This first chapter will introduce you to Microsoft Azure Stack Hub and how it is positioned within the Microsoft Azure ecosystem. You will gain a detailed understanding of the typical usage scenarios for Microsoft Azure Stack Hub and the Azure capabilities that are provided by the platform. We will cover the initial core fundamentals to prepare you for later chapters in this book. We will also cover the skills you will be tested on if you are looking to take the Microsoft AZ-600: Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub exam.

In this chapter, we're going to cover the following main topics:

• Introducing Azure Stack
• Understanding hybrid use cases
• Introducing Azure Arc
• Learning about Azure Stack integrated systems
• Exploring the AZ-600 exam requirements

Let's dive into the first topic.

To begin this book, I thought the best place to start would be with a basic understanding of Microsoft Azure Stack Hub. The idea of this is to look at a question I am asked by customers all the time. What is Microsoft Azure Stack Hub? In simple terms, then, Microsoft Azure Stack Hub is an extension of Microsoft Azure, but this is only part of the answer. Microsoft Azure Stack Hub is a hybrid cloud platform that allows you to use Azure services from your company or a service provider data center. When people think of Microsoft Azure, they think of the public cloud offered by Microsoft, but it is, in fact, a complete ecosystem that incorporates not just the public cloud but also the on-premises versions called Microsoft Azure Stack. This includes Microsoft Azure Stack HCI, which stands for Hyper-Converged Infrastructure. HCI will be explained in detail in Chapter 2, Azure Stack Architecture but for now, it is enough to say that with HCI, both compute and storage are supplied from the same server. This is different from a traditional infrastructure, where storage and compute are separate. Microsoft Azure Stack Edge along with Microsoft Azure Stack Hub and Microsoft Azure Stack HCI conform to this pattern. This book is only focused on Microsoft Azure Stack Hub, but it is worth understanding the complete ecosystem as this will help highlight the differences between the different versions of solutions under the Microsoft Azure Stack banner. This becomes important especially when it comes to running solutions in a hybrid cloud scenario, which we will cover later in this chapter. The advantage of Microsoft Azure Stack is that it provides a consistent environment that those who already use Microsoft Azure will be more than familiar with. In fact, the promise of Microsoft Azure Stack Hub when you talk it through can be thought about in terms of the following concepts:

• Consistent application development
• Azure services available on-premises
• Integrated delivery experience

For a developer who builds cloud applications for Microsoft Azure, they can take all the skills and tools they already use onto this platform. The deployment process that's used for Microsoft Azure is the same one that's used for Microsoft Azure Stack Hub. Development tools such as Visual Studio can also be used within this environment. Microsoft markets the fact that applications that run in Microsoft Azure can be run on Microsoft Azure Stack Hub with no changes other than deployment location, which is not strictly the case as some changes are nearly always required.

Microsoft Azure capabilities are also available within Microsoft Azure Stack Hub, which, again, breeds familiarity both from a developer standpoint but also from an operator and administrator standpoint. The following Microsoft Azure capabilities can be found in Microsoft Azure Stack Hub:

• Virtual machines: Rapid deployment with scaling on demand.
• Containers: Linux and Windows Servers containers, Azure Kubernetes Services.
• Networking: Virtual Network, Load Balancer, VPN Gateway, network security groups, public IPs, route tables.
• Storage: Blobs, tables, and queues.
• Key Vault: Securely protect application keys and secrets.
• Azure App Service: Web and API applications, Azure Functions, serverless computing.
• Azure Marketplace: Ready to go applications from the Azure Marketplace.
• Event Hubs: Scalable event processing for ingesting and processing large amounts of event data.
• Azure IoT Hub: Centralized message hub for communications between IoT applications and devices.

We will be covering each of these capabilities and services in detail later in this book, along with their limitations, as they are integral to creating offers and services from Microsoft Azure Stack Hub.

Supporting the Azure Stack Hub infrastructure

In addition to Microsoft Azure's capabilities and the support offered by Microsoft, Microsoft Azure Stack Hub is also supported by a myriad of both hardware and software vendors. I myself work for Lenovo, who provide certified hardware solutions that can be used to run Microsoft Azure Stack Hub on-premises, and I also work closely with Microsoft to ensure they adhere to the best practices when it comes to deploying Microsoft Azure Stack Hub. Lenovo are by no means the only hardware vendor to offer certified hardware for Microsoft Azure Stack Hub, and it is also supported on offerings from Dell, HPE, and Cisco, among others.

