# AZ-400: Designing and Implementing Microsoft DevOps Solutions Notes

These are my notes while preparing AZ-400 exam.

# Site Reliability Engineering

**Reliability** is the ability of a system or component to perform its intended function under specified conditions for an extended period without failure. A reliable product has a high probability of performing as expected over time. The reliability of a product can be measured by how long it will last before failing and how often it fails.

* Availability
    
* Performance
    
* Latency
    
* Security
    

## Measuring Reliability

**SLA:** Service Level Agreement

The agreement made with customers about how available the system is

**SLO:** Service Level Objective

The goal that the service wants to reach or meet agreements

**SLI:** Service Level Indicators

Actual service metric behind the commitments

## Why SRE?

* Ownership
    
* Work Silos
    
* Full Stack
    

## Key Concepts

* Feedback
    
* Measure everything
    
* Alert
    
* Automate
    
* Small changes (often)
    
* Embrace Risk
    

Devops focuses on development, SRE focuses on production.

# Azure Monitor

**Azure Monitor** is a comprehensive monitoring solution for collecting, analyzing, and responding to monitoring data from your cloud and on-premises environments.

## Metrics

Azure Monitor Metrics is a feature of Azure Monitor that collects numeric data from monitored resources into a time-series database. Metrics are numerical values that are collected at regular intervals and describe some aspect of a system at a particular time.

You can

* Visualize Data
    
* Analyze
    
* Alert
    
* Automate
    

# Health Checks

Application Insights is an extension of Azure Monitor and provides application performance monitoring (APM) features. APM tools are useful to monitor applications from development, through test, and into production in the following ways:

* Proactively understand how an application is performing.
    
* Reactively review application execution data to determine the cause of an incident.
    

Application Insights helps us to create health checks.

### Availability - URL Ping Test

Send a HTTP Request to a specific URL

* Request duration and success rate
    
* Dependent Requests
    
* Enable retries are recommended
    
* Min 5 Max 16 locations
    
* Create alerts
    

Monitor &gt; Application Insights &gt; Investigate &gt; Availability &gt; Add test

To notify =&gt; Create Action Group

In action group you can add SMS, Voice, Email, Push Notification and then create action.

Actions are

* Webhook
    
* Azure Function
    
* Runbook
    
* Logic App
    
* ...
    

# Load and Failure Conditions

Plan for failures

Failure mode Analysis

* Find Single point of failure
    
* Rate Risk and Severity
    
* Determine Response
    
* Understand Application
    
* Criticality
    
* Understand Dependencies
    

Prevent Failures

* Fault Domains
    
* Availability Zones
    
* Cross-Regions
    
* Auto Scaling
    

Performance Testing

* Load Testing : Make sure that application handle normal load
    
* Stress Testing : Analyze the upper limit of the application
    

# Baseline Metrics

Normal condition is different for each environment

# Smart Detection and Dynamic Thresholds

Uses machine learning. Adopt new conditions.

It is built-in.

Failure needs a minimum 24 hours of data

Performance needs minimum 8 days of data

# Submodule

Submodules allow you to keep a Git repository as a subdirectory of another Git repository. This lets you clone another repository into your project and keep your commits separate.

```bash
git submodule init
git submodule update
git submodule add https://github.com/account/repo
```

## Azure Submodules

Authentication should be either of below

* Unauthenticated
    
* Authenticated with the main repo account
    

# Scalar

Scalar is a repository management tool that optimizes Git for use in large repositories. Scalar improves performance by configuring advanced Git settings, maintaining repositories in the background, and helping to reduce data sent across the network.

