So, I’ve made 2 commitments to myself. Firstly I’m committed to Microsoft’s Azure Solutions Architect Expert certification. I’ve also committed to blogging about my journey, to some degree to create some public accountability, but more-so because I’m excited to see how this project works out.
Have you ever done that before? Have you made a public declaration about something you want to do in order to make yourself more motivated to get it done? It’s a really effective way of getting things done. For years I have run training programs this way. I commit to the training or the live event and almost immediately I publish an announcement and start talking about the event or training, and then somehow it manifests and becomes a reality. Never underestimate the power of public accountability for getting things done.
Yesterday, I blogged about a general game plan and did a little background research on this whole area. I really committed to this without really knowing a lot about The Microsoft Certified Azure Solution Architect Expert, but this has more to do with my low opinion of certifications that it has anything to do with Azure. My rationale is very simple – as a student growing up I always did well academically in school and college, and finished my degree with a first class honours in Physics, and went on the become a lecture in the Department of Information Technology, teaching Operating System, Architecture, Networking & Communications, Web Design and Embedded Systems. Academic achievements was a normal part of my life, but what I discovered very quickly, is that there is a big difference between someone who does well in an exam and someone who can solve real life problems. This comes down to experience. Much later when I was hiring developers to join different teams I was with, I took a lot more interest in someone who built their own gaming PC or did some technology work for their club or school that someone who got straight A’s in exams.
What has changed my opinion about certification? I have been an avid supporter of the Microsoft Stack for a long time and my career as a developer was totally biased towards Microsoft technology. I have watched the Azure portal grow over the past 10 years and there was a time I could say that I understood and build demos using nearly every Azure Resource that was available thanks to my Microsoft Partner program membership and the amazing Action Pack subscription. But there is simply too much happening now for me to keep atop of all the changes. Even the Machine Learning area alone is too big an area for me to keep on top of, never mind the rest of Azure. So, I hang up my white flag of surrender and I say “Folks, I surrender, Show me the way, show me a path and a qualification that gives me the best approach to understanding all of Azure in the least about of time possible”, and that is exactly what this approach has given me.
I have given myself the rest of this month (about a week) to get my head around the course syllabus and what’s required. Consistency is Key. Today my goal is to get a preview of all the content in the first level exam AZ-104 and to make small incremental amounts of progress every day.
For today I am using John Savill’s Study Cram 3.5 hour youtube video to review what I know and what I have yet to learn.
In his 4 hour study cram, I reviewed most of the first hour to get an idea of the following sections:
- Identity and Azure AD 6:14 –
- AD on-premises 7:11 –
- AAD Connect and customization 10:58
- Users 14:35
- Groups 17:26
- Devices 18:58
- AAD SKUs 22:10
- Self-service password reset 24:10
- Administrative units 26:49
- Azure subscriptions 28:23
- Cost analysis and budgets 31:40
- Resource groups 32:48
- Management groups 34:00
- Tags 36:40
- Policy 41:00
- Roles 44:30
- Control and data plane 49:13
- Activity log 51:35
To give some context to what I already know, I have been running Azure AD Connect on my Active Directory for years, and while I don’t heavity use the features, I have all the features enabled in order that my home office network is pretty much the same as a large corporate network. I have office 365 enable on my AAD, on my local LAN I have 2 AD servers, a AD Connect Server, a Storage Server and a bunch of Virtual Machines running Ubuntu, so I really have a tiny data centre already running “in production” at home. I highly recommend that anyone that is interested in learning about Azure and Azure AD do the same – there is so much you can learn by “eating your own dogfood”.
As a result, A lot of the material I reviewed today was already very familiar to me, and my big takeaway from what I watched so far is that although I have being using the Azure Portal for year, there are many nuances that I have not really paid attention to. One area that I often found confusion with is the relationship between Subscriptions, Identity and Permissions. What I hadn’t realised is that the IAM identity is tied to an Azure AD and that the subscription then trusts the Azure AD, not the other way around. The diagram that John used to show the trust relationship really simplified the model for me, and I think this was one of the things that I got wrong in my model of how Subscriptions work. In other words, the Azure AD is the central focus and then trusts are built between the subscriptions and the identities.
Policy is new to me in that when running Azure services for a small business, you really don’t need policy, but in a large organisation, you might have many different subscription for both dev and production so I can see a real benefit here of having a set of policies that dictate either enforceable or alertable (is this even a word) around policy. Related to this I’m also new to Management Groups – I guess I never needed them.
Tags are something that I was familiar with but didn’t care about, but looking at larger organisation, I now can see how Tags, and Policies with inherited tags can be used together with great power for governance. The Control and Data plan idea I am familiar with from Corporate. In a corporate LAN, it’s very common to have one network interface specifically for remote desktop and a different network interface for public facing data. I remember the rationale that I was told by a senior architect is that if experience a Denial of Service attack or just very heavy traffic and we needed to remote on the same network interface as was under attack it is possible that we could not even reach the server to mitigate the attack. So, my understanding is that have control and data planes comes from this idea. With the idea of Hyper-V and data migration, it’s common for the migration of VMs to happen over a different network interface also, so insuring that control and data planes seems like a logical approach.
That’s really all I reviewed today.
I did find out from a tweet that I also need refresh my architecture design skills with the Cloud Adoption Framework for Azure and the Azure Well-Architected Framework learning path. I’ve linked to both of these resources below, but honestly, this will be something I review when I get closer to Exam AZ-305
That’s all for Today.
To your Ambition