As well as the various hardware solutions that are available in the market, Microsoft Azure Stack Hub is also supported by software vendors extensively. Some industry standard solutions that are available to run in Microsoft Azure are also supported in Microsoft Azure Stack Hub through the Azure Marketplace. This allows customers to run the same software applications, such as Red Hat, F5, Docker, Kubernetes, Chef, and so on, in the same way in both their on-premises environment and the public cloud via Microsoft Azure.

Given the support of Microsoft and their hardware partners, this allows Microsoft Azure Stack Hub to offer a fully integrated delivery experience. Microsoft Azure Stack Hub is fast to deploy, allowing customers to get up and running quickly. The billing model within Microsoft Azure Stack Hub can be extended from Microsoft Azure to allow you to pay for use within the same Microsoft Azure subscription bill.

The key takeaway for Microsoft Azure Stack Hub from this quick overview is that this is an on-premises version of Microsoft Azure that is fully owned and operated by the customer within their own data center. Customers completely control the access, applications, and data that's stored in their Microsoft Azure Stack Hub. They are also responsible for ensuring that any applications or data being provided by Microsoft Azure Stack Hub are available at all times to their customers, regardless of whether they're internal or external. Therefore, I always describe Microsoft Azure Stack Hub as your own private Microsoft Azure region and you as the operator performing the role of Microsoft.

The real power of Microsoft Azure Stack Hub is when it is combined with the public Microsoft Azure Cloud in a truly hybrid manner. Throughout this chapter, I will introduce you some common hybrid use cases that I come across when I am working with customers during their cloud journeys.

Microsoft Azure Stack Hub is really the only consistent hybrid cloud where the tools and processes are consistent. Not only are the tools and processes consistent but so is the underlying infrastructure. As an example, let's take a look at some of these and why they work so well when it comes to running a hybrid cloud environment.

The following diagram tries to illustrate that Azure and Azure Stack Hub are consistent in the way they present their tools and processes:

Figure 1.1 – Consistency of tools and processes

We now have a clearer picture of what Microsoft Azure Stack Hub is and how it is closely related to Azure. To prepare you for the next chapter, we will now dive into how Microsoft Azure Stack Hub is used in disconnected scenarios for private cloud.

Understanding private cloud

Azure Stack Hub can be deployed in two different scenarios, depending on whether connectivity to Azure is required or not. One of the attractions of Azure Stack Hub is that it can be run completely standalone, with no connectivity to the internet. This is particularly useful for organizations that want the capabilities that are offered by the cloud but are unable to make use of public cloud offerings. This may be due to regulatory restrictions on data storage, latency issues with connectivity to public Azure, secure environments with no internet connectivity, environments with limited or unreliable network connectivity, and more.

The other use case is where you have a disconnected instance of Azure Stack Hub running in your data center. This is for organizations that are looking to modernize their applications on-premises and have legacy applications that cannot be moved into the public cloud.

Edge and disconnected solutions

Microsoft Azure Stack Hub can be used for applications where there may be connectivity issues in edge locations with limited network bandwidth. This allows logic and data processing to be performed closer to the users. This also applies to locations where real-time latency may be a consideration. An example of this I have seen was with a customer I have worked with who was capturing telemetry from trains. This can also equally be applied to locations such as oil rigs, cruise ships, or secure government sites.

Azure Stack Hub is not just beneficial as a private cloud but is also a key part of a hybrid cloud. We will look at some of these use cases next.

Microsoft provides a unified development and DevOps environment between their Microsoft Azure cloud offering and Microsoft Azure Stack Hub. Using tools such as Visual Studio Team Foundation, GitHub, and Azure DevOps, developers can work with the same processes, regardless of where their code is ultimately published to.

Microsoft Azure and Microsoft Azure Stack Hub share a common identity model. The on-premises Microsoft Azure Stack Hub utilizes Azure Active Directory but can also use Active Directory Federation Services.

