To support your learning with some practical skills, we will explore some of the resources and information covered in this chapter.
The following exercise will be carried out:
Exercise – exploring Microsoft Trust Center Portal.
Getting started
To get started with this hands-on exercise, you will need the following:
Access to an internet browser
Exercise – exploring Microsoft Trust Center Portal
This section will help you explore the Microsoft Trust Center Portal.
Task – accessing Microsoft Trust Center Portal
From a browser, navigate to https://www.microsoft.com/trust-center.
Task – exploring the Trust Center Portal
The Trust Center Portal can be explored using the top navigation bar. The core navigation components to explore can be found in the Privacy, Compliance, and Tools & Documentation drop-down menus. In addition to this, from the Products and services navigation component, you can view guidance on security, privacy, compliance, the data’s location, GDPR, and more:
Figure 10.10 – Azure Trust Center Portal
From the Privacy menu, click Resources; among other resources, such as GDR, you will be able to access some of the core privacy resources outlined in the chapter, such as the privacy statement, terms, and data protection addendum. These can be seen in the following screenshot:
Figure 10.11 – Privacy resources
From the Compliance menu, you can click through the items to explore each one, such as an overview of compliance, the compliance offerings, regional and country compliance, and so on.
From Products and services, you can click through to learn about the specific details of each Microsoft product and service.
From the Tools & Documentation menu, you can click through the items to explore each one, such as audit reports and data protection resources. These can be seen in the following screenshot:
Figure 10.12 – Trust document resources
In this exercise, we explored the Microsoft Trust Center Portal.
Azure Cost Management is provided through a Cost Management + Billing dashboard functionality in the Azure portal; it provides core functionality such as cost visibility, optimizations, and accountability.
The following capabilities are provided within the Cost Management + Billing function within the Azure portal:
Billing: View and download invoices; view payment methods and make payments.
Cost Management: Perform cost analysis, set cost alerts, and create budgets.
The following screenshot shows the cost analysis screen in the Azure portal:
Figure 11.1 – Azure Cost Management
In this section, we looked at Azure Cost Management. In the next section, we will look at the Azure pricing calculator.
Azure Pricing calculator
The Azure Pricing calculator is a publicly accessible browser-based tool where you can estimate the cost of services that can be created in Azure.
All Azure resources that can be purchased are displayed in categories that can be browsed through. The calculator has a search function; each resource you can add as an item to the estimate has a hyperlink to the product details for each resource, as well as its pricing page. This is useful if you need to understand the pricing structure for each resource and any factors that may impact costs.
To use the calculator to provide cost estimations for your chosen solution, you must add the required services for your solution to the estimate. Then, you will see a total estimate and breakdown; you can set the currency and then export, save, or share the estimate. Note that the estimates are not intended to be used as actual quotes; the resource’s availability, the pricing structure, and its costs may vary from the time of estimation to resource creation.
In this exercise, you will create a price estimate with the Azure Pricing calculator; the estimate will be for a simple single-instance Windows VM hosted in the North Europe (Dublin) region.
Scroll down to the VM line item that has been added to the estimate.
Adjust the default VM settings to the following for this exercise (or as required):
Region: North Europe.
Operating System: Windows.
Type: (OS only).
Tier: Standard.
Category: General purpose.
Instance Series: Dds v4-series (or as required).
Instance: D2ds v4 (or as required).
Virtual Machines: Leave as qty of 1 and running for 730 hours.
Leave Savings options as is.
Expand Managed Disks and adjust the default settings to the following for this exercise:
Tier: Premium SSD
Disk Size: S15: 256 GiB
Disks (qty): 1
Leave Storage Transactions as is.
Expand Bandwidth and adjust the default settings to the following for this exercise:
Data transfer type: Internet egress
Source region: North Europe
Routed via: Microsoft Global Network
Outbound data transfer: 10 GiB
Leave Support as is.
Leave Programmes and Offers as is.
From the bottom right of the estimate screen, set the currency as required.
Task – saving, exporting, and sharing the estimate
From the bottom left of the Estimate screen, click Save as and enter a name for your estimate.
You will see a message stating that the estimate has been saved and that it can be viewed by clicking on the Saved estimates tab. Click Done.
To export the estimate, click Export.
To share the estimate, click Share.
In this exercise, we created an estimate for an Azure resource to be used in a solution using the Azure Pricing calculator. In the next exercise, we will use the TCO calculator.
This exercise will create a cost comparison; for example, a typical on-premises environment moving to Azure. You could substitute this with the details of an actual on-premises infrastructure and any workloads you have details of.