New Repo:

```bash
scalar clone [options] <url>
```

Existing Repo

```bash
scalar register
```

# Github & AAD

Requirements

* Github Enterprise Cloud Organization
    

# Git Commands

```bash
git log --oneline
git log --pretty="- s%"
```

# Branching Strategies

* Trunk Based
    
* Feature (Task) Based
    
* Release Based
    

# Pull Request

Should contain

* What
    
* Why
    
* How
    
* Test
    
* References
    
    * Work Item
        
    * Screenshot
        
    * Document
        
* The Rest
    
    * Challenges
        
    * Improvements
        

Efficient Pull Request

* Automatically Assignment
    
* Reminder
    
* Pull Analytics
    

Effective Code Review

* Size Limit
    
    * Less than 400 lines of code
        
    * Less than one hour
        
* Annotation
    
    * Guide reviewers
        
    * Provide Context
        
* Checklist
    

# Static Code Analysis

* Coding Errors
    
* Security Vulnerabilities
    

GitHub Marketplace

* Code Quality
    
* Code Review
    
    * DeepSource
        

# Git Tags

Mark specific versions in history

* Supports annotation
    

Kinds

* Lightweight
    
    * Just a tag
        
    * Simply point to a time in history
        
* Annotated
    
    * Attached note on a tag
        

Web Portal: Only annotated

# Handling Large Files

For large files, use Git LFS (Large File System)

* Open Source Extention installed separately
    
* Large file is hosted seperataley
    

```bash
git lfs install
git lfs track "*.psd"
```

Tricks

* Do not commit produced binaries
    
* Cleanup = git gc (Remove untracked files)
    

# Remove unwanted data

* Need to remove secure data/file/secret/GPDR/sensitive data
    

## Remove local data

1 - Delete unwanted data  
2 - git rm --cached &lt;filename&gt;  
3 - git reset HEAD^  
4- git commit --ammend -m "comment"

## Remove Remote Repository

1 - Reset to last good commit before the file commit  
git reset --hard #commitSHA

2 - git push --force

## Remove from History

Not easy. Use 3rd party tools

* git filter-branch
    
* git filter-repo
    
* BFG Repo cleaner
    

# Pipeline Matrix

A build matrix is something that comes out of product-based companies: you have a single code base that you need to build across multiple permutations of operating systems, software versions, etc.

```bash
trigger:
- master

strategy:
  matrix:
    'Ubuntu 16.04':
      image: 'ubuntu-16.04'
      dotnetcore: '2.2.x'
    'Ubuntu 18.04':
      image: 'ubuntu-18.04'
      dotnetcore: '3.1.x'
    'MacOS X High Sierra':
      image: 'macos-10.13'
      dotnetcore: '2.2.x'
    'MacOS X Mojave':
      image: 'macos-10.14'
      dotnetcore: '3.1.x'
    'Windows Server 2016':
      image: 'vs2017-win2016'
      dotnetcore: '2.2.x'
    'Windows Server 2019':
      image: 'windows-2019'
      dotnetcore: '3.1.x'

pool:
  vmImage: $(image)

variables:
  solution: '**/*.sln'
  buildPlatform: 'Any CPU'
  buildConfiguration: 'Release'

steps:
- task: UseDotNet@2
  inputs:
    packageType: 'sdk'
    version: $(dotnetcore)
    
- task: DotNetCoreCLI@2
  displayName: "Restore"
  inputs:
    command: 'restore'
    projects: '**/*.csproj'
    feedsToUse: 'select'

- task: DotNetCoreCLI@2
  displayName: "Build"
  inputs:
    command: 'build'
    projects: '**/*.csproj'

- task: DotNetCoreCLI@2
  displayName: "Unit Tests"
  inputs:
    command: 'test'
    projects: '**/tests/UnitTests/UnitTests.csproj'

- task: DotNetCoreCLI@2
  displayName: "Publish Infrastructure"
  inputs:
    command: 'publish'
    publishWebProjects: false
    projects: '$(Build.SourcesDirectory)/src/Infrastructure/Infrastructure.csproj'

- task: DotNetCoreCLI@2
  displayName: "Publish ApplicationCore"
  inputs:
    command: 'publish'
    publishWebProjects: false
    projects: '$(Build.SourcesDirectory)/src/ApplicationCore/ApplicationCore.csproj'

- task: DotNetCoreCLI@2
  displayName: "Publish Web"
  inputs:
    command: 'publish'
    publishWebProjects: true

- task: CopyFiles@2
  inputs:
    SourceFolder: '$(Build.SourcesDirectory)'
    Contents: |
      src\ApplicationCore\bin\Debug\netstandard2.1\ApplicationCore.dll
      src\Infrastructure\bin\Debug\netstandard2.1\Infrastructure.dll
      src\Web\bin\Debug\netcoreapp3.1\Web.dll
      src\Web\bin\Debug\netcoreapp3.1\Web.Views.dll
    TargetFolder: '$(Build.ArtifactStagingDirectory)'

- task: PublishPipelineArtifact@1
  inputs:
    targetPath: '$(Build.ArtifactStagingDirectory)'
    artifact: '$(image)'
    publishLocation: 'pipeline'
```

