Sie sind auf Seite 1von 23

Early Experts Study Guide for Microsoft Specialist

Certification Exam 70-534, Architecting Microsoft Azure


11 Jan 2015 9:03 PM

Disclaimer: This exam study guide is not intended as a replacement for formal training on
Microsoft Azure.

This exam study guide is intended as a study reference tool to

assist experienced architects with preparing for Microsoft
Specialist certification via Exam 70-534, Architecting Microsoft
Azure Solutions.

Exam 70-534 is one of three exams that can be successfully passed to complete Microsoft
Specialist certification on Microsoft Azure. Other exams in this Microsoft Specialist series include:

Exam 70-532, Developing Microsoft Azure Solutions

Exam 70-533, Implementing Microsoft Azure Solutions

Only one exam listed above (70-532 or 70-533 or 70-534) needs to be passed to attain Microsoft
Specialist certification on Microsoft Azure.

About this Exam Study Guide

This exam guide presents the target exam objectives within each of the above objective domains in
a checklist format to provide an easy method for experienced exam candidates to quickly selfassess their general exam preparedness and also provide specific study resources to help
candidates address knowledge gap areas prior to attempting this exam. These are the same study
resources that I personally used to prepare for Exams 70-534, 70-533 and 70-532 myself, so Ive
already taken time to proof and review each and every resource.

Of course, you may have your own suggestions for improvements feel free to email
me or connect with me online. Id love to hear your feedback!

About Exam 70-534

Who should take Exam 70-534?
This exam is for candidates who are interested in validating their Microsoft Azure solution design
skills. Candidates should know the features and capabilities of Azure services to be able to identify
tradeoffs and make decisions for designing public and hybrid cloud solutions. Candidates who take
this exam are expected to be able to define the appropriate infrastructure (IaaS) and platform
solutions (PaaS) to meet the required functional, operational, and deployment requirements
through the solution lifecycle.
Exam 70-532: Developing Microsoft Azure Solutions and Exam 70-533: Implementing Microsoft
Azure Infrastructure Solutions are useful for candidates who also want to validate their
implementation experience across cloud projects, but they are not prerequisites for this exam.

Which skills does Exam 70-534 target?

Exam 70-534 targets the following six (6) certification objective domains:

Design Microsoft Azure infrastructure and networking (15-20%)

Secure resources (15-20%)

Design an application storage and data access strategy (15-20%)

Design an advanced application (15-20%)

Design websites (15-20%)

Design a management, monitoring and business continuity strategy (15-20%)

Exam Format and Question Types

Microsoft certification exams may use a variety of exam question formats to test related skills. If
you haven't taken a Microsoft certification exam recently, be sure to review the following
information to get a better understanding of each question format that may be used for your exam.

Microsoft Exam Format and Question Types

Additional Study Resources for Exams 70-532 and 70-533

In addition to the exam preparation resources for Exam 70-534 in this study guide, you will find
these additional resources helpful if you are also planning to prepare for Exam 70-532, Developing
Microsoft Azure Solutions and/or Exam 70-533, Implementing Microsoft Azure Solutions.

Additional study resources for Exam 70-532

Exam Prep Course for Exam 70-532 on Microsoft Virtual Academy

Study Guide for Exam 70-532 by Jeremy Foster

Additional study resources for Exam 70-533

Azure IaaS for IT Pros training course on Microsoft Virtual Academy

Early Experts Study Guide for Exam 70-533 by Jennelle Crothers

Getting Started
If youve not already done so, youll need an active Microsoft Azure subscription to gain the most
value from this exam study guide. Many of the resources below involve hands-on activities, and
having access to Azure is key to mastery of the associated skills.

Activate a Microsoft Azure subscription

If you dont currently have an active Microsoft Azure subscription, you can obtain one for free via
ourMicrosoft Azure free trial subscription program.

Formal Training on Microsoft Azure

If youre completely new to Microsoft Azure, you may wish to complete a formal training program to
build foundational knowledge before leveraging this Exam Study Guide. Foundational training on
Microsoft Azure is available via:

Early Experts: Hybrid Cloud Specialist

Microsoft Virtual Academy

Channel 9 Azure Friday

Microsoft Press ebooks and training guides

Additional Microsoft ebooks

In-person Microsoft Azure Training via Microsoft Learning Partners

In addition to foundational training, an online training course that specifically targets this exam is
also available on Microsoft Virtual Academy.

Exam prep training: Architecting Microsoft Azure Solutions

Using this Exam Study Guide

When you're ready to begin preparing for your certification exam, I'd recommend following this
strategy to use your time as productively as possible:

Review each objective listed below at a high-level under each objective domain.


Check-off exam objectives for which you already feel that you have sufficient knowledge.


For the remaining exam objectives, review the linked study resources.


As you progress, check-off each exam objective when you've completed the linked study


After all exam objectives have been checked-off, you're ready to schedule your exam!

