As technology evolves, businesses and organizations
are increasingly adopting cloud computing to improve their operational
efficiency, enhance scalability, and reduce costs. However, cloud adoption can
be a complex process that requires a clear understanding of the different
phases and best practices for success.
A Cloud Adoption Framework (CAF) is a methodology
that provides a structured approach to guide businesses and organizations
through the process of adopting cloud computing. The CAF helps organizations to
develop a roadmap, identify potential risks, and plan a successful cloud
migration.
There are six phases in the Cloud Adoption Framework:
Strategy: In this phase, the organization defines its
cloud strategy, including goals, objectives, and business outcomes. The
strategy should also outline the organization's overall cloud adoption vision,
including the types of services to be used and how they will be managed.
Example: An e-commerce company that is expanding its
operations globally might decide to adopt a cloud strategy that prioritizes
agility and scalability to support the rapid growth.
Plan: This phase involves assessing the
organization's current IT environment and identifying the workloads that are
suitable for migration to the cloud. The plan should also include an assessment
of the organization's cloud readiness and a roadmap for cloud migration.
Example: A healthcare provider may plan to migrate
patient data from an on-premises database to a cloud-based electronic medical
record (EMR) system, while ensuring compliance with regulations such as HIPAA.
Ready: In this phase, the organization prepares for
cloud adoption by developing the necessary skills, processes, and tools. This
includes training employees, developing governance policies, and ensuring that
the organization's security and compliance requirements are met and accordingly Landing Zone would be deployed for the migration or modernization.
Example: A financial services company might invest in
training employees on cloud security best practices and implementing a security
and compliance framework to ensure that customer data is protected.
Adopt: This phase involves migrating workloads to the
cloud and ensuring that they function as expected. The organization should
monitor and optimize the performance of its cloud infrastructure and services,
while also managing costs.
Example: An education institution might migrate its
student information system to the cloud to improve accessibility and
scalability while also reducing costs associated with maintaining an
on-premises infrastructure.
Govern: This phase involves managing the ongoing
operations of the cloud environment, including monitoring performance,
optimizing costs, and ensuring compliance with security and governance
policies.
Example: A government agency might implement a cloud
governance policy that includes regular compliance audits, security
assessments, and risk management processes.
Manage: In this final phase, the organization
continuously manages its cloud environment to ensure that it meets its business
needs and objectives. This includes optimizing costs, improving performance,
and scaling resources as needed.
Example: A retail company might regularly review its
cloud infrastructure usage to identify cost savings opportunities, optimize
performance, and scale resources to meet increasing demand during holiday
shopping seasons.
Measurement of Successful Outcomes:
To measure the success of a cloud adoption
initiative, organizations should establish metrics that align with their cloud
adoption goals and objectives. Some common metrics to measure the success of
cloud adoption include:
Cost Savings: Organizations can measure the cost
savings achieved through cloud adoption by comparing the costs of maintaining
on-premises infrastructure with the costs of using cloud services.
Agility: Cloud adoption can enable organizations to
respond to changing business needs more quickly. Agility can be measured by
tracking the time it takes to deploy new applications or services.
Scalability: The ability to scale resources up or
down as needed is a key benefit of cloud adoption. Scalability can be measured
by tracking the use of cloud resources over time.
Security: Cloud adoption can improve security by
providing access to advanced security features and technologies. Security can
be measured by tracking compliance with security policies and regulations.
Performance: Cloud adoption can improve application
and infrastructure performance. Performance can be measured by tracking
application response times.
Well this is the very brief introduction with CAF, I am sure this will help you to start you journey to deep dive into CAF. All hyperscale's has there own Adoption Frameworks and I might be biased but as my experience MS has the best documentation. Happy Learning !!
This post I am writing on the request of all the enthusiast
who wants to clear the MS certifications specially giving exams from their home
or online, rather walking up to the center. Few days ago, I shared my recent
certifications that includes the Expert Badge as well and my inbox were full of
messages asking about my experience and preparation recommendation hence the
blog post covering most of the questions and sharing the experience.
This
is the Acclaimed link for the certifications and badges I hold.