Microsoft Azure and Microsoft Azure Stack Hub also share an integrated management and security control platform as both use the same Azure portal. This allows operators and administrators to ensure that access controls are consistent through the use of role-based access control.

They both share a common and consistent data platform, which is based on a storage account that is used to provision Blobs/Tables/Queues that are available in both Azure and Azure Stack Hub.

The following diagram shows the common set of functionalities that are shared between both the Microsoft Azure Stack on-premises and the public Azure cloud:

Figure 1.2 – Common functionality

Now that we've looked at the functionality that is shared between on-premises Azure Stack Hub and the Azure public cloud, we can delve into some common use cases for this hybrid adoption, starting with development.

Development

When I work with customers who build applications or services that are designed to run in the cloud, be that Microsoft Azure, Google Cloud, or Amazon Web Services, they tend to find that their development teams can rack up large costs by using the same cloud environment for their development environment, as well as production. The biggest attraction of using the public cloud for development is the fact that it is so easy to spin up an environment. Unfortunately, from a development standpoint, this is also where most of the costs start to come into play, as environments are spun up for a particular project or development team but are not always torn back down when they are finished with. By moving these development environments into an on-premises environment in Microsoft Azure Stack Hub, the customers can begin to make real savings as they have complete control over these environments. They can ensure that machines are removed once projects are completed.

The beauty of this for the developers is that they see no change in the tools or the process for building or deploying their code other than the endpoint. A developer can create their code in Visual Studio and deploy it directly from the Integrated Development Environment (IDE) to Microsoft Azure Stack Hub to test and Quality Assure (QA) it. Once tested and they are comfortable it works as designed, with no changes needing to be made, they can deploy the same release to Microsoft Azure public cloud.

For some organizations, the reverse of this is true and development is, in fact, done in the public cloud rather than on-premises. This is due to the flexibility offered by the public cloud and the speed with which environments can be spun up and down.

Testing

In a similar vein to the development environment, the same logic can also be applied to test and QA environments. Whether this is to test new services that are going to be deployed to the Microsoft Azure public cloud or changes to existing services that have already been deployed to the Microsoft Azure public cloud, then being able to test these in an environment that behaves in the same manner, but with no additional cost, is a great reason for running Microsoft Azure Stack Hub. Again, as with the development hybrid use case, these environments can be torn down once the release has passed testing and been released into production.

Regulatory

There are times where regulatory restrictions prevent data from being stored or manipulated in the public cloud. Theis can be dictated by government, industry, or regions. This may be because data cannot be stored in the public cloud or because data must be stored within the same country as the organization, and Azure is not available in that country. This is particularly true for multi-national companies who may have different regulations to contend with from different countries and governments, but they want to provide a consistent experience to all their employees. The idea of being able to develop and deploy global applications in Microsoft Azure for most locations, while still using the same deployment in local on-premises Azure Stack Hub where local restrictions dictate, is key. Application examples include global audits, financial reporting, foreign exchange trading, inline gaming, health data, and expense reporting.

Cloud application model

For customers running legacy applications, Microsoft Azure Stack Hub gives them the opportunity to apply modern architectures to their on-premises applications, which are not yet ready for the cloud. This brings into focus things such as containers and microservices, which can be tested on-premises in Microsoft Azure Stack Hub, safe in the knowledge that once they work in Microsoft Azure Stack Hub, they can then be deployed to Microsoft Azure with no code changes. Again, this is providing a consistent programming model, skills, and processes. You can use consistent processes across Azure in the cloud and Azure Stack Hub on-premises to speed up app modernization for core mission-critical applications. Azure Stack Hub is not simply just a virtualization platform such as Hyper-V or VMware; it is a fully fledged modern cloud platform.

Why is it compelling?

Organizations can now modernize their applications across hybrid cloud environments, balancing the right amount of flexibility and control. Developers can build applications using a consistent set of Azure services and DevOps practices, then collaborate with operations to deploy to the location that best meets their business, technical, and regulatory requirements. Developers can speed up new cloud application development by using pre-built solutions from the Azure Marketplace, including open source tools and technologies.

