AZ-301: Microsoft Azure Architect Design

Notes

Determine workload requirements (10-15%)

Gather Information and Requirements

  • identify compliance requirements, identity and access management infrastructure, and service-oriented architectures (e.g., integration patterns, service design, service discoverability)
  • identify accessibility (e.g. Web Content Accessibility Guidelines), availability (e.g. Service Level Agreement), capacity planning and scalability, deploy-ability (e.g., repositories, failback, slot-based deployment), configurability, governance, maintainability (e.g. logging, debugging, troubleshooting, recovery, training), security (e.g. authentication, authorization, attacks), and sizing (e.g. support costs, optimization) requirements
  • recommend changes during project execution (ongoing)
  • evaluate products and services to align with solution
  • create testing scenarios

Optimize Consumption Strategy

  • optimize app service, compute, identity, network, and storage costs

Design an Auditing and Monitoring Strategy

  • define logical groupings (tags) for resources to be monitored
  • determine levels and storage locations for logs
  • plan for integration with monitoring tools
  • recommend appropriate monitoring tool(s) for a solution
  • specify mechanism for event routing and escalation
  • design auditing for compliance requirements
  • design auditing policies and traceability requirements

Design for identity and security (20-25%)

Design Identity Management

  • choose an identity management approach
  • design an identity delegation strategy, identity repository (including directory, application, systems, etc.)
  • design self-service identity management and user and persona provisioning
  • define personas and roles
  • recommend appropriate access control strategy (e.g., attribute-based, discretionary access, history-based, identity-based, mandatory, organization-based, role-based, rule-based, responsibility-based)

Design Authentication

  • choose an authentication approach
  • design a single-sign on approach
  • design for IPSec, logon, multi-factor, network access, and remote authentication

Design Authorization

  • choose an authorization approach
  • define access permissions and privileges
  • design secure delegated access (e.g., oAuth, OpenID, etc.)
  • recommend when and how to use API Keys

Design for Risk Prevention for Identity

  • design a risk assessment strategy (e.g., access reviews, RBAC policies, physical access)
  • evaluate agreements involving services or products from vendors and contractors
  • update solution design to address and mitigate changes to existing security policies, standards, guidelines and procedures

Design a Monitoring Strategy for Identity and Security

  • design for alert notifications
  • design an alert and metrics strategy
  • recommend authentication monitors

Design a data platform solution (15-20%)

Design a Data Management Strategy

  • choose between managed and unmanaged data store
  • choose between relational and non-relational databases
  • design data auditing and caching strategies
  • identify data attributes (e.g., relevancy, structure, frequency, size, durability, etc.)
  • recommend Database Transaction Unit (DTU) sizing
  • design a data retention policy
  • design for data availability, consistency, and durability
  • design a data warehouse strategy

Design a Data Protection Strategy

  • recommend geographic data storage
  • design an encryption strategy for data at rest, for data in transmission, and for data in use
  • design a scalability strategy for data
  • design secure access to data
  • design a data loss prevention (DLP) policy

Design and Document Data Flows

  • identify data flow requirements
  • create a data flow diagram
  • design a data flow to meet business requirements
  • design a data import and export strategy

Design a Monitoring Strategy for the Data Platform

  • design for alert notifications
  • design an alert and metrics strategy

Design a business continuity strategy (15-20%)

Design a Site Recovery Strategy

  • design a recovery solution
  • design a site recovery replication policy
  • design for site recovery capacity and for storage replication
  • design site failover and failback (planned/unplanned)
  • design the site recovery network
  • recommend recovery objectives (e.g., Azure, on-prem, hybrid, Recovery Time Objective (RTO), Recovery Level Objective (RLO), Recovery Point Objective (RPO))
  • identify resources that require site recovery
  • identify supported and unsupported workloads
  • recommend a geographical distribution strategy

Design for High Availability

  • design for application redundancy, autoscaling, data center and fault domain redundancy, and network redundancy
  • identify resources that require high availability
  • identify storage types for high availability

Design a Data Archiving Strategy

  • recommend storage types and methodology for data archiving
  • identify requirements for data archiving and business compliance requirements for data archiving
  • identify SLA(s) for data archiving

Design for deployment, migration, and integration (10-15%)

Design Deployments

  • design a compute, container, data platform, messaging solution, storage, and web app and service deployment strategy

Design Migrations

  • recommend a migration strategy
  • design data import/export strategies during migration
  • determine the appropriate application migration, data transfer, and network connectivity method
  • determine migration scope, including redundant, related, trivial, and outdated data
  • determine application and data compatibility

Design an API Integration Strategy

  • design an API gateway strategy
  • determine policies for internal and external consumption of APIs
  • recommend a hosting structure for API management

Design an infrastructure strategy (15-20%)

Design a Storage Strategy

  • design a storage provisioning strategy
  • design storage access strategy
  • identify storage requirements
  • recommend a storage solution and storage management tools

Design a Compute Strategy

  • design compute provisioning and secure compute strategies
  • determine appropriate compute technologies (e.g., virtual machines, functions, service fabric, container instances, etc.)
  • design an Azure HPC environment
  • identify compute requirements
  • recommend management tools for compute

Design a Networking Strategy

  • design network provisioning and network security strategies
  • determine appropriate network connectivity technologies
  • identify networking requirements
  • recommend network management tools

Design a Monitoring Strategy for Infrastructure

  • design for alert notifications
  • design an alert and metrics strategy

References