All the latest certification I achieved is from home though I
was always skeptical scheduling from home because of proctor which could be
difficult sometimes like it will not start easily if it finds odd things in
place or can be stopped if someone enters room or you get up or light goes off
things like that but due to pandemic I have too, and it was far better
experience then I was thinking.
You can schedule exam from here and
check your certification and badge from here
remember to use the same email ID that you scheduled your exams with.
You can reschedule or cancel your exams and you can find the
policy here
basically it says you should reschedule or cancel 6 business days prior to the
exam date.
Most of the exam I scheduled in the noon time, but I should
have in the night for the quite purpose, but you know it is the evening we love
the most in weekends 😉 & just to be on time and though with all
the pre-requisite I always check-in before 30 mins though it takes only 10-15
mins for the pre-requisite which includes: -
Quick System check which includes download of a small
“OnVUE” exe which will check the mic, camera and bandwidth before start, so
make sure if you are using office laptop you should have the local admin
details else it could be difficult, but it always recommended to use home
laptop.
After the quick system check it would ask you to upload the
·Government approved Identification.
·Your Photo and rooms photo all 4 side.
The best way to do this having Mobile Phone handy though you
shouldn’t have the phone in your arms reach but for upload tasks its always
good to have your phone handy and Exam also asks you if you have phone as well.
Once all uploaded you need to refresh the Page on your laptop
and keep your phone away now here you would have the serious considerations
which includes things like don’t leave the room, None is allowed, your phone should
be away from your arms reach, no food material allowed etc. and an option to
hit next so make sure you adhere to the rules and brace yourself because you
are entering to the Most difficult Phase of this process.
Most difficult part is the wait part because once you hit
next you are not supposed to move , you should be in front of camera all the
time and you do not have phone in hands & it takes 15 mins to verify your
details by Proctor. So you are sitting for 15 mins in front of camera doing
nothing 😊 . Well if you are lucky it will get start little
sooner then it mention or if not then after 15 mins it would say cant start the
exam and do not close it and click here for support. Well I have had both the
experiences where my exam started in 5 mins and once it took almost 45 mins.
The only exam which took 45 mins and help of support, I scheduled it in the night
& the issue was my winter cap which I was wearing because of cold and
proctor not able to find out the difference in my cap and not cap pic I guess
anyways I clicked on the help button and start the chat like any other customer
care.
I waited for 30 mins before I could get the response, well
this was the unlucky me but yes, I cleared the exam to what It counts. Exam Support
I was talking about called me on laptop and inspect the room via laptop camera
and ask me to remove the cap though I mentioned its super cold here but she
confirmed it’s the cap you need to remove only then it would start 😊
so there we go I scheduled in night first time, its already late and I don’t have
my winter cap and if you could guess the exam its 304 😉what else we need to make it better. I
only asked her can I have a sip of water and she said why not please do.
So, to conclude you need to wait for proctor to start your
exam for 15 mins without your phone and it could be less then 15 mins or more😊.
Well, this all about the experience prior to initiate the exams from home but
yes once you have done it or though with all the initial process you would more
comfortable and next time it would be all fun.
Now, lets talk about the exam experience, as soon as Proctor
starts your exam, it would ask you to accept select yes kind of screen and once
you hit next you need fill the survey which has the questions like why you are
doing the certification, are you expert or general questions regarding your
knowledge on the Topics. I find till here everything is same in all the exams
including survey and screen.
Well, if I talk about the Exams especially the advance one
like AZ-303, AZ-304 or AZ-500 I found same kind of pattern for the exams in 180
mins for 60-65 questions as discussed below –
·Case Study
·Multiple choice questions
·Scenario
Case study usually has 5 to 8 questions and you would have existing
environment or planned requirement tabs that you can go though and answer
accordingly. What I found when you go back to read the requirement or scenario and
you hit next you would be landed to the next question, so best way to hit
previous button or you would get the option in the end like you missed one
question. As per my experience MS provides more then enough time for the
questions but my old habits , I usually got though the questions and come back to
see the requirement. I am not saying its effective method, or it could be if
there is a time constraint but there is not, so I am sure best way to perform
is to go through the entire scenario and answer the questions.