Note that this is all about applications. That is where the real value of a new hybrid cloud platform is. This will allow applications that are not yet ready to be run in a cloud environment to start moving in this direction. Cloud computing is likely to become the dominant design style for new applications and for updating many applications over the next 10+ years.

We have now covered the general hybrid use cases that can be undertaken on the Microsoft Azure Stack Hub platform. From here, we will take a look at one other use case that is not directly related to hybrid or private cloud scenarios, and that is Azure Arc.

For true versatility, we need to look further than just the standard hybrid use cases we discussed in the previous section. This is where Microsoft have introduced Azure Arc:

Figure 1.3 – Azure Arc

When taken with the Microsoft Azure ecosystem, Microsoft Azure Stack Hub starts to bring real mobility to the hybrid cloud. With the adoption of Microsoft Azure Arc, it is possible to run the same applications virtually anywhere, be that on-premises, at the edge, or on any public cloud. Azure Arc is a software solution that enables you to manage all your resources, including your on-premises resources, multi-cloud resources, virtual servers, and Kubernetes clusters from a single pane of glass as if they were all running within Azure.

Now, we will look at the integrated systems that are offered by the OEM vendors.

In this section, I will cover the Microsoft Azure Stack Hub integrated systems, which are only available from the hardware vendors who partner with Microsoft to certify their solutions can run Microsoft Azure Stack Hub. This includes the likes of Lenovo, Dell, HPE, and Cisco, among others. Azure Stack Hub cannot be built using normal servers from the vendors, and it is not possible to build an integrated system that's not supplied by one of the OEM vendors.

An Azure Stack Hub integrated system provides the software, hardware, support, and services needed in one fully supported platform.

To start, let's look at the standard infrastructure that is consistent across all the hardware vendors.

Why Hyper-Converged Infrastructure (HCI)?

In this section, we'll look at why infrastructure has evolved into the HCI in the modern data center, as it has with Microsoft Azure Stack Hub. To do this, we will start with a little bit of history of the evolution of the data center infrastructure. The following diagram represents the traditional three tier infrastructure:

Figure 1.4 – Traditional infrastructure

The traditional data center infrastructure relied on specialized, discrete hardware components from compute, network, and storage or bare metal. These components were typically configured into silos of infrastructure to support specific workloads or applications. With traditional infrastructure, customers face challenges with integrating disparate infrastructure components, complex technical configuration, interoperability constraints, understanding the implications of the technology's architecture, and specialized administrative skills for compute, network, and storage technologies. IT teams must then coordinate across all these disciplines and operational domains to scale capacity, collectively provision resources and connectivity for applications, and manage updates and upgrades across this infrastructure.

The following diagram represents the change from the traditional infrastructure to the newer hyper-converged infrastructure that underpins Microsoft Azure Stack Hub:

Figure 1.5 – HCI

Software-defined compute introduced consolidation technologies such as server virtualization and containers to reduce server sprawl where data centers suffered from overpopulation and complexity, by poorly utilized server hardware dedicated to application silos.

This compute consolidation helped optimize server utilization but led to additional stress and complexity in networking and storage administration. While this was an evolutionary step in managing compute resources, the balance of operational complexity materially shifted from compute to networking and storage domains, which remained highly specialized and independently managed.

Converged infrastructure brought more standardization to how software-defined compute was integrated with networking and storage technologies. While these technology domains continued to be operated separately, they could be delivered together as a standardized, integrated infrastructure that eliminated the traditional burdens of managing component interoperability, best practice architecture, and baseline configuration. Standardizing the infrastructure's design and integration provided incremental improvements to cross-functional operations and life cycle management.

HCI combines two or more software-defined components that are tightly integrated to be operated on as one common platform. The most popular form of HCI is to combine software-defined compute with software-defined storage (SDS), data management, and storage services implemented in software rather than dedicated hardware, which further reduces the operational overhead involved in managing and updating those technologies individually. This further simplifies infrastructure deployment due to the consolidation of multiple technologies in single appliances that can be clustered together. The addition of software-defined networking adds even more to this simplification by allowing all the components from a traditional architecture be managed from a single pane of glass. This truly brings Azure Stack Hub into the heart of data centers.