1. Design Microsoft Azure infrastructure and networking (1520%)

1.1 Describe how Azure uses Global Foundation Services (GFS) datacenters.
Understand Azure datacenter architecture, regional availability, and high availability

Azure Regions Overview

Azure Services by Region

Microsoft Global Cloud Datacenters

Microsoft Cloud Datacenter Virtual Tour

Azure Cloud Lessons from Scale

Microsoft Azure Subscription and Service Limits, Quotas and Constraints

Azure Datacenter Public IP Address Ranges

Azure Service Level Agreements

1.2 Design Azure virtual networks.

Deploy Azure Active Directory

What is an Azure AD directory?

Azure Active Directory Editions

Getting Started with Azure AD Premium

Extend on-premises Active Directory

Determine which directory integration scenario to use

Directory Synchronization Tools

Azure AD Connect

Directory Sync with Password Sync Scenario

Directory Sync with SSO using ADFS

Design Azure Virtual Networks

TCP/IP Fundamentals for Microsoft Windows

8 Steps to Understanding IP Subnetting

Understand the basics of network security

Virtual Network FAQ

Configure a Cloud-Only Virtual Network

Add or Remove DNS Servers for a Virtual Network

About Regional VNets and Affinity Groups for Virtual Networks

About Public IP Address Space and Virtual Network

Create a VM with Multiple NICs

Move a VM or Role Instance to a Different Subnet in an Azure Virtual Network

Export and Import Virtual Network Settings

Define static IP reservations

Configure a Static Internal IP Address (DIP) for a VM

Reserved Public IP Addresses (VIPs)

Instance-Level Public IP Addresses (PIP)

Understand ACLs and Network Security Groups

How to Set Up Endpoints to a Virtual Machine

Enable Communication for Role Instances in Azure

About Network Access Control Lists (ACLs)

About Network Security Groups

IP and Domain Restrictions for Azure Web Sites

1.3 Design Azure Compute.

Design applications using Azure IaaS virtual machines (VMs) IaaS and PaaS roles.

Microsoft Azure Architecture Overview

Overview of Azure Virtual Machines

Azure Virtual Machines FAQ

Build an Application that runs in Cloud Services

Building Real-world Cloud Apps (summary)

Building Real-world Cloud Apps (eBook)

Cloud Design Patterns

Transient Fault Handling Application Block

FailSafe: Guidance for Resilient Cloud Architectures

Scaling applications using Cloud Services

Run Software in Azure IaaS VMs

Azure Architecture Guide

Understand availability sets, fault domains, and update domains in Azure

Manage the availability of Azure IaaS virtual machines

Azure Fault Domains and Upgrade Domains Explained

Upgrade Domains with Azure Cloud Services

Differentiate between virtual machine classifications

Virtual Machine and Cloud Service Sizes for Azure

1.4 Describe Azure virtual private network (VPN) and ExpressRoute.

Azure site-to-site (S2S) VPN

About VPN Gateways

Configure a Site-to-Site VPN in the Management Portal

Configure a VNet-to-Vnet Connection

Configure a Multi-Site VPN

About Forced Tunneling

Diagnose Azure Virtual Network VPN Connectivity

Azure ExpressRoute

Azure ExpressRoute Technical Overview

Azure ExpressRoute FAQ

ExpressRoute workflow for circuit provisioning

Create an ExpressRoute circuit

Create and modify routing for an ExpressRoute circuit

Configure a Virtual Network for ExpressRoute

Link a Virtual Network to an ExpressRoute circuit

Microsoft Azure ExpressRoute (eBook)

Azure point-to-site (P2S) VPN

Configure a Point-to-Site VPN in the Management Portal

List connected Point-to-Site VPN clients

Revoking and Reinstating Client VPN Certificates for Point-to-Site VPNs

1.5 Describe Azure services.

Understand Azure Services, at a high level

Microsoft Azure Services Overview

Azure load balancing options, including Traffic Manager

Load Balancing Azure IaaS Virtual Machines

Microsoft Azure Load Balancing Services

Azure Load Balancer New Distribution Modes

Configurable Idle Timeout for Azure Load Balancer

Azure Media Services

Azure Media Services Overview

Azure Content Delivery Network (CDN)

Azure CDN Overview

Azure Cache

Azure In-Role Cache Overview

Azure Managed Cache Overview

Azure Redis Cache Overview

Common cache patterns with Azure Redis Cache

Azure Service Bus

How to use Service Bus Queues

How to use Service Bus Topics/Subscriptions

How to use Service Bus Relay

Azure Active Directory (Azure AD)

What is Azure Active Directory?

Common Authentication Scenarios with Azure AD

Multi-Factor Authentication

What is Azure Multi-Factor Authentication?

2. Secure resources (1520%)

2.1 Secure resources by using managed identities.
Describe the differences between Active Directory on-premises and Azure AD

Comparing Active Directory and Azure AD

Programmatically access Azure AD using Graph API

Azure AD Graph API

Secure access to resources from Azure AD applications using OAuth and OpenID

OAuth 2.0 in Azure AD

OpenID Connect 1.0

Azure Active Directory Code Samples

2.2 Secure resources by using hybrid identities.

Use SAML claims to authenticate to on-premises resources

A Developers Introduction to Active Directory Federation Services

SAML Protocol Reference

Implement federated identities using Azure Access Control service (ACS) and Active
Directory Federation Services (ADFS)

Configure AD FS 2.0 as an Identity Provider with Azure Access Control Service 2.0

2.3 Secure resources by using identity providers

Provide access to resources using identity providers, such as Microsoft account,
Facebook, Google, and Yahoo!

