AZ-400: Designing and Implementing Microsoft DevOps Solutions Notes

AZ-400: Designing and Implementing Microsoft DevOps Solutions Notes

These are my notes while preparing AZ-400 exam.

Site Reliability Engineering

Reliability is the ability of a system or component to perform its intended function under specified conditions for an extended period without failure. A reliable product has a high probability of performing as expected over time. The reliability of a product can be measured by how long it will last before failing and how often it fails.

  • Availability

  • Performance

  • Latency

  • Security

Measuring Reliability

SLA: Service Level Agreement

The agreement made with customers about how available the system is

SLO: Service Level Objective

The goal that the service wants to reach or meet agreements

SLI: Service Level Indicators

Actual service metric behind the commitments

Why SRE?

  • Ownership

  • Work Silos

  • Full Stack

Key Concepts

  • Feedback

  • Measure everything

  • Alert

  • Automate

  • Small changes (often)

  • Embrace Risk

Devops focuses on development, SRE focuses on production.

Azure Monitor

Azure Monitor is a comprehensive monitoring solution for collecting, analyzing, and responding to monitoring data from your cloud and on-premises environments.

Metrics

Azure Monitor Metrics is a feature of Azure Monitor that collects numeric data from monitored resources into a time-series database. Metrics are numerical values that are collected at regular intervals and describe some aspect of a system at a particular time.

You can

  • Visualize Data

  • Analyze

  • Alert

  • Automate

Health Checks

Application Insights is an extension of Azure Monitor and provides application performance monitoring (APM) features. APM tools are useful to monitor applications from development, through test, and into production in the following ways:

  • Proactively understand how an application is performing.

  • Reactively review application execution data to determine the cause of an incident.

Application Insights helps us to create health checks.

Availability - URL Ping Test

Send a HTTP Request to a specific URL

  • Request duration and success rate

  • Dependent Requests

  • Enable retries are recommended

  • Min 5 Max 16 locations

  • Create alerts

Monitor > Application Insights > Investigate > Availability > Add test

To notify => Create Action Group

In action group you can add SMS, Voice, Email, Push Notification and then create action.

Actions are

  • Webhook

  • Azure Function

  • Runbook

  • Logic App

  • ...

Load and Failure Conditions

Plan for failures

Failure mode Analysis

  • Find Single point of failure

  • Rate Risk and Severity

  • Determine Response

  • Understand Application

  • Criticality

  • Understand Dependencies

Prevent Failures

  • Fault Domains

  • Availability Zones

  • Cross-Regions

  • Auto Scaling

Performance Testing

  • Load Testing : Make sure that application handle normal load

  • Stress Testing : Analyze the upper limit of the application

Baseline Metrics

Normal condition is different for each environment

Smart Detection and Dynamic Thresholds

Uses machine learning. Adopt new conditions.

It is built-in.

Failure needs a minimum 24 hours of data

Performance needs minimum 8 days of data

Submodule

Submodules allow you to keep a Git repository as a subdirectory of another Git repository. This lets you clone another repository into your project and keep your commits separate.

git submodule init
git submodule update
git submodule add https://github.com/account/repo

Azure Submodules

Authentication should be either of below

  • Unauthenticated

  • Authenticated with the main repo account

Scalar

Scalar is a repository management tool that optimizes Git for use in large repositories. Scalar improves performance by configuring advanced Git settings, maintaining repositories in the background, and helping to reduce data sent across the network.

New Repo:

scalar clone [options] <url>

Existing Repo

scalar register

Github & AAD

Requirements

  • Github Enterprise Cloud Organization

Git Commands

git log --oneline
git log --pretty="- s%"

Branching Strategies

  • Trunk Based

  • Feature (Task) Based

  • Release Based

Pull Request

Should contain

  • What

  • Why

  • How

  • Test

  • References

    • Work Item

    • Screenshot

    • Document

  • The Rest

    • Challenges

    • Improvements

Efficient Pull Request

  • Automatically Assignment

  • Reminder

  • Pull Analytics

Effective Code Review

  • Size Limit

    • Less than 400 lines of code

    • Less than one hour

  • Annotation

    • Guide reviewers

    • Provide Context

  • Checklist

Static Code Analysis

  • Coding Errors

  • Security Vulnerabilities

GitHub Marketplace

  • Code Quality

  • Code Review

    • DeepSource

Git Tags

Mark specific versions in history

  • Supports annotation

Kinds

  • Lightweight

    • Just a tag

    • Simply point to a time in history

  • Annotated

    • Attached note on a tag

Web Portal: Only annotated

Handling Large Files

For large files, use Git LFS (Large File System)

  • Open Source Extention installed separately

  • Large file is hosted seperataley

git lfs install
git lfs track "*.psd"

Tricks

  • Do not commit produced binaries

  • Cleanup = git gc (Remove untracked files)

Remove unwanted data

  • Need to remove secure data/file/secret/GPDR/sensitive data

Remove local data

1 - Delete unwanted data
2 - git rm --cached <filename>
3 - git reset HEAD^
4- git commit --ammend -m "comment"

Remove Remote Repository

1 - Reset to last good commit before the file commit
git reset --hard #commitSHA

2 - git push --force

Remove from History

Not easy. Use 3rd party tools

  • git filter-branch

  • git filter-repo

  • BFG Repo cleaner

Pipeline Matrix

A build matrix is something that comes out of product-based companies: you have a single code base that you need to build across multiple permutations of operating systems, software versions, etc.