On-premise privates cloud delivers a service-oriented delivery, consumption, and operating model across a fully integrated, end-to-end automated infrastructure platform within a customer's data center. Cloud capabilities also typically include self-service controls, built-in facilities to offload application functions or services, and standardizing offerings in the form of a marketplace or catalog. Implementing private cloud capabilities is increasingly simplified with the use of software-defined infrastructure (SDI), and customers can leverage any degree of SDI in their data center to suit the level of operational agility they wish to achieve.

With Microsoft Azure Stack Hub as an integrated system, all updates can be applied across hardware, and both server and storage virtualization software at the same time. Microsoft Azure Stack Hub is easy to grow by simply adding extra nodes to the cluster, which expands both storage and compute capacity together. This removes the need to manage a separate storage system and SAN. A HCI such as Microsoft Azure Stack Hub embeds SDS and software-defined compute into an integrated single management experience.

An example of an OEM vendor integrated system is shown here:

Figure 1.6 – Lenovo ThinkAgile SXM for Azure Stack Hub

Azure Stack Hub is part of a family of products under the Azure Stack banner, as shown in the following diagram:

Figure 1.7 – Azure family of products

In addition to Azure Stack Hub, Microsoft also offers Azure Stack HCI, which is another member of the Azure Stack family. Azure Stack HCI is built upon Windows 2019 failover clustering, Hyper-V, and Storage Spaces Direct. Unlike Azure Stack Hub, the goal here is to provide simple virtual machine and container hosting while leveraging a public Azure cloud service for cloud backup or remote management. You will not have your local Azure region on-premises with the full breadth of services and user experience. Azure Stack HCI was originally based on Windows 2019 but is now available as an Azure service with subscription-based billing. It is based on the same core operating system components as Windows 2019 but is a new product line entirely, specifically focused on virtualization. Typical use cases for the Azure Stack HCI version are as follows:

• Remote or branch office
• Data center consolidation
• Virtual desktop infrastructure
• Lower-cost storage
• High availability and disaster recovery in the cloud

We will not be covering Azure Stack HCI in any more detail in this book as it is a different platform to Azure Stack Hub.

Now that we have an understanding of the history of hyper-converged infrastructure and the integrated systems, let's look at appliances.

Appliances

Appliances, like integrated systems, deliver Microsoft Azure consistent innovation with tightly controlled and thoroughly tested hardware/firmware/software combinations for the best reliability and availability.

The following diagram shows a standard Microsoft Azure Stack cluster running on certified appliances:

Figure 1.8 – Azure Stack clustered appliances

The Microsoft Azure Stack Hub certified appliances include everything needed to run Microsoft Azure Stack Hub, including servers, BMC switches, and TOR switches. All the hardware vendors offer full solutions as an appliance, which includes everything you would need to be able to run Microsoft Azure Stack Hub, once integrated into your data center. The whole solution must be purchased based on set configurations from the OEM vendors and must be purchased as a complete unit from only one OEM vendor.

Support

The integrated systems also deliver a consistent support experience, no matter who the customer contacts for support. There are coordinated escalation and resolution processes in place, with the same ticket being passed between the hardware OEM vendor and Microsoft. The appliance is supported by the hardware OEM vendor, while the associated cloud services are supported by Microsoft, who have back-to-back agreements with each of the hardware vendors who offer Microsoft Azure Stack Hub certified solutions. All updates, policies, and tests are coordinated between Microsoft and the OEM vendor.

Minimum hardware requirements

Each Microsoft Azure Stack Hub appliance needs to adhere to these minimum hardware requirements to be certified by Microsoft. Each vendor ensures that their firmware and software stacks are compatible with these requirements.

For compute, you need the following:

• CPU: 20 cores minimum (2 sockets at 10 cores each)
• Memory: 256 GB
• NIC: 2-port 10 GbE or better
• Boot device: 400 GB or larger

For storage, you need the following:

• Cache: 2+ flash drives (NVMe, SATA SDD, SAS SDD)
• Capacity: 4+ capacity devices (HDD or SDD)

The allocated ratio of cache to capacity is generally set to 10%.

