costs and latency. Data in the archive tier is considered offline and must be rehydrated to an online tier (hot or cool) before it can be read or modified. This tier is best for long-term backups, compliance data, and other data that is rarely needed. Data must remain in the archive tier for a minimum of 180 days to avoid early deletion charges.

Moving data between tiers can incur costs, especially if done before the minimum retention period for a tier has passed. For example, if a blob is moved to the cool tier and then deleted or moved to another tier before 30 days, an early deletion fee will be charged. Similarly, the archive tier has a minimum retention period of 180 days. Early deletion fees are prorated based on the number of days remaining in the minimum retention period.

When moving data to the archive tier, it's important to note that while the metadata of the archived blob remains available for read access, the blob itself cannot be read or modified until it is rehydrated. Rehydration can take up to 15 hours, depending on the priority specified. Rehydration can be done by either copying the blob to an online tier or changing the blob's tier.

In summary, choosing the right storage tier is essential for cost optimization and performance. The hot tier is for frequently accessed data, the cool tier for infrequently accessed data, and the archive tier for rarely accessed data. Understanding the cost implications, minimum retention periods, and rehydration processes is crucial for effective Azure storage management.

Evaluate Data Redundancy Options

Azure offers several data redundancy options to ensure your data is durable and available, even in the event of failures. These options include Locally Redundant Storage (LRS), Zone-Redundant Storage (ZRS), Geo-Redundant Storage (GRS), and Read-Access Geo-Redundant Storage (RA-GRS). Each option provides a different level of protection and has different cost implications. Understanding these options is crucial for choosing the right storage solution for your needs.

Locally Redundant Storage (LRS)

LRS is the simplest and least expensive redundancy option. With LRS, your data is replicated three times within a single data center. This option protects against hardware failures within the data center, but it does not protect against data center-wide failures. LRS is suitable for scenarios where data loss is acceptable and cost is a primary concern.

Zone-Redundant Storage (ZRS)

ZRS provides higher availability than LRS by replicating your data across three availability zones within a single region. Availability zones are physically separate locations within an Azure region. This option protects against data center failures and provides better availability than LRS. ZRS is a good choice for applications that require higher availability and can tolerate some data loss.

Geo-Redundant Storage (GRS)

GRS replicates your data to a secondary region that is geographically distant from the primary region. This option provides the highest level of data durability and protects against regional outages. With GRS, your data is replicated three times within the primary region and then asynchronously replicated to a secondary region. GRS is ideal for critical applications that require the highest level of data protection.

Read-Access Geo-Redundant Storage (RA-GRS)

RA-GRS is similar to GRS, but it also provides read access to the data in the secondary region. This option allows you to access your data even if the primary region is unavailable. RA-GRS is suitable for applications that require high availability and read access to data in the secondary region. It is important to note that while you can read from the secondary region, writes are still only done in the primary region.

Backup Vaults and Redundancy

Azure Backup vaults also offer redundancy options. When creating a backup vault, you can choose the storage redundancy that matches your business needs. This includes options for geo, zonal, and local redundancy. The choice of redundancy impacts the cost of backup storage, with geo-redundant storage being the most expensive. It is important to consider the cost implications of each redundancy option when planning your backup strategy.

Examine Azure Storage Services

Azure offers several storage services, each designed for different needs. Understanding these services is crucial for effective cloud solutions. The main services include Blob Storage, File Storage, Queue Storage, and Table Storage. Each has unique features, use cases, and limitations.

Blob Storage

Blob Storage is designed for storing large amounts of unstructured data, such as text or binary data. It's ideal for storing images, videos, and backups. Data is stored as blobs, which can be accessed via HTTP or HTTPS. Blob storage is highly scalable and can handle massive amounts of data. It also supports different access tiers like hot, cool, and archive, allowing for cost optimization based on access frequency.

File Storage

File Storage provides fully managed file shares in the cloud that are accessible via the Server Message Block (SMB) protocol. This makes it easy to migrate existing applications that rely on file shares to Azure. It's suitable for scenarios where multiple virtual machines need to share files. Azure File Storage supports both standard and premium tiers, offering flexibility in performance and cost.

Queue Storage

Queue Storage is a service for storing large numbers of messages. It's used for creating asynchronous communication between application components. Queues provide a reliable way to pass messages between different parts of an application, ensuring that tasks are completed even if some components are temporarily unavailable. This service is often used in cloud applications to decouple components and improve scalability.

Table Storage

Table Storage is a NoSQL key-value store for storing structured data. It's designed for storing large amounts of non-relational data. Data is stored in tables, which are collections of entities. Each entity is a set of properties, and each property is a name-value pair. Table Storage is highly scalable and cost-effective for storing structured data that doesn't require complex relationships.

Analyze Security and Management Features

Azure provides several security and management features for storage accounts to ensure data integrity and cost optimization. These features include options for data redundancy, encryption, access control, and monitoring. Understanding these features is crucial for maintaining a secure and efficient cloud storage environment.

