Each storage account gets two and only two keys. Primary and Secondary.
An Azure App Service Plan is like a dedicated hosting environment. It can host Web Apps, Mobile Apps, Functions, and API apps. Logic apps used to support App Service Plans, but don't any more.
Page blobs are optimized for representing IaaS disks and supporting random writes, and may be up to 1 TB in size. An Azure virtual machine network attached IaaS disk is a VHD stored as a page blob.
Service Fabric is a microservices model that relies on smaller components dedicated to a specific task, working together to deliver services to the users. This is the opposite of the monolith single application model. Since the components are small, they are often very quick to deploy and can result in zero downtime for the application. These applications are more dense, taking more full advantage of existing servers. This results in less servers required to support the functionality. And the service fabric distributed model allows nodes to be running both inside and outside Azure at the same time, including even nodes in AWS or on premises. It is not a less complicated architecture, since it often adds more complexity to the design. But you get the benefits of cost savings and increased availability.
NSGs can only be applied to resources within the region it's created.
Server clustering is a feature of the premium tier.
Azure throttling IO per second limits are based on the account level, so in order to exceed them you will need to create multiple accounts. There is no automated way to shard blobs into separate accounts. That must be done by the application.
Azure Web Jobs cannot be created using .NET Core
Managed storage accounts are charged by the amount of data and the number of transactions, but Microsoft takes care of ensuring the files are stored on their servers in a way that won't get throttled or have those traditional limits.
DocumentDB, now one part of CosmosDB, is specifically designed as a NoSQL data service that guarantees low-latency and quick response time. Perfect for storing small bits of JSON there.
You can choose from Verizon or Akamai when creating a CDN on Azure.
SAML 2.0 uses a signed-token mechanism to signal authentication. The application directs the user to Active Directory, which the user logs into directly. Active Directory sends the user back to the application with a signed token which is checked to ensure it hasn't been tampered with.
Using the filtering capability of Azure Service Bus topics, only receive messages that are relevant to the person. But display all alerts that pass this filter.
The New-AzureRmWebAppBackup command creates a backup of a web app.
You are limited to 20 static IP addresses per subscription in Azure.
OData is an industry-standard, supported by companies such as Microsoft, IBM, SAP, Progress Software, etc. It creates a standard language that can be used to query data from many sources, including Azure SQL, SharePoint, SSRS, and other sources.
Azure limits 4 TB for standard unmanaged disks. Premium disks can be up to 4 TB depending on level. Of course, you can have several data disks depending on the VM size you choose. There is a 500 TB maximum for the entire storage account.
Azure SQL Database service can be protected by using either a database or server level firewall, which is configured in a specific table inside either the master database (database or server firewall) or the specific database being protected (database firewall only). Azure SQL Database is Software as a Service and does not run on a virtual network, and cannot be protected by an NSG.
Bearer tokens have some well-known security issues. You have to send the tokens over SSL to prevent man-in-the-middle attacks, and a short expiry time minimizes the damage if the token is intercepted.
Web apps support languages such as ASP.NET, Node.js, PHP, Python, and Java.
Azure Automation DSC can be used for an on-premises virtual machine as long as the latest version of the WMF (Windows Management Framework) is installed, and the machine has an outbound connection to the Internet, it can be managed by Azure DSC.
You can set an expiry date when you create the shared access signature, and when that date passes, the key will no longer work. If you used stored access policies, you can invalidate or delete the policy and it will invalidate the shared access signature as well. And finally, if you change your storage account keys, all shared access signatures will be invalidated automatically. You cannot update a shared access signature after it's been created.
There is a maximum of 1000 VMs in a single VMSS.
Azure Hybrid Connections is designed to allow Azure Web Apps or Mobile Apps to connect to services that run inside a network, without needing modifications to the firewall settings. It does this by opening a connection to Azure from the network (from inside) which allows API calls to be made from Azure to a WCF service running inside the network. ExpressRoute and Site-to-Site VPN's require a gateway to be installed.
Azure AD B2B collaboration allows you to connect your Azure AD with an external partner, allowing them to assign permissions to applications you allow them to.
A replica is an instance of the index. You sometimes want multiple replicas so that your search can be load balanced.
The NuGet package Swashbuckle is used to generate Swagger documentation for Azure API apps.
Azure Storage Queues are for short messages, which have a 64 KB maximum.
Anything you can do to optimize your application to make less queries will obviously make it a better user experience and slow down the growth problems for the future. Adding redis caching to catch some queries before they get to the database is a good idea (such as lookup tables for UX fields), as well as turning queries into batches as much as possible. Also, of course, Azure allows you to scale the database up one more level, so that would also be a solution (short term). CDN would not help with this problem since that deals with static assets like JS files, CSS, images or videos. You're not storing videos in the database, are you? :)
Windows Deployment Services is one of the unsupported roles of Windows Servers inside Azure.
Currently you can create alerts on CPU Percentage used, network in, network out, disk bytes read, disk bytes written, disk read operations per second, disk write operations per second.
Azure Application Gateway is a layer-7 load balancer, which is the application level. Azure Load Balancer is layer-4, transport level. Traffic Manager works at the DNS level.
The Set-AzureRmWebApp command allows you to set the host name using the -HostName property.
In order to debug a Virtual Machine, the Remote Debugging extension has to be installed on that virtual machine.
Azure Table uses partition key and row key which together must be unique.
Azure Active Directory is Azure's Identity as a Service offering, which provides directory services, identity governance, and application access management
Azure distributes the VMs evenly among 5 update domains by default. When the sixth VM is added to the availability set, it will be put on the first update domain. The seventh, when it's created, will be on the second.
Azure Logic Apps and Functions are two services at the core of Azure's Serverless applications. Serverless applications are billed based on consumption (per transaction or per KB), and the developer does not have to worry about the server or a service level plan.
System Center Operations Manager (SCOM) is for managing and monitoring large cloud installations. It is used as a management tool for on-premises Windows Sever and Hyper-V based-clouds, but it can also integrate with and manage Azure apps. Among other things, it can install Application Insights on existing live apps. If an app goes down, it tells you in seconds. Note that Log Analytics does not replace SCOM. It works well in conjunction with it.
Graph API supports both JSON and XML for requests and responses.
We cannot use the "scale up" function of azure to move from a HDD VM to one that uses Premium SSD storage as the scaling option restricts you to a VM of the same storage type - standard or premium storage.
A CORS pre-flight request is made using an HTTP OPTIONS call to the server that holds the resources, in this case the Azure storage service. The server returns a status 200 OK if the CORS request is accepted. Having received permission to make the request, then the main request is made from client to server.
Shared Access Signatures are the primary way to grant access to a Service Bus Queue. You generate them in the Azure Portal, and then can hand them out to client applications that need access to that queue. If you make them using a Stored Access Policy, you can revoke access at any time.
There are 9 triggers that can start a function: blobs, event hubs, HTTP request, GitHub, queues, Service Bus Queue, Service Bus Topic, Timers, or a webhook.
We can restrict the number of API calls over a short period of time. The number of API calls over a long period of time (or forever). You can restrict by IP address, or use that as a way to throttle usage. You can check for values in the header.
Using vnet peering, you can use Application Gateway to distribute traffic to different regions for true internal load balancing.