The top of rack (TOR) switches consist of two switches per scale unit, configured for resiliency with 10 GbE or better for server connectivity. The switches must be capable of supporting BGP, DCB, PFC, ETS, and multi-chassis link aggregation. A scale unit is the minimum configuration of four servers or nodes that are clustered together to form the base scale unit.

The BMC or management switch should be a 1 GbE switch capable of L3 routing and simultaneous connectivity to the TOR switches.

These switch devices are then clustered together with between 4-16 nodes to form the full Microsoft Azure Stack Hub solution. These will be dependent on the workload it will be running for the customers.

The following diagram shows an Azure Stack Hub integrated system with the minimum configuration of four nodes:

Figure 1.9 – Azure Stack Hub integrated system scale unit

Before we move on from this section, there are another couple of items to cover, starting with how to procure an Azure Stack Hub solution.

If you are an organization that is looking at implementing Azure Stack Hub, then the hardware must be purchased from an OEM vendor as an integrated system. You can choose the vendor you are most comfortable with, such as Lenovo, HP, Dell, Cisco, and so on, and they will have different configurations for you to choose from, depending on the workload you are planning to run. I know from my experience working for a vendor that a lot of the procurement of Azure Stack Hub is done through the RFP process. This allows the organization to define their requirements from a technology-agnostic standpoint and allows the vendor to define the correct configuration based on these requirements.

If you are unsure whether Azure Stack Hub is right for you, then Microsoft have a development version you can use for free to evaluate it, which is the Azure Stack Hub Development Kit. This development kit works against a single server, and any application that is built on here will work when it's deployed to a full Azure Stack Hub integrated system. The free Azure Stack Hub Development Kit is available to be downloaded from the Microsoft website. There are minimum hardware requirements for the Azure Stack Hub Development Kit, all of which are detailed here:

• 1 operating system disk with a minimum of 200 GB available
• 4 data disks each providing at least 240 GB capacity
• Dual-socket 16-physical-core processor
• 192 GB RAM
• Hyper-V enabled
• Windows Server 2019

This is a great option to try before you buy. Alternatively, most of the OEM vendors will also have either a demo kit or rental kit, which can be used for a proof of concept.

We now have a grounding in the Microsoft Azure Stack Hub infrastructure and how this is supported by OEM hardware vendors who build certified integrated systems. We understand the history of hyper-converged infrastructure, along with the benefits this brings. This gives us a good start in the fundamentals of the architecture, which we will build on throughout the rest of this book. I also want to take a moment to look at the AZ-600 exam, which we will run through in the next section.

Along with our introduction to Microsoft Azure Stack Hub, I want to also run through the requirements for the AZ-600 exam from Microsoft. The Microsoft Exam AZ-600: Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub, is aimed at Microsoft Azure administrators or Microsoft Azure Stack Hub operators who are looking to provide cloud services to their end customers from their own data center. If you wish to pass the AZ-600 exam, it is worth noting the skills that are to be measured. The remainder of this book will work as an aid in preparation for this exam and will cover all the relevant skills that are to be measured.

The following skill measurements have been taken from the Microsoft exam website and are intended to illustrate how the skill is assessed. This is by no means an exhaustive list and will be subject to change by Microsoft over time.

Provide services (30 - 35%)

The first area to look at for the exam is the provision of services, which includes Azure Marketplace and its service offerings. This will account for 30 – 35% of the exam:

• Manage Azure Stack Hub Marketplace:

  Populate Azure Stack Hub Marketplace in a disconnected environment

  Create a custom Azure Stack Hub Marketplace item

  Manage the life cycle for Azure Stack Hub Marketplace items

• Offer an App Services resource provider:

  Plan an App Services resource provider deployment

  Deploy an App Service resource provider

  Update an App Services resource provider

  Scale roles based on capacity requirements

  Rotate App Services secrets and certificates

  Manage worker tiers

  Back up App Services

• Offer an Event Hub resource provider:

  Plan an Event Hub resource provider deployment

  Deploy an Event Hub resource provider

  Update an Event Hub resource provider

  Rotate Event Hub secrets and certificates

• Offer services:

  Create and manage quotas

  Create and manage plans

  Create and manage offers

  Create and manage usage subscriptions

  Change user subscription owner

• Manage usage and billing:

