Krish DEV

Krish DEV

AZ-400 Exam Preparation: Well-Architected Framework - Operational excellence

Published a month ago

9 minutes read

The content is summarised from AZ-400 official document

Design, build, and orchestrate with modern practices

1. DevOps

DevOps is the union of people, processes, and products to enable continuous delivery of value to end users. DevOps focuses on bringing the development and operations functions together, and breaking down the existing barriers between them. This combination creates multidisciplinary teams that work together with shared and efficient practices and tools. Essential DevOps practices include agile planning, continuous integration, continuous delivery, and monitoring of applications.

  • Azure DevOps
  • GitHub (Owned by Microsoft)

2. Continuous Integration (CI)

  • Grab the code from repository, build, and test.

3. Continuous Delivery (CD)

  • Build, test, configure and deploy to production

4. CI/CD

  • Azure Pipelines combines continuous integration (CI) and continuous delivery (CD) to constantly and consistently test and build your code and ship it to any target.
  • GitHub Actions can also be used to build CI/CD capabilities in your GitHub repositories. With GitHub Actions, you can build workflows that are custom automated processes to build, test, package, release, and deploy code.


Logical diagram of a microservices architecture

  • Each service is typically responsible for its own data. Its data structure is isolated, so upgrades or changes to schema aren't dependent on other services.
  • Internal implementation details are hidden from service consumers.
  • Microservice architectures are technology agnostic, but you often see containers or serverless technologies used for their implementation. Continuous deployment and continuous integration (CI/CD) is frequently used to increase the speed and quality of development activities.

6. Environment consistency

  • Ensure that your environments are consistent betweeb development, test, and production
  • Including your environment definitions as part of your deployment will help ensure that your code is built and deployed on a consistent, end-to-end infrastructure.

Use monitoring and analytics to gain operational insights

Monitoring is the act of collecting and analyzing data to determine the performance, health, and availability of your business applications, and the resources on which they depend.

An illustration listing the Azure monitoring and analytics services.

1. Core monitoring

Activity logging

  • What is happening with your resources at the Azure platform level. (You can check all the actions to your resources using Azure Activity Log)
  • Data is retained for 90 days
  • Use cases:
    • Who has attached a disk to this virtual machine?
    • When was this machine shut down?
    • Who changed the load balancer configuration?
    • Why did the autoscale operation on my virtual machine scale set fail?

Health of cloud services (Azure Service Health)

Metrics and diagnostics (Azure Monitor)

  • Instance level
  • Get notified when someting goes wrong
  • Provide almost real time metrics. (Useful for critical alerts)

Azure Advisor recommend the adjustments for

  • Performance
  • Cost
  • High Availabilty
  • Security

2. Deep infrastructure monitoring (Log Analytics)

An illustration showing the role of Log Analytics in resource monitoring.

  • Infrastructure level
  • Aggregation
  • Gather logs and metrics from the actual operating systems.
  • Allows you to create queries and interact with other systems based on those queries. (Alert)

3. Deep application monitoring (Azure Application Insights)

  • Application level

A screenshot of the user interface of Azure Application Insights.

  • Performance issues
  • Usage trends

Use automation to reduce effort and error

The configuration can be done manually, but manual steps do not scale well.

  • Prone to error
  • Inefficient
  • Labor intensive

1. Infrastructure as code (IaC)

  • It solves the problem of environment drift.

Imperative automation

  • Explicitly state the commands to get the outcome. (Script language or SDK)
  • Downsides:
    • The script can be very complex
    • Might need error handling and input validation
    • Need maintenance

Declarative automation (Azure Resourre Manager)