Once you through with case study, next pattern will start
which has multiple choice questions (50-55 questions) which I found easy but sometime confusing when
you think none of the options fit as per question and worst part you do not
have None of the above in the question 😉 and same goes when you think all seems the
relevant answers, but you do not have All of the above. In such scenarios you
need read the question multiple times and you would know it’s the words of the
question which is creating confusion. But this section I find very interesting
because you also get couple of straight forward questions that helps you build
the confidence because you know this the correct answer then and there.
Now its time for the next pattern which includes scenario and
multiple questions (5-6 questions) which includes the answer for the scenario, and
you may to need select true False as per the question. This pattern is more
like there is one answer for the scenario and all the question will giving you
different options for e.g scenario asks for the 99.99% availability for VMs
& we know AV-zone is the answer, but questions may have “will AV-set is the
solution” or will Managed disk help here. Long story short if you know what is
needed for your scenario then you will get the marks for all the question 😊
& I have seem this is the only pattern where you can not go back and correct
your answer means if you choose the answer and you hit next then there is no
previous button.
As per my experience in almost all exams we have same kind
of pattern and its very important to read can we go back, or we can’t before hit
next or finish.
Now once you finish your exam it will give you your result
then and there with in seconds, but you will receive the cert or badge within
24 hours. This how these exams would be and my experience appearing and
clearing from home.
Let us talk how could you prepare for these exams or rather
how I prepared for these exams. It has been years I have been working with Azure,
so this helped me immensely because most of scenario, limitations, and usage I have
already encountered multiple times in my career however to be sure that I could
clear the exam and it would be waste of money I did prepare with the help of below
courses :-
For AZ-303
1.Course by James Lee on Linux Academy (cloud guru)
-AZ-303 and AZ-300
2.Skylines Academy Nick Colyer – AZ-303 Course
3.Exam Reference Book by Mike Pfeiffer
4.All the Labs possible to cement the knowledge you
acquired. Linux Academy provides lab with the course, but I would suggest create
your own free account and for each topic create your scenarios and do labs –
MUST
1.Course by James Lee on Linux Academy (cloud guru)
-AZ-301 only as 304 is not good as per my experience on Cloud guru may be
they will recreate it.
2.Skylines Academy Nick Colyer – AZ-304 Course
3.Alan Rodrigues on Udemy AZ-304
4.All the Labs possible to cement the knowledge you
acquired. Linux Academy provides lab with the course, but I would suggest create
your own free account and for each topic create your scenarios and do labs –
MUST
1.Course by Shawn Johnson on Linux Academy (cloud
guru) -AZ-500
2.Skylines Academy Nick Colyer – AZ-500 Course
3.Exam Reference Book AZ-500
4.All the Labs possible to cement the knowledge you
acquired. Linux Academy provides lab with the course, but I would suggest creating
your own free account and for each topic create your scenarios and do labs –
MUST
1.Course by Robert on Linux Academy (cloud guru) -AZ-104
2.Skylines Academy Nick Colyer – AZ-104 Course
3.Exam Reference Book AZ-104
4.All the Labs possible to cement the knowledge you acquired. Linux Academy provides lab with the course, but I would suggest creating your own free account and for each topic create your scenarios and do labs – MUST
Overall my experience was pretty good and exams wasn't that tough to clear as you only need 700 out of 1000 means 70% and there is no negative marking so if you don't know the answer try to see what is not the answer out of the options and select the best possible option available rather leaving it blank. So except few confusing scenarios, you wouldn't find anything out of the course that recommend.
If I talk about the MS documentation, it’s tough to go through
that enormous documentation but here is my suggestion if you like to read
through MS doc go through Concept and FAQ to make the grip on the topics and
tutorials & how to if you want to implement.
After all the discussion let’s talk about changes in the
certification renewal process, that you can read through here
for details and the crux is you need not to re-exam for the renewal of the
certifications but MS will send you the notifications before 6 months of cert
expiry date , to do the learning and
assessment on MS learn to extend the expiry to one more year and so on but if
you miss to complete the module on MS learn and assessment then you will back
to the old process.
In the end I would like thank my employer Rackspace Technology "which is truly best place to work" which also provided 100% claim on the linked account and university to prepare for the examinations along with my team who inspire and encourage to be more.
