AZ-400: Designing and Implementing Microsoft DevOps Solutions Notes
These are my notes while preparing AZ-400 exam.
Site Reliability Engineering
Reliability is the ability of a system or component to perform its intended function under specified conditions for an extended period without failure. A reliable product has a high probability of performing as expected over time. The reliability of a product can be measured by how long it will last before failing and how often it fails.
Availability
Performance
Latency
Security
Measuring Reliability
SLA: Service Level Agreement
The agreement made with customers about how available the system is
SLO: Service Level Objective
The goal that the service wants to reach or meet agreements
SLI: Service Level Indicators
Actual service metric behind the commitments
Why SRE?
Ownership
Work Silos
Full Stack
Key Concepts
Feedback
Measure everything
Alert
Automate
Small changes (often)
Embrace Risk
Devops focuses on development, SRE focuses on production.
Azure Monitor
Azure Monitor is a comprehensive monitoring solution for collecting, analyzing, and responding to monitoring data from your cloud and on-premises environments.
Metrics
Azure Monitor Metrics is a feature of Azure Monitor that collects numeric data from monitored resources into a time-series database. Metrics are numerical values that are collected at regular intervals and describe some aspect of a system at a particular time.
You can
Visualize Data
Analyze
Alert
Automate
Health Checks
Application Insights is an extension of Azure Monitor and provides application performance monitoring (APM) features. APM tools are useful to monitor applications from development, through test, and into production in the following ways:
Proactively understand how an application is performing.
Reactively review application execution data to determine the cause of an incident.
Application Insights helps us to create health checks.
Availability - URL Ping Test
Send a HTTP Request to a specific URL
Request duration and success rate
Dependent Requests
Enable retries are recommended
Min 5 Max 16 locations
Create alerts
Monitor > Application Insights > Investigate > Availability > Add test
To notify => Create Action Group
In action group you can add SMS, Voice, Email, Push Notification and then create action.
Actions are
Webhook
Azure Function
Runbook
Logic App
...
Load and Failure Conditions
Plan for failures
Failure mode Analysis
Find Single point of failure
Rate Risk and Severity
Determine Response
Understand Application
Criticality
Understand Dependencies
Prevent Failures
Fault Domains
Availability Zones
Cross-Regions
Auto Scaling
Performance Testing
Load Testing : Make sure that application handle normal load
Stress Testing : Analyze the upper limit of the application
Baseline Metrics
Normal condition is different for each environment
Smart Detection and Dynamic Thresholds
Uses machine learning. Adopt new conditions.
It is built-in.
Failure needs a minimum 24 hours of data
Performance needs minimum 8 days of data
Submodule
Submodules allow you to keep a Git repository as a subdirectory of another Git repository. This lets you clone another repository into your project and keep your commits separate.
git submodule init
git submodule update
git submodule add https://github.com/account/repo
Azure Submodules
Authentication should be either of below
Unauthenticated
Authenticated with the main repo account
Scalar
Scalar is a repository management tool that optimizes Git for use in large repositories. Scalar improves performance by configuring advanced Git settings, maintaining repositories in the background, and helping to reduce data sent across the network.
New Repo:
scalar clone [options] <url>
Existing Repo
scalar register
Github & AAD
Requirements
- Github Enterprise Cloud Organization
Git Commands
git log --oneline
git log --pretty="- s%"
Branching Strategies
Trunk Based
Feature (Task) Based
Release Based
Pull Request
Should contain
What
Why
How
Test
References
Work Item
Screenshot
Document
The Rest
Challenges
Improvements
Efficient Pull Request
Automatically Assignment
Reminder
Pull Analytics
Effective Code Review
Size Limit
Less than 400 lines of code
Less than one hour
Annotation
Guide reviewers
Provide Context
Checklist
Static Code Analysis
Coding Errors
Security Vulnerabilities
GitHub Marketplace
Code Quality
Code Review
- DeepSource
Git Tags
Mark specific versions in history
- Supports annotation
Kinds
Lightweight
Just a tag
Simply point to a time in history
Annotated
- Attached note on a tag
Web Portal: Only annotated
Handling Large Files
For large files, use Git LFS (Large File System)
Open Source Extention installed separately
Large file is hosted seperataley
git lfs install
git lfs track "*.psd"
Tricks
Do not commit produced binaries
Cleanup = git gc (Remove untracked files)
Remove unwanted data
- Need to remove secure data/file/secret/GPDR/sensitive data
Remove local data
1 - Delete unwanted data
2 - git rm --cached <filename>
3 - git reset HEAD^
4- git commit --ammend -m "comment"
Remove Remote Repository
1 - Reset to last good commit before the file commit
git reset --hard #commitSHA
2 - git push --force
Remove from History
Not easy. Use 3rd party tools
git filter-branch
git filter-repo
BFG Repo cleaner
Pipeline Matrix
A build matrix is something that comes out of product-based companies: you have a single code base that you need to build across multiple permutations of operating systems, software versions, etc.
