This is the first of six preparation courses for the Architecting Microsoft Azure Solutions 70-534 certification exam. By the end of this course, you will have gained a solid understanding of Azure data center and VPN architecture. We will cover Azure’s use of Global Foundation Services for its data centers, virtual networks, Azure Compute (IaaS, virtual machines, fault domains), VPNs, and ExpressRoute. This session will also feature a high-level discussion of Azure services (load balancing options, Traffic Manager, and more).
Welcome back. In this lesson, we'll be talking about some of the different Azure Services. We'll talk about CDN, Media Services, Redis Cache, Traffic Manager, Azure Active Directory, and Multifactor Authentication.
So, let's get started with CDNs. The Content Delivery Network or CDN is a service that allows the caching of static content in locations outside of Azure Data Centers in facilities that are not owned by Microsoft, that are already available and more distributed worldwide, in countries maybe not served by an Azure facility. It is functionally built on top of Azure Storage service. The service takes time, from minutes to hours, to replicate the content contained in a storage node to all of the nodes in the network. The user will refer to a generic CDN endpoint. And then transparently, the service will redirect them depending on the location of the request. The end user will perceive a fast and more responsive content delivery. There are a lot of benefits to using a CDN. We get better performance and user experience for our end users, because request will be handled by locations near the user. It's better for high-traffic periods, because it distributes requests to edge servers, resulting in less traffic for our application.
The next service on the agenda is Azure Media Services. Azure Media Services is a content deliver platform to build solutions focused on streaming content. In particular, the service supports the delivery of either live streaming content or on-demand streaming content. There's a lot involved in video streaming. You need to be able to ingest media in a scalable way. You need to be able to store large amounts of data, and you have to be ale to encode in multiple formats, and you need to deliver the right content to the right devices. And often times, you need all of that functionality programmatically, which is why there's a REST API to do all of that. And if that wasn't enough, it also integrates with CDN.
Let's talk about Redis next. Redis is a popular open source, high-performance, in-memory data structure store, which can be used as a key value database, cache, or message broker. Redis supports multiple data structures, such as strings, hashes, lists, sets, and sorted sets, while also supporting transactions and atomic operations, and it provides features such as replication, partitioning, and high availability. It makes a great option for a centralized session store, for session state data, and for request caching and more.
Next up, Traffic Manager. The Azure Traffic Manager provides DNS level traffic management. The job of the Traffic Manager is to direct users to the most appropriate instance based on a set of configurable rules. Traffic Manager also performs active endpoint monitoring to detect which endpoints are operational. Meaning that the Traffic Manager can avoid sending clients to endpoint which might be down or having issues. It's important to note that the Traffic Manager does not have traffic flowing through it. The Traffic Manager performs DNS level redirection. That means that the redirection only happens when the user's client is seeking the IP address that it should connect to. And then once it's connected, the traffic between the client and your web app doesn't talk to Traffic Manager at all.
Next up we have Active Directory. Azure Active Directory is a cloud-based identity management server. As the name suggest, it handles identities like the On-prem Windows Service Active Directory, but they're different products, and there's no competition between the two of them. In fact, they're complimentary. You could use them separately in different context or together. Azure Active Directory is internet-oriented and based on well-known internet authentication and authorization standards like OAuth and OpenID. So every application that supports those standards can be authenticated by Azure Active Directory, where On-prem Active Directory is focused on your organization with domains and organizational units to authorize users and applications. The two services can work together, thanks to a tool called Directory Sync or DirSync. The purpose of this tool is to synchronize the on-premises accounts with an Azure active directory. So then in a hybrid scenario, users already authenticating locally can use the same set of credentials to authenticate with your Azure-hosted applications.
Next up, we'll be talking about security, specifically Multifactor Authentication. Multifactor Authentication, typically abbreviated as MFA, is an authentication process that uses more than one authentication mechanism to verify a user's identity. Typically the first method is username and password. It's currently the most common auth method. However, username and password alone are not really great of security. A password can be stolen, guessed, or obtained by other means, and it leaves a sub-optimal security method. So, with Multifactor Authentication, after you've passed the first method, you then need to pass another one, and this time it should be something different than just the username and password. The common way to look at this is something you have and something you know. A username and password is something you know, and maybe a fingerprint or some biometric scan is something you have. Something you have is often a random token generated by a device such as a cellphone. And that token expires too often to be guessed or brute forced. MFA make sure that even if someone was to obtain your username and password, they can't log in without the additional factors.
Okay, this is gonna wrap up our lesson on services. In our next lesson, we're gonna summarize what we've covered throughout the course thus far, and then we'll talk about what's next. So if you're ready, then let's wrap up this course.
Ben Lambert is a software engineer and was previously the lead author for DevOps and Microsoft Azure training content at Cloud Academy. His courses and learning paths covered Cloud Ecosystem technologies such as DC/OS, configuration management tools, and containers. As a software engineer, Ben’s experience includes building highly available web and mobile apps. When he’s not building software, he’s hiking, camping, or creating video games.