  Set up usage data reporting

  View and retrieve usage data by using the Usage API

  Manage usage and billing in multi-tenant and CSP scenarios

Implement data center integration (15 – 20%)

For the exam, you also need to have an appreciation of the deployment process, especially when it comes to networking and certificates. This part of the exam is going to account for 15 – 20% of the questions:

• Prepare for Azure Stack Hub deployment:

  Recommend a name resolution strategy

  Recommend a public and internal IP strategy

  Recommend a data center firewall integration strategy

  Recommend an identity provider

  Validate identity provider integration

  Configure the time server (NTP)

• Manage infrastructure certificates for Azure Stack Hub:

  Recommend a certificates strategy

  Validate the certificates

  Run a secret rotation PowerShell cmdlet for external certificates

• Manage Azure Stack Hub registration:

  Recommend a registration model

  Register in a connected environment

  Register in a disconnected environment

  Re-register

Manage identity and access (10 – 15%)

As part of the AZ-600 exam, you will also need understand how to manage and configure access, which includes service principals. This will equate to 10 – 15% of the questions you are likely to see when you take the exam:

• Manage multi-tenancy:

  Configure the Azure Stack Hub home directory

  Register the guest tenant directory with Azure Stack Hub

  Disable multi-tenancy

  Update the guest tenant directory

• Manage access:

  Identify an appropriate method for access (service principal, users, and groups)

  Provision a service principal for Azure Stack Hub

  Recommend a permission model

  Configure access in Azure Stack Hub

  Create a custom role

Manage infrastructure (30 – 35%)

The final portion of the exam will focus on managing the Azure Stack Hub infrastructure, including capacity planning and monitoring health. It is likely to include questions around the update process and privileged endpoints. This portion of the exam will account for 30 – 35% of the questions you will see in the exam:

• Manage system health:

  Recommend a monitoring strategy

  Monitor system health by using the REST API

  Include resource providers such as Event Hubs

  Monitor system health by using the Syslog server

  Manage field replacement or repair

  Configure automatic diagnostic log collection

  Collect diagnostic logs on demand by using PowerShell

  Configure Syslog forwarding for Azure Stack Hub infrastructure

• Plan and configure Business Continuity and Disaster Recovery (BCDR):

  Recommend a BCDR strategy

  Recommend a strategy for infrastructure backups

  Configure a storage target for infrastructure backups

  Configure certificates for infrastructure backups

  Configure a frequency and retention policy for infrastructure backups

• Manage capacity:

  Plan for system capacity

  Manage partitioned GPUs

  Add nodes

  Manage storage capacity

  Add IP pools

• Update infrastructure:

  Update Azure Stack Hub

  Download and import update packages manually

  Update Azure AD home directory

• Manage Azure Stack Hub by using Privileged Endpoints:

  Connect to a privileged endpoint

  Configure the Cloud Admin user role

  Unlock a support session

  Close the session on the privileged endpoint

  Stop and start Azure Stack Hub

  Perform system diagnostics by using Test-AzureStack

This first chapter has given us a brief introduction to Microsoft Azure Stack Hub. It has allowed us to understand that Microsoft Azure Stack Hub is an extension of Microsoft Azure that is run on-premises within a customers' data center. We have learned that it is considered an HCI platform that is supported by both hardware and software vendors. We now know it is a consistent hybrid cloud platform that offers Azure services that are integrated with both infrastructure as a service and platform as a service. We have also learned about the capabilities that can be exposed by the platform, which means we should be able to explain the hybrid use case scenarios for which Microsoft Azure Stack Hub can be utilized.

We should also be able to describe the minimum hardware requirements of the integrated systems provided by the hardware vendors. Finally, we looked at the AZ-600: Configuring and Operating a Hybrid Cloud Platform with Microsoft Azure Stack Hub exam and now understand what skills are measured as part of this exam.

In the remainder of this book, we will build on this foundation and cover each of the capabilities of Microsoft Azure Stack Hub in greater detail.

In the next chapter, you will dive into the underlying architecture that underpins Microsoft Azure Stack Hub and the building blocks of the platform.