Well that's all my experience with exam or cert from home and the recommendations to clear the exams. Thanks for the read & share your comments or experience in the comment section please & All the best for your exams. Happy Learning :) & Do check out below you tube video as well for more information.
Questions Q #1 Where does Site Recovery replicate data to? Q #2 Can I change the vault in which the
configuration server is registered? Q #3 Can I keep the IP address on fail-over? Q #4 How far back can I recover? Q #5 Is the fail-over automatic ? Q #6 How do you check if process server is actually pushing data ? Q #7 Can I change the target VM size or VM type
before fail-over? Q #8 How to refresh config server from Azure portal Q #9 How to check the Process server connection to
Azure blob storage Q #10 If there Is no connectivity from the process
server to Azure , what all services we need to check ? Q #11 How to add cred in ovf template machine if you
forgot to add cred Q #12 How to generate the passphrase ***************************** Answers **************************************** Q #1 Where does Site Recovery replicate data to?
Site Recovery replicates
on-premises VMware VMs and physical servers to managed disks in Azure.
·The
Site Recovery process server writes replication logs to a cache storage account
in the target region.
·These
logs are used to create recovery points on Azure-managed disks that have prefix
of asrseeddisk.
When failover occurs, the recovery point you select
is used to create a new target managed disk. This managed disk is attached to
the VM in Azure Q #2 Can I change the vault in which the configuration server is registered?
No. After a vault is
associated with the configuration server, it can't be changed. But you can
de-register first and follow the registration steps like a new config server
registration. During this process all protected virtual machines under the
config server is stopped.
Q #3 Can I keep the IP address on fail-over?
Yes, you can keep the
IP address on failover. Ensure that you specify the target IP address in
the Compute and Network settings for the
VM before failover
Q #4 How far back can I recover?
For VMware to Azure,
the oldest recovery point you can use is 72 hours.
Q #5 Is the fail-over automatic ?
No its not, you can start fail-over from portal or via PS.
Q #6 How do you check if process server is actually pushing data ?
On process server >> under task manager >>
performance tab >> resource monitor >> Network tab >> Process
and network Activity
Check cbengine.exe is actively sending a large volume
of data.
Q #7 Can I change the target VM size or VM type before fail-over?
Yes, you can change
the type or size of the VM at any time before failover. In the portal, use
the Compute and Network settings for the replicated VM.
Q #8 How to refresh config server from Azure portal Navigate to the recovery vault >> under Manage >> Site recovery infrastructure >> Click configuration server under VMware & physical machines >> select the configuration server and select the option refresh config server. Q #9 How to check the Process server connection to Azure blob storage
On process server >> under task manager >>
performance tab >> resource monitor >> Overview >> select
cbengine.exe >>
Under TCP connections, check whether there is connectivity
from the process server to Azure storage.
Q #10 If there Is no connectivity from the process server to Azure , what all services we need to check ?
1.Verify that the following services
are running:
ocxprocessserver
oInMage Scout VX Agent –
Sentinel/Outpost
oMicrosoft Azure Recovery Services
Agent
oMicrosoft Azure Site Recovery
Service
otmansvc
2.Start or restart any service that
isn't running.
3.Verify that the process server is
connected and reachable
Q #11 How to add cred in ovf template machine if you forgot to add cred you can add credential from the configuration server , log in to the config server and launch CSPSConfigtool.exe, click add Q #12 How to generate the passphrase
Sign in to your configuration server, and then open a command prompt window as an administrator.
To change the directory to the bin folder, execute the command cd %ProgramData%\ASR\home\svsystems\bin
To generate the passphrase file, execute genpassphrase.exe -v > MobSvc.passphrase.
Your passphrase will be stored in the file located at %ProgramData%\ASR\home\svsystems\bin\MobSvc.passphrase.
Azure market place has
so many images for NVA i.e network virtual appliance by which people usually control
or filter or manages there network traffic but if you see these are 3rd
party and firewall on a VM means IAAS so you need to worry about a lot of things
that we do in IAAS infrastructure right. But now we have something called Azure
firewall which is recently become GA nd offers a lot of benefits along with
native solution of Firewall offcourse.