As its name suggests, the Azure compliance documentation is an online documentation site that provides detailed information and resources about legal, regulatory standards, as well as compliance an organization has on Azure. The documentation can be accessed at https://docs.microsoft.com/azure/compliance:
Figure 10.7 – Azure compliance documentation
In this section, we looked at the Azure compliance documentation. The following section looks at Azure Sovereign Regions.
Azure Sovereign Regions
Azure supports what is referred to as Sovereign Regions; these support greater compliance for specific markets. These regions, as shown in the following diagram, operate isolated instances of the Azure cloud computing platform that run dedicated hardware and isolated networks:
Figure 10.8 – Azure Sovereign Region cloud
As outlined here, the Sovereign Region platforms also have portals with different URLs and service endpoints in DNS:
Azure Government: This is a separate instance of the Azure platform that Microsoft operates; it is for the sole use of US government bodies (and partners):
The service endpoints to connect to in DNS are in the form of *.azurewebsites.us.
You can find more information at https://azure.microsoft.com/global-infrastructure/government.
Azure China (21Vianet): This is a separate instance of the Azure platform operated by 21Vianet; it is for compliance with Chinese government regulations:
The Azure portal can be accessed via a dedicated URL: https://portal.azure.cn.
The service endpoints to connect to in DNS are in the form of *.chinacloudsites.cn.
In this section, we looked at the Azure Sovereign Region clouds. The following section looks at a thought exercise.
Thought exercise
Returning to our online pizza company MilesBetter Pizza, they wish to know where they should look to determine whether they need to be compliant with regulatory standards such as Payment Card Industry Data Security Standard (PCI DSS) as they handle online transactions. They also don’t want to fall foul of any Microsoft product terms for Online Services they have.
In addition, in preparation for an audit, they have been asked to provide evidence in the form of information on the compliance, security, and privacy statements from their cloud service provider of the data stored in Azure. The following diagram visualizes all the resources that are required that were covered in this chapter:
Figure 10.9 – Azure privacy and compliance resources
The following URLs will be required to explore, collate, and present the required audit information:
Microsoft Trust Center Portal: https://www.microsoft.com/trust-center
An SLA sets out a customer’s expected level of service from their service provider; it can include responsibilities, vocabulary and terminology, claims and credit processes, service quality, and availability metrics.
Microsoft defines an SLA as Microsoft’s commitments to uptime and connectivity, meaning the amount of time the services are online, available, and operational.
Microsoft provides each service with an individual SLA that will detail what is covered by the agreement and any exceptions; a percentage of the monthly fees are credited for any service that does not meet the guarantees. Previews and free services are not provided with an SLA. Information about each service’s SLA can be found at the following URLs:
Service availability is expressed as the uptime percentage over time; Microsoft SLAs are expressed monthly.
Availability is typically referred to as 9s (nines); for example, this can be expressed as four nines of availability, meaning the service will be available and fully operational for 99.99% of the defined period. In contrast to availability and uptime, it is also important to consider downtime, which means the amount of time the service will not be available for.
While we see lots of references to availability and uptime when looking at an SLA that will be provided for a service, the customer and consumer of the services will want to know what that means in the real world and what impact any breach may mean to them. Therefore, it is often the case that the real metric that matters is downtime, which means for a given SLA, how long is that service permitted to be down (that is, not available from the service provider)? You should scrutinize any SLA to determine whether that level of downtime is acceptable.
The following table illustrates examples of SLA commitments and downtime permitted per month as part of an SLA:
For reference, 99.9% is the minimum SLA that Microsoft provides; 99.999 % is the maximum. It should be noted that 100% can’t be provided by Microsoft.
You should also be aware of the concept of a composite SLA; this means that when you combine services (such as virtual machines and the underlying services such as storage, networking components, and so on), the overall SLA is lower than the individual highest SLA on one of the services. This is because each service that you add increases the probability of failure and increases complexity. An example exercise will be provided later in this chapter to illustrate this important concept.
The following actions will positively impact and increase your SLA:
Using services that provide an SLA (or improve the service SLA), such as Azure AD Basic and Premium editions and Premium SSD managed disks
Adding redundant resources, such as resources to additional/multiple regions
Adding availability solutions, such as using Availability Sets and Availability Zones
The following actions will negatively impact and decrease your SLA:
Adding multiple services due to the nature of composite SLAs
Choosing non-SLA-backed services or free services
The following actions will have no impact on your SLA:
Adding multiple tenancies
Adding multiple subscriptions
Adding multiple admin accounts
The Azure status page (https://status.azure.com) provides a global overview of the service health across all regions; this should be the first place you visit, should you suspect there is a wider issue affecting the availability of services globally. From the status page, you can click through to Azure Service Health in the Azure portal, which provides a personalized view of the availability of the services that are being used within your Azure subscriptions.