Data Redundancy and Disaster Recovery

Azure Storage maintains multiple copies of your data to protect against various failures. Redundancy ensures your data is available even during hardware failures, power outages, or natural disasters. Options include Locally Redundant Storage (LRS), which keeps three copies within a single facility, and Zone-Redundant Storage (ZRS), which replicates data across multiple facilities within a region. For higher durability, Geo-Redundant Storage (GRS) maintains six copies, with three in the primary region and three in a secondary region. In the event of a data center failure, you can initiate an unplanned failover to the secondary region if your storage account is configured for geo-redundancy.

Encryption and Key Management

Data encryption is a critical aspect of Azure storage security. Azure encrypts all newly created databases by default, using a built-in server certificate. For more control, customers can manage encryption keys using Azure Key Vault. This service allows you to take ownership of key management and rotation, using tightly monitored hardware security modules (HSMs). Transparent Data Encryption (TDE) encrypts data at rest, while Always Encrypted protects sensitive data in specific database columns, ensuring that even privileged users cannot access it without the encryption key.

Access Control and Data Protection

Azure offers granular access control through Azure role-based access control (Azure RBAC), allowing you to assign specific permissions to users for managed disks. This ensures that users only have access to the operations they need to perform their job. Additionally, Dynamic Data Masking limits sensitive data exposure by masking it to non-privileged users. This feature automatically discovers potentially sensitive data and provides recommendations to mask these fields, enhancing data protection.

Monitoring and Threat Protection

Azure provides tools for monitoring and threat protection to maintain the security of your storage accounts. Vulnerability Assessment helps discover, track, and remediate potential database vulnerabilities. Data Discovery and Classification helps identify and label sensitive data, which is crucial for meeting data privacy standards and regulatory compliance. SQL Auditing tracks database activities, while Advanced Threat Protection analyzes logs to detect unusual behavior and potential threats, providing alerts for suspicious activities.

Cost Management

Managing costs is an important aspect of Azure storage. Lifecycle management can be used to delete older snapshots to control costs. When copying data to a second storage account, be aware of capacity, transaction, and egress charges, especially if the second account is in a different region. Azure Backup provides a cloud-based solution for protecting data in managed disks, automating the creation of snapshots and retaining them for a configured duration.

Identify Azure Storage Account Types

Azure Storage accounts provide a unique namespace for your data in Azure. Every object you store has an address that includes your account name. The combination of the account name and the Blob Storage endpoint forms the base address for your stored objects. There are different types of storage accounts, each designed for specific use cases. Understanding these types is crucial for efficient data management.

General-purpose v1 and v2 Accounts

General-purpose v1 accounts are the original type of storage account, supporting blobs, tables, queues, and files. However, they are not recommended for new applications due to their limitations. General-purpose v2 accounts are the recommended type for most scenarios. They support all the same services as v1 accounts but offer lower transaction costs and improved performance. These accounts are suitable for a wide range of applications, including web applications, mobile apps, and data analytics.

Blob Storage Accounts

Blob storage accounts are specialized for storing unstructured data, such as text or binary data. They are optimized for storing massive amounts of data and are ideal for scenarios like storing images, videos, and backups. Blob storage accounts support three types of blobs: block blobs, append blobs, and page blobs. Each type is designed for different use cases.

Blob Types

Block blobs are used for storing text and binary data and are made up of blocks that can be managed individually. They are suitable for storing documents, media files, and application installers. Append blobs are also made up of blocks but are optimized for append operations, making them ideal for logging data from virtual machines. Page blobs store random access files up to 8 TiB in size and are primarily used for virtual hard drive (VHD) files that serve as disks for Azure virtual machines.

Storage Account Endpoints

Each storage account has a unique endpoint that is used to access the data. The default endpoint for Blob Storage is https://<storage-account-name>.blob.core.windows.net. Azure also supports Azure DNS zone endpoints, which dynamically select an Azure DNS zone and assign it to the storage account. These endpoints are formatted as https://<storage-account-name>.z[00-99].blob.storage.azure.net. Understanding these endpoints is essential for connecting to your storage account programmatically.

Conclusion

In summary, Azure offers various storage account types to cater to different needs. General-purpose v2 accounts are versatile and suitable for most applications, while blob storage accounts are optimized for unstructured data. Within blob storage, different blob types like block, append, and page blobs provide further flexibility. Choosing the right storage account type and blob type is crucial for optimizing performance and cost.

Conclusion

This section covered key aspects of Azure storage, including storage tiers, redundancy options, storage services, security features, and account types. Understanding the differences between Hot, Cool, and Archive storage tiers is crucial for cost optimization. Data redundancy options like LRS, ZRS, GRS, and RA-GRS ensure data durability and availability. Azure storage services such as Blob, File, Queue, and Table Storage cater to different data needs. Security features like encryption and access control protect data, while monitoring tools help maintain a secure environment. Finally, understanding the different storage account types, including general-purpose and blob storage accounts, is essential for efficient data management.