So
Azure Firewall is a
managed, cloud-based network security service that protects your Azure Virtual
Network resources.
It's a fully stateful
firewall as a service with built-in high availability and unrestricted cloud
scalability.
With Az Firewall – you
can centrally create , enforce and log application and network connectivity
policies across subscription and virtual networks.
Az Firewall uses a
static public IP address for your virtual network resources allowing outside
firewalls to identify traffic originating from your virtual network.
The service is fully
integrated with Azure Monitor for logging and analytics.
Quick View
Lets check about all
the features that Az firewall offers :-
#1 Built in HA , so no
additional LB or instances required & there is nothing you need to configure.
Az Firewall can be configured in multiple Az-Zones for increased availability &
with Az-Zone you have 99.99% uptime SLA when 2 or more Av-Zone selected.
You can also associate Azure Firewall to
a specific zone just for proximity reasons, using the service standard 99.95%
SLA.
There's no additional cost for a firewall
deployed in an Availability Zone. However, there are additional costs for
inbound and outbound data transfers associated with Availability Zones.
#2 Unristricted Cloud Scalability Azure
Firewall can scale up as much as you need to accommodate changing network
traffic flows, so you don't need to budget for your peak traffic.
#3 Application FQDN Filtering Rules You can limit outbound HTTP/S traffic to a
specified list of fully qualified domain names (FQDN) including wild cards.
This feature doesn't require SSL termination. For.e.g allow outbount
access to www.Google.com
#4 Network Traffic Filtering RulesYou can centrally create allow or deny network
filtering rules by source and destination IP address, port, and protocol. Azure
Firewall is fully stateful, so it can distinguish legitimate packets for
different types of connections. Rules are enforced and logged across multiple
subscriptions and virtual networks.
E.g allow DNS for
spoke Vnet resources which is in Hub vnet along with all the shared services. Or
allowing web traffic on port 80
#5 FQDN TAGS FQDN tags make it easy for you to allow well-known
Azure service network traffic through your firewall. For example, say you want
to allow Windows Update network traffic through your firewall. You create an
application rule and include the Windows Update tag. Now network traffic from
Windows Update can flow through your firewall.
#6 Service TagsA service tag represents
a group of IP address prefixes from a given Azure service.
Microsoft manages the address prefixes encompassed by the service tag and
automatically updates the service tag as addresses change, minimizing the
complexity of frequent updates to network security rules.
service tags can be
used in the network rules destination field.
#7 Threat Intelligence Threat
intelligence-based filtering can be enabled for your firewall to alert and deny
traffic from/to known malicious IP addresses and domains. The IP addresses and
domains are sourced from the Microsoft Threat Intelligence feed.
#8 Outbound SNAT SupportAll
outbound virtual network traffic IP addresses are translated to the Azure
Firewall public IP (Source Network Address Translation). You can identify and
allow traffic originating from your virtual network to remote Internet
destinations. Azure Firewall doesn't SNAT when the destination IP is a private
IP range or if vnet uses public Ip address range then Az-Firewall SNAT
the traffic.
#9 Inbound DNAT SupportInbound
Internet network traffic to your firewall public IP address is translated
(Destination Network Address Translation) and filtered to the private IP
addresses on your virtual networks
Multiple public IP addresses
You can associate multiple
public IP addresses (up to 100) with your firewall.
This enables the following
scenarios:
·DNAT - You
can translate multiple standard port instances to your backend servers. For
example, if you have two public IP addresses, you can translate TCP port 3389
(RDP) for both IP addresses.
·SNAT -
Additional ports are available for outbound SNAT connections, reducing the
potential for SNAT port exhaustion. At this time, Azure Firewall randomly
selects the source public IP address to use for a connection. If you have any
downstream filtering on your network, you need to allow all public IP addresses
associated with your firewall.
Azure Monitor
logging
All events are integrated with Azure
Monitor, allowing you to archive logs to a storage account, stream events to
your Event Hub, or send them to Azure Monitor logs.
