Overview
This course helps participants prepares for the AZ-301: Microsoft Azure Architect Design, which is one of the requirements for earning the Microsoft Certified: Azure Solutions Architect Expert certification. The course discusses the essential skills for the exam, such as, determining workload requirements, designing for identity and security, designing a data platform solution, designing a business continuity strategy, designing for deployment, migration, integration and designing an infrastructure strategy.
What You'll Learn
- Gathering essential information and requirements
- Designing an audit and monitoring strategy
- Design identity management
- Design authentication and authorization
- Design for risk prevention for identity
- Designing data management and data protection strategies
- Documenting data flows
- Designing site recovery strategies
- Designing for high availability
- Designing data archiving strategies
- Design deployments and migrations
- Designing strategies – storage, compute, networking and monitoring
Curriculum
- Identify compliance requirements, identity and access management infrastructure, and service-oriented architectures (e.g., integration patterns, service design, service discoverability)
- Identify accessibility (e.g. Web Content Accessibility Guidelines), availability (e.g. Service Level Agreement), capacity planning and scalability, deploy-ability (e.g., repositories, failback, slot-based deployment), configurability, governance, maintainability (e.g. logging, debugging, troubleshooting, recovery, training), security (e.g. authentication, authorization, attacks), and sizing (e.g. support costs, optimization) requirements
- Recommend changes during project execution (ongoing)
- Evaluate products and services to align with solution
- Create testing scenarios
Optimize app service, compute, identity, network, and storage costs
- Define logical groupings (tags) for resources to be monitored
- Determine levels and storage locations for logs
- Plan for integration with monitoring tools
- Recommend appropriate monitoring tool(s) for a solution
- Specify mechanism for event routing and escalation
- Design auditing for compliance requirements
- Design auditing policies and traceability requirements
- Choose an identity management approach
- Design an identity delegation strategy, identity repository (including directory, application, systems, etc.)
- Design self-service identity management and user and persona provisioning
- Define personas and roles
- Recommend appropriate access control strategy (e.g., attribute-based, discretionary access, history-based, identity-based, mandatory, organization-based, role-based, rule-based, responsibility-based)
- Choose an authentication approach
- Design a single-sign on approach
- Design for IPSec, logon, multi-factor, network access, and remote authentication
- Choose an authorization approach
- Define access permissions and privileges
- Design secure delegated access (e.g., oAuth, OpenID, etc.)
- Recommend when and how to use API Keys
- Design a risk assessment strategy (e.g., access reviews, RBAC policies, physical access)
- Evaluate agreements involving services or products from vendors and contractors
- Update solution design to address and mitigate changes to existing security policies, standards, guidelines and procedures
- Design for alert notifications
- Design an alert and metrics strategy
- Recommend authentication monitors
- Choose between managed and unmanaged data store
- Choose between relational and non-relational databases
- Design data auditing and caching strategies
- Identify data attributes (e.g., relevancy, structure, frequency, size, durability, etc.)
- Recommend Database Transaction Unit (DTU) sizing
- Design a data retention policy
- Design for data availability, consistency, and durability
- Design a data warehouse strategy
- Recommend geographic data storage
- Design an encryption strategy for data at rest, for data in transmission, and for data in use
- Design a scalability strategy for data
- Design secure access to data
- Design a data loss prevention (DLP) policy
- Identify data flow requirements
- Create a data flow diagram
- Design a data flow to meet business requirements
- Design a data import and export strategy
- Design for alert notifications
- Design an alert and metrics strategy
- Design a recovery solution
- Design a site recovery replication policy
- Design for site recovery capacity and for storage replication
- Design site failover and failback (planned/unplanned)
- Design the site recovery network
- Recommend recovery objectives (e.g., Azure, on-prem, hybrid, Recovery Time Objective (RTO), Recovery Level Objective (RLO), Recovery Point Objective (RPO))
- Identify resources that require site recovery
- Identify supported and unsupported workloads
- Recommend a geographical distribution strategy
- Design for application redundancy, autoscaling, data center and fault domain redundancy, and network redundancy
- Identify resources that require high availability
- Identify storage types for high availability
- Recommend storage types and methodology for data archiving
- Identify requirements for data archiving and business compliance requirements for data archiving
- Identify SLA(s) for data archiving
Design a compute, container, data platform, messaging solution, storage, and web app and service deployment strategy
- Recommend a migration strategy
- Design data import/export strategies during migration
- Determine the appropriate application migration, data transfer, and network connectivity method
- Determine migration scope, including redundant, related, trivial, and outdated data
- Determine application and data compatibility
- Design an API gateway strategy
- Determine policies for internal and external consumption of APIs
- Recommend a hosting structure for API management
- Design a storage provisioning strategy
- Design storage access strategy
- Identify storage requirements
- Recommend a storage solution and storage management tools
- Design compute provisioning and secure compute strategies
- Determine appropriate compute technologies (e.g., virtual machines, functions, service fabric, container instances, etc.)
- Design an Azure HPC environment
- Identify compute requirements
- Recommend management tools for compute
- Design network provisioning and network security strategies
- Determine appropriate network connectivity technologies
- Identify networking requirements
- Recommend network management tools
- Design for alert notifications
- Design an alert and metrics strategy
Who should attend
The course is highly recommended for –
- Azure solution architects
- Cloud architects
- Software architects
- Software engineers
Prerequisites
Participants need to have advanced experience and knowledge across various aspects of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data management, budgeting, and governance. They also need to be proficient in Azure administration, Azure development, and DevOps, and have expert-level skills in at least one of those domains.