  • Specify only what you want the result to be.
  • ARM have 4 sections: parameters, variables, resources, outputs
    "$schema": "",
    "contentVersion": "",
    "parameters": {
        "name": {
            "type": "string"
        "location": {
            "type": "string"
        "accountType": {
            "type": "string",
            "defaultValue": "Standard_RAGRS"
        "kind": {
            "type": "string"
        "accessTier": {
            "type": "string"
        "httpsTrafficOnlyEnabled": {
            "type": "bool",
            "defaultValue": true
    "variables": {},
    "resources": [{
        "apiVersion": "2018-02-01",
        "name": "[parameters('name')]",
        "location": "[parameters('location')]",
        "type": "Microsoft.Storage/storageAccounts",
        "sku": {
            "name": "[parameters('accountType')]"
        "kind": "[parameters('kind')]",
        "properties": {
            "supportsHttpsTrafficOnly": "[parameters('httpsTrafficOnlyEnabled')]",
            "accessTier": "[parameters('accessTier')]",
            "encryption": {
                "services": {
                    "blob": {
                        "enabled": true
                    "file": {
                        "enabled": true
                "keySource": "Microsoft.Storage"
        "dependsOn": []
    "outputs": {
        "storageAccountName": {
            "type": "string",
            "value": "[parameters('name')]"

2. VM images vs Post-deployment configuration

  • Custom images: everything you need run the app is pre-installed. (Fast deployment speed, no more configuration)
    • For custom images: you have to ensure the images update and security patches.
  • Post-deployment scripting
    • Azure script extension
    • Azure Automation Desired State Configuration (DSC)
    • Slower to scale

3. Automation of operation tasks (Azure Automation)

  • Use cases:
    • Periodically searching for orphaned disks
    • Installing the latest security patches on VMs
    • Searching for and shutting down virtual machines in off-hours
    • Running daily reports and producing a dashboard to report to senior management

An illustration showing the role of Azure Automation in managing a repetitive business process.

4. Automating development environments (Azure DevTest)

  • Development machines for developers (VMs)

Testing strategies for your application

  • Is one of the fundamental components of DevOps. (Write test!!!)
  • Shift left principle Your testing should be shifted as much as possible toward the beginning of your process. Because errors are far cheaper to repair when they are caught early, and issues can be expensive or impossible to fix later in your application life cycle.
  • Azure Testing Plans for manual testing.

1. Automated Testing

  • Unit Testing
  • Smoke Testing: more exhaustive than unit tests, but still not as much as integration tests.
  • Integration Testing: determines whether your components can interact with each other as they should.

2. Manutal Testing

Used to correct errors before they become too expensive to repair, or before they cause customer dissatisfaction.

3. Acceptance Testing

  • Blue/Green deployments: Redirect part of the traffic to new versions. (The whole app)
  • Canary releases: Feature flags (More about specific feature)
  • A/B testing e.g., Split 2 groups of users, use some metrics to see which layout works better for your application goals.

Application Insights User Behavior Analytic can be used to determine how people are using your application.

4.Stress tests

  • Ensure that your application and infrastructure can scale automatically to handle the spike.
  • Every component of the system that is not able to scale out can turn into a bottleneck

5. Fault injection

  • Resilient to infrastructure failures
  • Chaos engineering

6. Security tests

  • Red team exercieses
  • Scan code and dependencies
  • XSS
  • SQL injection

Recommended Posts

AZ-400 Exam Preparation: Introduction to App Center

AZ-400 Exam Preparation: Introduction to App Center

Exam preparation for AZ-400, in the topic of Azure App Center

Read more →

Published a month ago

AZ-400 Exam Preparation: Analyze infrastructure with Azure Monitor Logs

AZ-400 Exam Preparation: Analyze infrastructure with Azure Monitor Logs

Exam preparation for AZ-400, in the topic of Analyze infrastructure with Azure Monitor Logs

Read more →

Published a month ago

เตรียมตัวสอบ AZ-400: App Service Diagnostics Logging

เตรียมตัวสอบ AZ-400: App Service Diagnostics Logging

บันทึกการเตรียมตัวสอบ AZ-400 ในหัวข้อ App Service Diagnostics Logging

Read more →

Published a month ago

AZ-400 Exam Preparation: App Service Diagnostics Logging

AZ-400 Exam Preparation: App Service Diagnostics Logging

Exam preparation for AZ-400, in the topic of App Service Diagnostics Logging

Read more →

Published a month ago