TIPS Before we start the talking about saving money or cost optimization we should first know to the depth where actually money is going. You need to first figure out daily , monthly or may be resource and resource group basis cost and do some analysis to find out what is needed and where all you need the deep analysis to save cost. Once you have your resources handy you can utilize one of the below tips to save money and put it back in the business to expand or move more resources on Azure. Lets get started with the Tips to get the best output of the money we are spending on the cloud. 1 # Power-Off VMs - This is applicable for the VMs that we dont need to run 24*7. We all have different environments like DEV , QA , TEST or Prod . We may need prod VMs running 24*7 but not all the VMs inside Lab, Test or Dev environment So, you can save alot of money by Powering-off the VM or you can also utilize the Auto-shutdown the VM when your Dev team or QA team leaving the office, you can also place runbooks in place to power-off and on om schedule. Essence of the story dont leave the VM running if you dont need it. 2 # VM Right Sizing
You pay as per the compute power or VM size. People usually with the On-prem mind set of keeping it high but in cloud you don’t need to moreover
you need to select the correct size as per the requirement for.e.g B2ms ,
D2s_v3 & DS2V_v2 Choose wisely and get the maximum output of he resources. As you can see the below highlighted VMs there isnt much difference in the power but in the cost and IOPS there is so select wisely.
3 # Region
Region matters when you spin resources means you may have
different prices for the same resource in the different region and we have Azure calculator to check that
rather going through portal , Now you may or may not have the region
restriction but as I said earlier we may have multiple environment so for dev, qa or test
you can build in such a region where you need to pay less – Let me tell you
this you may find minute difference like .108$/h or .099$/hour but remember its
for single machine and for one hour , you may have multiple machine and running
24*7 and trust me it would make a huge difference in the bill ultimately.
4 # Reservation
Just like Azure reserve instances we have other services like Database, storage etc where you reserve the capacity for one or 3 year and save upto 70% , you can upfront or monthly as per your convinced and discount will be applied accordingly.
5 # Azure Hybrid Benefits
If you have software assurance along with your
licensing then you can utilize it on Azure and get the benefit. You can apply
during the creation or after the creation of the VM from configuration under
settings. Remember this is one the best tip to save money for the people who are migrating with existing licences and you need to apply it , it wouldnt apply automatically & you can save upto 40% with hybrid benefit.
6 # Azure Spot Instance You can say this is in the moment pricing and mostly a lot lesser then usual pricing. Azure allows you to take advantage of our unused capacity
at a significant cost savings only caveat is At any point in time when Azure
needs the capacity back, Azure infrastructure will evict spot VMs. Therefore,
spot VM are great for workloads that can handle interruptions like batch
processing jobs, dev/test env, large compute workloads and more.
7 # Azure Advisor Azure Advisor is an inbuilt tool of Azure which provides recommendation for Cost, security, performance , HA and Operational excellence. Since we are talking about cost so Azure Advisor provides alot of recommendation to save money like :
1.Optimize virtual machine spend by resizing or shutting down
underutilized instances
2.Reduce
costs by eliminating unprovisioned ExpressRoute circuits
3.Reduce
costs by deleting or reconfiguring idle virtual network gateways
4.Buy reserved
virtual machine instances to save money over pay-as-you-go costs
5.Delete
unassociated public IP addresses to save money
6.Delete
Azure Data Factory pipelines that are failing
7.Use
Standard Snapshots for Managed Disks
8.Utilize
Lifecycle Management
8 # Delete VM along with resources This is specifically for the test and dev environment where we spin VM and keep it there either running or off , if we dont need VM frequently - delete it or take snapshot of VM if you need configuration and delete it along with all the resources and whenever you need it may next week , next month just use snapshot to spin up same config VM. Whenever you delete VM , dont forget to delete the resources like PublcIP and disk which also cost you. 9 # Dev Test Lab
Azure DevTest Labs enables developers on teams to efficiently self-manage virtual machines (VMs) and PaaS resources without waiting for approvals.
DevTest Labs creates labs consisting of pre-configured bases or Azure Resource Manager templates. These have all the necessary tools and software that you can use to create environments. You can create environments in a few minutes, as opposed to hours or days.
10 # Free Services Azure provides Free services for the Free Account for 12 months utilize that and keep learning.
