DevOps Basics
DevOps is a mixture of development and ops, sometimes including CI/CD, Agile planning, and monitoring applications. |
Used because of it's easy delivery of software and for benefits of reliability, security, and stability. |
DevOps also help deliver small results in frequent loops so that major projects can be completed in minor chunks increasing productivity. |
Azure DevOps Services:
Azure Boards
Azure Pipelines
Azure Repos
Azure Artifacts
Azure Test Plans} |
Cloud Deployment Models
Public Cloud |
The infrastructure is owned by your cloud provider and the server that you are using could be a multi-tenant system. |
Private Cloud |
The infrastructure is owned by you or your cloud provider gives you that service exclusively. Example: Hosting your website on your servers, or hosting your website with the cloud provider on a dedicated server. |
Hybrid Cloud |
When you use both Public Cloud, Private Cloud together, it is called Hybrid Cloud. For Example: Using your in-house servers for confidential data, and the public cloud for hosting your company’s public facing website. This type of setup would be a hybrid cloud. |
Service Types Comparison
| |
Advantages |
Disadvatages |
Public |
+ High Scalability/Agility
+ PAYG (No CapEx, OpEx model)
+ Not responsible for hardware maintenance
+ Minimal technical knowledge required |
- May not be able to meet specific security requirements
- May not be able to meet specific compliance requirements
- You don't own the hardware and may not be able to manage them as you wish |
Private |
+ You have complete control
+ Can meet strict security and compliance requirements |
- Upfront CapEx costs
- Owning equipment limits agility to scale
- Requires high technical knowledge |
Hybrid |
+ Advantages of both Public and Private |
- Can be more expensive than selecting one deployment model
- Can be more complicated to set up and manage |
Azure Networking Services
Virtual Network |
Connects VMs to incoming Virtual Private Network (VPN) connections |
Load Balancer |
Balances inbound and outbound connections to applications or service endpoint |
VPN Gateway |
Accesses Azure Virtual Networks through high-performance VPN gateways |
Application Gateway |
Optimizes app server farm delivery while increasing application security |
Content Delivery Network |
Delivers high-bandwidth content to customers globally |
Azure Databases
CosmosDB |
Globally distributed database that supports NoSQL options |
Azure SQL Database |
Fully managed relational database with auto-scale, integral intelligence, and robust security |
Azure Database Migration Service |
Migrates your databases to the cloud with no application code changes |
Azure SQL Data Warehouse |
Fully managed data warehouse with integral security at every level of scale at no extra cost |
Web Architecture Best Practices
System flexibility |
Component reusability |
Clarity and well-thought structure of your code |
Scalability |
Stability and reliability |
Easy bug-detection |
Performance level regarding your system as a whole |
Optimize SQL Stored Procedure
Use SET NOCOUNT ON - Suppresses network messages and decreases traffic |
Use fully qualified procedure name - A fully qualified object name is database.schema.objectname |
Using IF EXISTS AND SELECT 1 - If checking the existing record, don't need to return column names |
Keep transaction short and crisp - The longer the transaction the longer the locks will be held based on isolation level. This may result in deadlocks and blocking. |
|
|
Azure Pipelines
Tasks |
Get resources, Restore, Build, Test, Publish Artifacts |
Triggers |
Enable CI, Add branches |
Variables |
Add environment variables or groups |
Service Types
IAAS |
PAAS |
SAAS |
Infrastructure as a Service |
Platform as a Service |
Software as a Service |
Raw hardware that can be configured. |
Platform to publish without giving access to software or OS |
Software to use without purchase. |
Example: Azure VM |
Example: Web Apps |
Example: Dropbox |
Azure Storage Services
Blob Storage |
Storage service for very large objects, such as video files or bitmaps |
Disk Storage |
Provides disks for virtual machines, applications, and other services. |
File Storage |
Azure Files offers fully-managed file shares in the cloud. |
Archive Stroage |
Storage facility for data that is rarely accessed. |
Azure Compute Services
Virtual Machines |
Emulate physical computers. Include virtual processor, memory, storage and networking resources. VMs host and OS and can be logged into through remote client |
VM Scale Sets |
Can use to deploy and manage a set of identical VMs. With all VMs configured the same, virtual machine scale sets are designed to support true autoscale. As demand goes up, more VM instances can be added. As demand goes down, VM instances can be removed. The process can be manual, automated, or a combination of both. |
Containers/Kubernetes |
Can use to deploy and manage containers. Containers are lightweight, virtualized application environments. They're designed to be quickly created, scaled out, and stopped dynamically. You can run multiple instances of a containerized application on a single host machine. |
App Service |
Quickly build, deploy, and scale enterprise-grade web, mobile, and API apps running on any platform. You can meet rigorous performance, scalability, security, and compliance requirements while using a fully managed platform to perform infrastructure maintenance. App Service is a platform as a service (PaaS) offering. |
Functions |
Functions are ideal when you're concerned only about the code running your service and not the underlying platform or infrastructure. They're commonly used when you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less. |
User Session Management
Set secure/HttpOnly flags on your cookies. Avoid sending delicate traffic and tokens across an unencrypted channel. |
Generate new session cookies. All new session tokens should be generated at every session as soon as a consumer visits the application, verifies the correct credentials, and logs out of their account. A cookie should expire if the account is inactive for an extended period of time, and you should bind the consumer to re-authenticate. |
Configure session cookies properly. Session tokens should be extended, random, and uncommon. These properties can ensure that an attacker cannot guess or brute force the session token's value. |
Caching
Caching is a common technique that aims to improve the performance and scalability of a system. It does this by temporarily copying frequently accessed data to fast storage that's located close to the application. |
Distributed applications typically implement either or both of the following strategies when caching data: |
Using a private cache, where data is held locally on the computer that's running an instance of an application or service. |
Using a shared cache, serving as a common source that can be accessed by multiple processes and machines. |
The key to using a cache effectively lies in determining the most appropriate data to cache, and caching it at the appropriate time. |
Caching typically works well with data that is immutable or that changes infrequently. Examples include reference information such as product and pricing information in an e-commerce application, or shared static resources that are costly to construct. |
Caching is typically less useful for dynamic data. |
|
