AZ-305 - Design Deployments
1. Design Infrastructure Deployments
Infrastructure as Code (IaC) is the foundation of repeatable, consistent Azure deployments. Azure provides two primary IaC languages: ARM templates (JSON) and Bicep (a domain-specific language that compiles to ARM).
ARM Templates
Azure Resource Manager (ARM) Templates
ARM templates are JSON files that define the infrastructure and configuration of Azure resources. They are declarative: you specify the desired state in terms of what resources to deploy, and Azure Resource Manager handles the provisioning. ARM templates support parameters, variables, functions, outputs, and nested/linked templates for modular deployments.
Bicep
Bicep Language
Bicep is a domain-specific language (DSL) that provides a cleaner, more concise syntax than ARM JSON. Every Bicep file is transpiled to an ARM template before deployment. Bicep supports modules for reusability, automatic dependency management, and type safety. Microsoft recommends Bicep for all new IaC authoring.
Deployment Scopes
ARM templates and Bicep support four deployment scopes:
- Resource group: Deploy resources into a specific resource group (most common).
- Subscription: Create resource groups and assign policies at the subscription level.
- Management group: Apply policies across multiple subscriptions.
- Tenant: Configure tenant-wide settings and management groups.
Deployment Modes
ARM supports two deployment modes:
- Incremental (default): Adds or updates resources defined in the template without deleting resources not in the template.
- Complete: Deletes resources in the resource group that are not defined in the template. Use with caution as it can remove resources unintentionally.
2. Compute Deployments
Virtual Machine Deployments
Azure Virtual Machines provide full control over the operating system and software. Key deployment considerations include VM size selection, OS image, disk type (Standard HDD, Standard SSD, Premium SSD, Ultra Disk), and placement in Availability Sets or Availability Zones for high availability.
Virtual Machine Scale Sets (VMSS)
VMSS Deployment
VMSS deploys and manages a set of identical VMs that can automatically scale in or out based on demand or a schedule. VMSS supports zone-redundant deployments across Availability Zones. Orchestration modes include Uniform (classic, identical instances) and Flexible (mix of VM types in a scale set).
| Compute Option | Best For | Scaling | Management Overhead |
|---|---|---|---|
| Virtual Machines | Full OS control, legacy apps | Manual or VMSS | High (OS patching, updates) |
| VMSS | Identical workloads, auto-scaling | Automatic | Medium |
| App Service | Web apps, APIs | Automatic (built-in) | Low (PaaS) |
| Azure Functions | Event-driven, serverless | Automatic (consumption) | Minimal |
3. Container Deployments
Azure Container Instances (ACI)
ACI provides the fastest and simplest way to run a container in Azure without managing VMs or orchestration platforms. ACI is ideal for short-lived tasks, batch jobs, and simple applications that do not require orchestration. It supports both Linux and Windows containers and provides per-second billing.
Azure Kubernetes Service (AKS)
AKS Architecture
AKS is a managed Kubernetes service where Azure manages the control plane (API server, etcd, scheduler) at no charge. You pay only for the worker nodes. AKS supports node pools with different VM sizes, auto-scaling with the cluster autoscaler, and integration with Azure CNI for advanced networking. AKS is the recommended choice for microservices architectures requiring orchestration, rolling updates, and service discovery.
Azure Container Registry (ACR)
ACR is a managed Docker registry for storing and managing container images. It supports geo-replication for distributing images close to deployment regions, image vulnerability scanning, and integration with AKS for image pull authentication using managed identities. ACR tiers include Basic, Standard, and Premium (with geo-replication and private endpoints).
Container Deployment Decision Matrix
| Service | Use Case | Orchestration | Scaling |
|---|---|---|---|
| ACI | Simple containers, batch jobs, sidecar patterns | None | Manual (container groups) |
| AKS | Microservices, complex orchestration, production workloads | Kubernetes | Cluster autoscaler + HPA |
| App Service Containers | Web apps in containers, simpler management | None (PaaS) | Built-in auto-scale |
4. Database and Storage Deployments
Azure SQL Deployment Options
Azure SQL offers three deployment models:
- Azure SQL Database: Fully managed single database or elastic pool. Best for cloud-born applications. Supports serverless compute tier for intermittent workloads.
- Azure SQL Managed Instance: Near-100% compatibility with on-premises SQL Server. Best for lift-and-shift migrations requiring features like SQL Agent, cross-database queries, or CLR integration.
- SQL Server on Azure VMs: Full control over SQL Server and the OS. Best when you need specific SQL Server versions or OS-level access.
Azure Cosmos DB Deployment
Cosmos DB APIs
Cosmos DB supports multiple APIs: NoSQL (native), MongoDB, Cassandra, Gremlin (graph), and Table. The API is chosen at account creation and cannot be changed. For new applications, the NoSQL API is recommended. For migrations from existing MongoDB or Cassandra workloads, use the corresponding API for compatibility.
Storage Account Deployments
Azure Storage accounts support Blob, File, Queue, and Table storage. Key deployment decisions include:
- Performance tier: Standard (HDD-backed) or Premium (SSD-backed).
- Account kind: StorageV2 (general-purpose v2) is recommended for most scenarios.
- Redundancy: LRS, ZRS, GRS, RA-GRS, GZRS, or RA-GZRS based on durability requirements.
- Access tier: Hot or Cool as the default account tier.
