AZ-400 Exam Preparation: Well-Architected Framework - Operational excellence
Published a month ago
9 minutes read
The content is summarised from AZ-400 official document
Design, build, and orchestrate with modern practices
DevOps is the union of people, processes, and products to enable continuous delivery of value to end users. DevOps focuses on bringing the development and operations functions together, and breaking down the existing barriers between them. This combination creates multidisciplinary teams that work together with shared and efficient practices and tools. Essential DevOps practices include agile planning, continuous integration, continuous delivery, and monitoring of applications.
- Azure DevOps
- GitHub (Owned by Microsoft)
2. Continuous Integration (CI)
- Grab the code from repository, build, and test.
3. Continuous Delivery (CD)
- Build, test, configure and deploy to production
- Azure Pipelines combines continuous integration (CI) and continuous delivery (CD) to constantly and consistently test and build your code and ship it to any target.
- GitHub Actions can also be used to build CI/CD capabilities in your GitHub repositories. With GitHub Actions, you can build workflows that are custom automated processes to build, test, package, release, and deploy code.
- Each service is typically responsible for its own data. Its data structure is isolated, so upgrades or changes to schema aren't dependent on other services.
- Internal implementation details are hidden from service consumers.
- Microservice architectures are technology agnostic, but you often see containers or serverless technologies used for their implementation. Continuous deployment and continuous integration (CI/CD) is frequently used to increase the speed and quality of development activities.
6. Environment consistency
- Ensure that your environments are consistent betweeb development, test, and production
- Including your environment definitions as part of your deployment will help ensure that your code is built and deployed on a consistent, end-to-end infrastructure.
Use monitoring and analytics to gain operational insights
Monitoring is the act of collecting and analyzing data to determine the performance, health, and availability of your business applications, and the resources on which they depend.
1. Core monitoring
- What is happening with your resources at the Azure platform level. (You can check all the actions to your resources using Azure Activity Log)
- Data is retained for 90 days
- Use cases:
- Who has attached a disk to this virtual machine?
- When was this machine shut down?
- Who changed the load balancer configuration?
- Why did the autoscale operation on my virtual machine scale set fail?
Health of cloud services (Azure Service Health)
Metrics and diagnostics (Azure Monitor)
- Instance level
- Get notified when someting goes wrong
- Provide almost real time metrics. (Useful for critical alerts)
Azure Advisor recommend the adjustments for
- High Availabilty
2. Deep infrastructure monitoring (Log Analytics)
- Infrastructure level
- Gather logs and metrics from the actual operating systems.
- Allows you to create queries and interact with other systems based on those queries. (Alert)
3. Deep application monitoring (Azure Application Insights)
- Performance issues
- Usage trends
Use automation to reduce effort and error
The configuration can be done manually, but manual steps do not scale well.
- Prone to error
- Labor intensive
1. Infrastructure as code (IaC)
- It solves the problem of environment drift.
- Explicitly state the commands to get the outcome. (Script language or SDK)
- The script can be very complex
- Might need error handling and input validation
- Need maintenance
Declarative automation (Azure Resourre Manager)
- Specify only what you want the result to be.
- ARM have 4 sections: parameters, variables, resources, outputs
2. VM images vs Post-deployment configuration
- Custom images: everything you need run the app is pre-installed. (Fast deployment speed, no more configuration)
- For custom images: you have to ensure the images update and security patches.
- Post-deployment scripting
- Azure script extension
- Azure Automation Desired State Configuration (DSC)
- Slower to scale
3. Automation of operation tasks (Azure Automation)
- Use cases:
- Periodically searching for orphaned disks
- Installing the latest security patches on VMs
- Searching for and shutting down virtual machines in off-hours
- Running daily reports and producing a dashboard to report to senior management
4. Automating development environments (Azure DevTest)
- Development machines for developers (VMs)
Testing strategies for your application
- Is one of the fundamental components of DevOps. (Write test!!!)
- Shift left principle Your testing should be shifted as much as possible toward the beginning of your process. Because errors are far cheaper to repair when they are caught early, and issues can be expensive or impossible to fix later in your application life cycle.
- Azure Testing Plans for manual testing.
1. Automated Testing
- Unit Testing
- Smoke Testing: more exhaustive than unit tests, but still not as much as integration tests.
- Integration Testing: determines whether your components can interact with each other as they should.
2. Manutal Testing
Used to correct errors before they become too expensive to repair, or before they cause customer dissatisfaction.
3. Acceptance Testing
- Blue/Green deployments: Redirect part of the traffic to new versions. (The whole app)
- Canary releases: Feature flags (More about specific feature)
- A/B testing e.g., Split 2 groups of users, use some metrics to see which layout works better for your application goals.
Application Insights User Behavior Analytic can be used to determine how people are using your application.
- Ensure that your application and infrastructure can scale automatically to handle the spike.
- Every component of the system that is not able to scale out can turn into a bottleneck
5. Fault injection
- Resilient to infrastructure failures
- Chaos engineering
6. Security tests
- Red team exercieses
- Scan code and dependencies
- SQL injection