Service credits are paid through a claims process by a service provider when they do meet the guarantees of the agreed service level. As we mentioned previously, previews and free services are not provided with a financially backed SLA and are not entitled to service credits for any service downtime. You should evaluate all your services to ensure that, where required, you always have an SLA-backed service; as they say, there is often an operational impact that’s felt from free services.
If you suspect that your services have been affected and that Microsoft has not been able to meet their SLA, then it is your responsibility to take action and pursue credit; you must submit a claim to receive service credit. For most services, you must submit the claim the month after the month the service was impacted. If your services are provided through the Microsoft Cloud Solution Provider (CSP) channel, they will pursue this claim on your behalf and provide the service refunds accordingly.
In this section, we looked at Azure SLAs. In the next section, we will look at the Azure service life cycle.
If more PCIe slots beyond the system node slots are required, the Power E1080 server supports adding I/O expansion drawers.
At initial availability zero, one, two, three, or four PCIe Gen 3 I/O Expansion Drawers per system node are supported. To connect an I/O expansion drawer, a PCIe slot is used to attach a 6-slot expansion module in the I/O drawer. A PCIe Gen 3 I/O Expansion Drawer (#EMX0) holds two expansion modules that are attached to any two PCIe slots in the same system node or in different system nodes.
For the connection of SAS disks, a disk-only I/O drawer is available. The EXP24SX is the only disk drawer that is supported.
1.6.1 PCIe Gen 3 I/O Expansion Drawer
The 19-inch 4 EIA (4U) PCIe Gen 3 I/O Expansion Drawer (#EMX0) and two PCIe Fanout Modules (#EMXH) provide 12 PCIe I/O full-length, full-height slots. One Fanout Module provides six PCIe slots that are labeled C1 – C6. C1 and C4 are x16 slots, and C2, IBM C3®, C5, and C6 are x8 slots. PCIe Gen1, Gen2, and Gen 3 full-high adapters are supported.
A blind-swap cassette (BSC) is used to house the full-high adapters that are installed in these slots. The BSC is the same BSC that is used with the previous generation server’s 12X attached I/O drawers (#5802, #5803, #5877, and #5873). The drawer is shipped with a full set of BSCs, even if the BSCs are empty.
Concurrent repair and adding or removing PCIe adapters is done through HMC-guided menus or by operating system support utilities.
A PCIe CXP converter adapter and Active Optical Cables (AOCs) connect the system node to a PCIe Fanout Module in the I/O expansion drawer. Each PCIe Gen 3 I/O Expansion Drawer has two power supplies.
Drawers can be added to the server later, but system downtime must be scheduled for adding a PCIe Gen 3 Optical Cable Adapter or a PCIe Gen 3 I/O drawer (#EMX0) or Fanout Module.
Figure 1-8 shows a PCIe Gen 3 I/O Expansion Drawer.
Figure 1-8 PCIe Gen 3 I/O Expansion Drawer
26 IBM Power E1080: Technical Overview and Introduction
The AOC cable feature codes are listed in Table 1-16. Also listed is the supported order type. The feature codes that are associated to cables that support RPO only are not available for new orders or MES upgrades. Instead, they are used to manage the migration of supported I/O expansion drawers from previous IBM POWER® technology-based servers to the
Power E1080. Feature codes that are associated to cables with longer length are required to support inter-rack connection between the system node and I/O expansion drawer.
Table 1-16 Active Optical Cables feature codes
Careful balancing of I/O, assigning adapters through redundant EMX0 expansion drawers, and connectivity to different system nodes can ensure high-availability for I/O resources assigned to LPARs.
Figure 1-9 on page 28 shows the rear view of the PCIe Gen 3 I/O Expansion Drawer with the location codes for the PCIe adapter slots in the PCIe Gen 3 6-slot Fanout Module.
Chapter 1. Introduction to Power E1080 27
Figure 1-9 Rear view of a PCIe Gen 3 I/O Expansion Drawer with PCIe slots location codes
Table 1-17 lists the PCIe slots in the PCIe Gen 3 I/O Expansion Drawer.