trigger:
- master
strategy:
matrix:
'Ubuntu 16.04':
image: 'ubuntu-16.04'
dotnetcore: '2.2.x'
'Ubuntu 18.04':
image: 'ubuntu-18.04'
dotnetcore: '3.1.x'
'MacOS X High Sierra':
image: 'macos-10.13'
dotnetcore: '2.2.x'
'MacOS X Mojave':
image: 'macos-10.14'
dotnetcore: '3.1.x'
'Windows Server 2016':
image: 'vs2017-win2016'
dotnetcore: '2.2.x'
'Windows Server 2019':
image: 'windows-2019'
dotnetcore: '3.1.x'
pool:
vmImage: $(image)
variables:
solution: '**/*.sln'
buildPlatform: 'Any CPU'
buildConfiguration: 'Release'
steps:
- task: UseDotNet@2
inputs:
packageType: 'sdk'
version: $(dotnetcore)
- task: DotNetCoreCLI@2
displayName: "Restore"
inputs:
command: 'restore'
projects: '**/*.csproj'
feedsToUse: 'select'
- task: DotNetCoreCLI@2
displayName: "Build"
inputs:
command: 'build'
projects: '**/*.csproj'
- task: DotNetCoreCLI@2
displayName: "Unit Tests"
inputs:
command: 'test'
projects: '**/tests/UnitTests/UnitTests.csproj'
- task: DotNetCoreCLI@2
displayName: "Publish Infrastructure"
inputs:
command: 'publish'
publishWebProjects: false
projects: '$(Build.SourcesDirectory)/src/Infrastructure/Infrastructure.csproj'
- task: DotNetCoreCLI@2
displayName: "Publish ApplicationCore"
inputs:
command: 'publish'
publishWebProjects: false
projects: '$(Build.SourcesDirectory)/src/ApplicationCore/ApplicationCore.csproj'
- task: DotNetCoreCLI@2
displayName: "Publish Web"
inputs:
command: 'publish'
publishWebProjects: true
- task: CopyFiles@2
inputs:
SourceFolder: '$(Build.SourcesDirectory)'
Contents: |
src\ApplicationCore\bin\Debug\netstandard2.1\ApplicationCore.dll
src\Infrastructure\bin\Debug\netstandard2.1\Infrastructure.dll
src\Web\bin\Debug\netcoreapp3.1\Web.dll
src\Web\bin\Debug\netcoreapp3.1\Web.Views.dll
TargetFolder: '$(Build.ArtifactStagingDirectory)'
- task: PublishPipelineArtifact@1
inputs:
targetPath: '$(Build.ArtifactStagingDirectory)'
artifact: '$(image)'
publishLocation: 'pipeline'
Azure Artifacts
Supports Maven, NPM, Nuget, Python
Semantic Versioning
2.5.7-prerelease
{major}.{minor}.{patch}-{tag}
YAML Templates
template.yml
steps
- npm install
- npm test
tasks
pipeline-yml (external repo)
pool:
image: ubuntu-latest
resources:
repositories:
- repository: templates
- type: git
- name: project/repo
steps:
- templates/template.yml@templates
pipeline-yml (same repo)
pool:
image: ubuntu-latest
steps:
- template.yml
Variable Groups
Variable is only used once
variables:
vmImageName: 'ubuntu-latest'
pool:
vmImage: $(vmImageName)
Variable groups are used in multiple places (temples)
Pipeline > Library
You can insert variable groups in pipelines. E.g. Secrets,...
variables:
- group: my-variable-group
- name: azureServiceConnectionId
value: '{SUBSCRIPTION_ID}'
Powershell DSC (Desired State Condiguration)
Maintain state
Configuration HelloWorld {
# Import the module that contains the File resource.
Import-DscResource -ModuleName PsDesiredStateConfiguration
# The Node statement specifies which targets to compile MOF files for, when this configuration is executed.
Node 'localhost' {
# The File resource can ensure the state of files, or copy them from a source to a destination with persistent updates.
File HelloWorld {
DestinationPath = "C:\Temp\HelloWorld.txt"
Ensure = "Present"
Contents = "Hello World from DSC!"
}
}
}
Bicep Files
Alternative to ARM templates
Abstraction over ARM templates.
https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/overview?tabs=bicep
Visual Studio App Center
Deploy application to multiple devices (IOS, Mac, Windows)
Azure AD Privileged Identity Management
Privileged Identity Management (PIM) is a service in Azure Active Directory (Azure AD) that enables you to manage, control, and monitor access to important resources in your organization. These resources include resources in Azure AD, Azure, and other Microsoft Online Services such as Microsoft 365 or Microsoft Intune. The following video explains important PIM concepts and features.
What does it do?
Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Here are some of the key features of Privileged Identity Management:
Provide just-in-time privileged access to Azure AD and Azure resources
Assign time-bound access to resources using start and end dates
Require approval to activate privileged roles
Enforce multi-factor authentication to activate any role
Use justification to understand why users activate
Get notifications when privileged roles are activated
Conduct access reviews to ensure users still need roles
Download audit history for internal or external audit
Prevents removal of the last active Global Administrator and Privileged Role Administrator role assignments
Azure AD Conditional Access
if then statements for actions
Scope
Condition
Make Condition