trigger:
- master

strategy:
  matrix:
    'Ubuntu 16.04':
      image: 'ubuntu-16.04'
      dotnetcore: '2.2.x'
    'Ubuntu 18.04':
      image: 'ubuntu-18.04'
      dotnetcore: '3.1.x'
    'MacOS X High Sierra':
      image: 'macos-10.13'
      dotnetcore: '2.2.x'
    'MacOS X Mojave':
      image: 'macos-10.14'
      dotnetcore: '3.1.x'
    'Windows Server 2016':
      image: 'vs2017-win2016'
      dotnetcore: '2.2.x'
    'Windows Server 2019':
      image: 'windows-2019'
      dotnetcore: '3.1.x'

pool:
  vmImage: $(image)

variables:
  solution: '**/*.sln'
  buildPlatform: 'Any CPU'
  buildConfiguration: 'Release'

steps:
- task: UseDotNet@2
  inputs:
    packageType: 'sdk'
    version: $(dotnetcore)

- task: DotNetCoreCLI@2
  displayName: "Restore"
  inputs:
    command: 'restore'
    projects: '**/*.csproj'
    feedsToUse: 'select'

- task: DotNetCoreCLI@2
  displayName: "Build"
  inputs:
    command: 'build'
    projects: '**/*.csproj'

- task: DotNetCoreCLI@2
  displayName: "Unit Tests"
  inputs:
    command: 'test'
    projects: '**/tests/UnitTests/UnitTests.csproj'

- task: DotNetCoreCLI@2
  displayName: "Publish Infrastructure"
  inputs:
    command: 'publish'
    publishWebProjects: false
    projects: '$(Build.SourcesDirectory)/src/Infrastructure/Infrastructure.csproj'

- task: DotNetCoreCLI@2
  displayName: "Publish ApplicationCore"
  inputs:
    command: 'publish'
    publishWebProjects: false
    projects: '$(Build.SourcesDirectory)/src/ApplicationCore/ApplicationCore.csproj'

- task: DotNetCoreCLI@2
  displayName: "Publish Web"
  inputs:
    command: 'publish'
    publishWebProjects: true

- task: CopyFiles@2
  inputs:
    SourceFolder: '$(Build.SourcesDirectory)'
    Contents: |
      src\ApplicationCore\bin\Debug\netstandard2.1\ApplicationCore.dll
      src\Infrastructure\bin\Debug\netstandard2.1\Infrastructure.dll
      src\Web\bin\Debug\netcoreapp3.1\Web.dll
      src\Web\bin\Debug\netcoreapp3.1\Web.Views.dll
    TargetFolder: '$(Build.ArtifactStagingDirectory)'

- task: PublishPipelineArtifact@1
  inputs:
    targetPath: '$(Build.ArtifactStagingDirectory)'
    artifact: '$(image)'
    publishLocation: 'pipeline'

Azure Artifacts

Supports Maven, NPM, Nuget, Python

Semantic Versioning

2.5.7-prerelease

{major}.{minor}.{patch}-{tag}

YAML Templates

template.yml

steps
 - npm install
 - npm test
tasks

pipeline-yml (external repo)

pool:
 image: ubuntu-latest

resources:
  repositories:
    - repository: templates
    - type: git
    - name: project/repo

steps:
 - templates/template.yml@templates

pipeline-yml (same repo)

pool:
 image: ubuntu-latest

steps:
 - template.yml

Variable Groups

Variable is only used once

variables:
 vmImageName: 'ubuntu-latest'

pool:
 vmImage: $(vmImageName)

Variable groups are used in multiple places (temples)

Pipeline > Library

You can insert variable groups in pipelines. E.g. Secrets,...

variables:
 - group: my-variable-group
 - name: azureServiceConnectionId
   value: '{SUBSCRIPTION_ID}'

Powershell DSC (Desired State Condiguration)

Maintain state

Configuration HelloWorld {

    # Import the module that contains the File resource.
    Import-DscResource -ModuleName PsDesiredStateConfiguration

    # The Node statement specifies which targets to compile MOF files for, when this configuration is executed.
    Node 'localhost' {

        # The File resource can ensure the state of files, or copy them from a source to a destination with persistent updates.
        File HelloWorld {
            DestinationPath = "C:\Temp\HelloWorld.txt"
            Ensure = "Present"
            Contents   = "Hello World from DSC!"
        }
    }
}

https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Windows-PowerShell-DSC-Desired-State-Configuration

Bicep Files

Alternative to ARM templates

Abstraction over ARM templates.

https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/overview?tabs=bicep

Visual Studio App Center

Deploy application to multiple devices (IOS, Mac, Windows)

Azure AD Privileged Identity Management

Privileged Identity Management (PIM) is a service in Azure Active Directory (Azure AD) that enables you to manage, control, and monitor access to important resources in your organization. These resources include resources in Azure AD, Azure, and other Microsoft Online Services such as Microsoft 365 or Microsoft Intune. The following video explains important PIM concepts and features.

What does it do?

Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Here are some of the key features of Privileged Identity Management:

  • Provide just-in-time privileged access to Azure AD and Azure resources

  • Assign time-bound access to resources using start and end dates

  • Require approval to activate privileged roles

  • Enforce multi-factor authentication to activate any role

  • Use justification to understand why users activate

  • Get notifications when privileged roles are activated

  • Conduct access reviews to ensure users still need roles

  • Download audit history for internal or external audit

  • Prevents removal of the last active Global Administrator and Privileged Role Administrator role assignments

Azure AD Conditional Access

if then statements for actions

  • Scope

  • Condition

  • Make Condition