# Azure Artifacts

Supports Maven, NPM, Nuget, Python

# Semantic Versioning

2.5.7-prerelease

{major}.{minor}.{patch}-{tag}

# YAML Templates

template.yml

```bash
steps
 - npm install
 - npm test
tasks
```

pipeline-yml (external repo)

```bash
pool:
 image: ubuntu-latest

resources:
  repositories:
    - repository: templates
    - type: git
    - name: project/repo

steps:
 - templates/template.yml@templates
```

pipeline-yml (same repo)

```bash
pool:
 image: ubuntu-latest

steps:
 - template.yml
```

# Variable Groups

Variable is only used once

```bash
variables:
 vmImageName: 'ubuntu-latest'

pool:
 vmImage: $(vmImageName)
```

Variable groups are used in multiple places (temples)

Pipeline &gt; Library

You can insert variable groups in pipelines. E.g. Secrets,...

```bash
variables:
 - group: my-variable-group
 - name: azureServiceConnectionId
   value: '{SUBSCRIPTION_ID}'
```

# Powershell DSC (Desired State Condiguration)

Maintain state

```powershell
Configuration HelloWorld {
 
    # Import the module that contains the File resource.
    Import-DscResource -ModuleName PsDesiredStateConfiguration
 
    # The Node statement specifies which targets to compile MOF files for, when this configuration is executed.
    Node 'localhost' {
 
        # The File resource can ensure the state of files, or copy them from a source to a destination with persistent updates.
        File HelloWorld {
            DestinationPath = "C:\Temp\HelloWorld.txt"
            Ensure = "Present"
            Contents   = "Hello World from DSC!"
        }
    }
}
```

[https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Windows-PowerShell-DSC-Desired-State-Configuration](https://www.techtarget.com/searchwindowsserver/definition/Microsoft-Windows-PowerShell-DSC-Desired-State-Configuration)

# Bicep Files

Alternative to ARM templates

Abstraction over ARM templates.

[https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/overview?tabs=bicep](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/overview?tabs=bicep)

# Visual Studio App Center

Deploy application to multiple devices (IOS, Mac, Windows)

# Azure AD Privileged Identity Management

Privileged Identity Management (PIM) is a service in Azure Active Directory (Azure AD) that enables you to manage, control, and monitor access to important resources in your organization. These resources include resources in Azure AD, Azure, and other Microsoft Online Services such as Microsoft 365 or Microsoft Intune. The following video explains important PIM concepts and features.

What does it do?

Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Here are some of the key features of Privileged Identity Management:

* Provide **just-in-time** privileged access to Azure AD and Azure resources
    
* Assign **time-bound** access to resources using start and end dates
    
* Require **approval** to activate privileged roles
    
* Enforce **multi-factor authentication** to activate any role
    
* Use **justification** to understand why users activate
    
* Get **notifications** when privileged roles are activated
    
* Conduct **access reviews** to ensure users still need roles
    
* Download **audit history** for internal or external audit
    
* Prevents removal of the **last active Global Administrator** and **Privileged Role Administrator** role assignments
    

# Azure AD Conditional Access

if then statements for actions

* Scope
    
* Condition
    
* Make Condition