5. Web App and Service Fabric Deployments
Azure App Service
App Service is a fully managed PaaS for hosting web applications, REST APIs, and mobile backends. It supports .NET, Java, Node.js, Python, PHP, and Ruby. Key deployment features include deployment slots (for staging and blue-green deployments), auto-scaling, custom domains, and SSL certificates.
Deployment Slots
Deployment slots allow you to deploy a new version of your application to a staging slot, validate it, and then swap it with the production slot. The swap operation is instant (no downtime) and can be automatically rolled back if health checks fail. Deployment slots are available on Standard tier and above.
Service Fabric Deployments
Azure Service Fabric is a distributed systems platform for deploying and managing microservices and containers. It supports both stateful and stateless services. Service Fabric manages service placement, failover, and scaling across a cluster of VMs. It is the underlying platform for many Azure services including Cosmos DB and Azure SQL.
When to Choose Service Fabric
Choose Service Fabric when you need stateful microservices with reliable collections, fine-grained control over service placement, or actor-based programming models. For most containerized workloads, AKS is the recommended choice. Service Fabric is best when your application architecture specifically benefits from its programming models.
Key Terms
| Term | Definition |
|---|---|
| ARM Template | JSON-based declarative infrastructure-as-code format for deploying Azure resources through Azure Resource Manager. |
| Bicep | Domain-specific language that transpiles to ARM templates, providing cleaner syntax, modules, and automatic dependency management. |
| ACI (Azure Container Instances) | Simplest way to run containers in Azure without managing VMs or orchestrators. Per-second billing. |
| AKS (Azure Kubernetes Service) | Managed Kubernetes service with a free control plane. Recommended for production microservices requiring orchestration. |
| ACR (Azure Container Registry) | Managed Docker registry with geo-replication, vulnerability scanning, and AKS integration. |
| Deployment Slots | App Service feature for staging deployments with zero-downtime swap to production. Available on Standard tier and above. |
| SQL Managed Instance | Azure SQL deployment model with near-100% on-premises SQL Server compatibility for lift-and-shift migrations. |
| Service Fabric | Distributed systems platform for stateful/stateless microservices with reliable collections and actor programming models. |
Exam Tips
- Bicep is the recommended IaC language for new projects. It compiles to ARM JSON and provides cleaner syntax. Know that Bicep and ARM templates are functionally equivalent at deployment time.
- ARM template Complete mode deletes resources not in the template. Incremental mode (default) only adds or updates. Always specify the mode carefully in exam scenarios.
- Choose ACI for simple, short-lived container tasks. Choose AKS for production microservices requiring orchestration, scaling, and service discovery.
- Azure SQL Managed Instance is the answer for lift-and-shift migrations requiring SQL Agent, cross-database queries, or CLR integration. Azure SQL Database does not support these features.
- Deployment slots with auto-swap provide zero-downtime deployments for App Service. They are not available on the Free or Basic tiers.
- Service Fabric is the correct answer when the scenario specifically requires stateful services with reliable collections. For general container orchestration, prefer AKS.
Practice Questions
Question 1
You are creating a new infrastructure-as-code project for Azure deployments. You want a readable, concise syntax with module support and automatic dependency resolution. Which tool should you use?
A. ARM templates (JSON)
B. Bicep
C. Azure CLI scripts
D. Terraform
Answer: B
Bicep provides concise syntax, native module support, and automatic dependency management. It transpiles to ARM JSON. Microsoft recommends Bicep for all new Azure IaC authoring. ARM JSON is verbose and lacks native module support.
Question 2
You need to deploy an ARM template and ensure that any resources in the resource group not defined in the template are removed. Which deployment mode should you use?
A. Incremental
B. Complete
C. Validate
D. WhatIf
Answer: B
Complete mode deletes resources in the resource group that are not defined in the template. Incremental mode (default) only adds or updates without deleting existing resources. WhatIf previews changes but does not deploy.
Question 3
Your development team needs to run short-lived batch processing containers without managing any infrastructure. Which Azure service is most appropriate?
A. Azure Kubernetes Service (AKS)
B. Azure Container Instances (ACI)
C. Azure App Service
D. Azure Service Fabric
Answer: B
ACI provides the simplest way to run containers without managing VMs or orchestration. It offers per-second billing making it ideal for short-lived batch jobs. AKS is more suitable for complex, long-running production workloads.
Question 4
You are migrating an on-premises SQL Server application to Azure. The application uses SQL Server Agent jobs, cross-database queries, and CLR assemblies. Which Azure SQL option should you choose?
A. Azure SQL Database (single database)
B. Azure SQL Database (elastic pool)
C. Azure SQL Managed Instance
D. Azure Database for PostgreSQL
Answer: C
Azure SQL Managed Instance provides near-100% compatibility with on-premises SQL Server, including SQL Agent, cross-database queries, and CLR integration. Azure SQL Database does not support these features natively.
Question 5
You want to deploy a new version of your web application without downtime. Users should be gradually shifted to the new version, and you need the ability to roll back instantly if issues are detected. Which App Service feature should you use?
A. Azure Traffic Manager
B. Deployment slots with swap
C. Azure Front Door
D. Blue-green deployment using two App Service plans
Answer: B
Deployment slots allow you to deploy to a staging slot, validate the new version, and perform a zero-downtime swap to production. If issues arise, you can swap back instantly. This is the built-in App Service feature designed for this purpose.
AZ-305 Designing Azure Infrastructure Solutions - Table of Contents
Master all exam topics with comprehensive study guides and practice questions.