Table 1-17 PCIe slot locations and descriptions for the PCIe Gen 3 I/O Expansion Drawer
Consider the following points regarding the information in Table 1-17:
Ê All slots support full-length, regular-height adapters or short (low-profile) adapters with a regular-height tailstock in single-wide, Gen 3 BSCs.
Ê Slots C1 and C4 in each PCIe Gen 3 6-slot Fanout Module are x16 PCIe Gen 3 buses; slots C2, C3, C5, and C6 are x8 PCIe buses.
Ê All slots support enhanced error handling (EEH).
Ê All PCIe slots are hot-swappable and support concurrent maintenance.
28 IBM Power E1080: Technical Overview and Introduction
Table 1-18 lists the maximum number of I/O drawers that are supported and the total number of PCIe slots that are available when the expansion drawer consists of a single drawer type.
Table 1-18 Maximum number of supported I/O drawers and the total number of PCIe slots
This section will look at the resources we can use to gather information on the SLA for a service; we will look at the SLA information for App Service, Virtual Desktop, Virtual Machines, and Load Balancer.
The following subsections cover how to complete this exercise. They have been segregated into tasks for ease of understanding.
Task – accessing the SLA summary for Azure services
From the SLA summary for Azure services page, scroll down and locate App Service.
Note what Microsoft specifies they will guarantee and the amount of available time expressed as a percentage; note what doesn’t have an SLA.
Click on View full details. You can open this in a new tab or window if you prefer.
By looking at the SLA for the individual service, you will see a format that is the same across all services that you should familiarize yourself with.
Expand and explore the content in the Introduction, General Terms, and SLA details sections:
Figure 12.2 – SLA for App Service
7. You can view the Version History details of an SLA, download the SLA, and learn more about the service to go to the product information page for that service.
Task – viewing the SLA for Azure Virtual Desktop
From the SLA summary for Azure services page, scroll down and locate Azure Virtual Desktop.
Note that Microsoft does not offer a financially backed SLA for this service and that they use the language …strive to attain at least…, which means there is no guarantee on the service level available. They note that the Virtual Machine SLA covers the availability of any session hosts.
Task – viewing the SLA for a virtual machine
From the SLA summary for Azure services page, scroll down and locate Cloud Services and Virtual Machines.
Note the difference in what is guaranteed for virtual machines that have two or more instances deployed in the same Availability Set and any single-instance virtual machines using premium storage for all disks; ensure you deploy virtual machines in a way that provides the availability and SLA that you need.
Click on View full details. You can open this in a new tab or window if you prefer.
Expand and explore the content in the Introduction, General Terms, and SLA details sections.
Task – viewing the SLA for Load Balancer
From the SLA summary for Azure services page, scroll down and locate Load Balancer.
Note what Microsoft indicates they will guarantee and the amount of time available expressed as a percentage; note what type of Load Balancer SKU does not have an SLA provided.
Click on View full details. You can open this in a new tab or window if you prefer.
Expand and explore the content in the Introduction, General Terms, and SLA details sections.
In this exercise, we looked at the resources that we can use to gather information on the SLA for a service.
In the next exercise, we will look at where to find information for Azure Preview features.
In this exercise, we will learn where to find information about Azure Preview features.
The following subsections cover how to complete this exercise. They have been segregated into tasks for ease of better understanding.
Task – exploring the Azure updates site
From a browser, go to https://azure.microsoft.com/updates/?status=inpreview.
From this URL, you can see all the Azure updates that are in preview.
Task – exploring the Azure Preview portal
3. From a browser, go to https://preview.portal.azure.com.
From this URL, you can view the preview features for the Azure portal; the title of the page shows Preview in brackets so that you know that this is the Preview portal you are exploring. This can be seen in the following screenshot:
Figure 12.3 – Azure portal – Preview features
Task – exploring Preview features
In the search bar, type preview features and click Preview features from the results list.
From the Preview features blade, you can explore all the preview features available; you can filter to show only those available for a particular subscription and all the states; that is, if these are not registered or if you have registered them for use.
From the top toolbar, you can Register for any preview to try out and unregister any that you do not wish to be available.
You can click on the Documentation hyperlink from the Learn more column or click on a preview feature from the list, which will open a pop-up blade containing more information about this feature. It will also provide the same hyperlink to the documentation that’s relevant to this preview feature; the Register option is also available from this screen. The following screenshot shows the Previews features in the Azure portal:
Figure 12.4 – Azure portal – Preview features
In this exercise, we looked at where to find information about Azure Preview features.
This section covered two hands-on exercises. Now, let’s summarize this chapter.