Configure Facebook as an Identity Provider with Azure Access Control Service 2.0

Configure Yahoo! as an Identity Provider with Azure Access Control Service 2.0

2.4 Identify an appropriate data security solution

Use the appropriate Access Control List (ACL), and identify security requirements for
data in transit and data at rest

Protecting Data in Azure

2.5 Design a role-based access control strategy

Secure resource scopes, such as the ability to create VMs and websites

Security Management in Microsoft Azure

Role-based Access Control in the Azure Preview Portal

3. Design an application storage and data access strategy (1520%)

3.1 Design storage options for data, including the following technologies:
Azure Storage Options

Data Storage Options

Data Partitioning Strategies

Unstructured Blob Storage

Configure Software RAID on Linux VMs

Using Storage Spaces on Windows VMs

Introduction to Azure Files

Persisting Connections to Azure Files

Data Management Patterns and Guidance

Azure SQL Database

Azure SQL Database Service Tiers

Azure SQL Database Guidelines

Azure SQL Database Resource Management

Whats new in the Latest Azure SQL Database Update V12 (preview)

Data Access Application Block

Azure DocumentDB

Introduction to Azure DocumentDB

DocumentDB Resource Model and Concepts

Azure DocumentDB FAQ

Getting Started with Azure DocumentDB

DocumentDB Limits

DocumentDB Indexing Policies and Performance Tuning


Introduction to MongoDB

Deploy MongoDB Worker roles in Azure

MongoDB as a Service in the Azure Marketplace

MongoDB Architecture Guide

ClearDB MySQL Database as a Service for Azure

Create a LAMP Stack with Microsoft Azure VMs

Clusterize MySQL on Linux using Azure VMs

MySQL Reference Architectures for Massively Scalable Web Infrastructure


3.2 Design security options for data, including:

SQL Database

Azure SQL Database Security Guidelines

Azure Storage

Manage Access to Azure Storage Resources

3.3 Design applications with Mobile Services using .NET and JavaScript
Create Azure Mobile Services

Create a new mobile service in the Management Portal

Consume Mobile Services from cross-platform clients

Get Started with Mobile Services

Integrate offline sync capabilities into an application

Get Started with Offline Data Sync in Mobile Services

Extend Mobile Services using custom code

Call a custom API from the client

Secure Mobile Services using Azure AD

Add authentication to your Mobile Services app

3.4 Design applications that use notifications

Implement push notification services in Mobile Services

Add push notifications to your Mobile Services app

Send push notifications to all subscribers, specific, or a segment of subscribers

Send push notifications to authenticated users

3.5 Design applications that use a web API

Implement a custom web API

Create a REST services using ASP.NET Web API and SQL Database

Scale using Azure Websites

How to scale Azure Websites

Offload long-running applications using WebJobs

How to Deploy Azure WebJobs to Azure Websites

Secure a web API using Azure AD

Secure a web application in an Azure Website

3.6 Design a data access strategy for hybrid applications.

Service Bus Relay

Connect .NET Hybrid Application Using Service Bus Relay

BizTalk Hybrid Connections

BizTalk Hybrid Connections Overview

Create and manage Hybrid Connections

Connect an Azure website to an on-premises resource using Hybrid Connections

VPN capability of Azure Websites

Integrate Azure Websites with Azure Virtual Networks

Identify constraints for connectivity with VPN

VPN Device Connectivity Requirements

Identify options for joining VMs to domains or cloud services

How to join Web and Worker Roles to Active Directory Domain

Auto-Join Azure IaaS VM to Active Directory Domain

3.7 Design a media solution.

Understand key components of Media Services, including streaming capabilities,
video on-demand capabilities, and monitoring services

Azure Media Services Tutorials and Resources

Building an On-demand Video Service with Microsoft Azure Media Services (ebook)

4. Design an advanced application (1520%)

4.1 Create compute-intensive applications.
Design high-performance computing (HPC) and other compute-intensive applications
using Azure Services

Big Compute on Azure

Azure Batch technical overview

Getting Started with the Azure Batch Library for .NET

4.2 Create long-running applications.

Implement worker roles for scalable processing with stateless components

Introduction to Worker Roles Part 1

Introduction to Worker Roles Part 2

4.3 Select the appropriate storage option.

Identify storage options for cloud services

Get Started with Azure Cloud Services and Storage in ASP.NET

Configure Local Storage Resources for Cloud Services

Use a queue-centric pattern for development

Queue-Centric Work Pattern (Building Real-World Cloud Apps)

Select the appropriate storage for performance

Azure Storage Scalability and Performance Targets

Azure Premium Storage: High Performance Storage for Virtual Machine Workloads

Azure SQL Database Performance Guidance

Storage Performance Considerations for SQL Server on Azure IaaS VMs

Design hybrid scenarios with compute on-premises and storage on Azure

Rethinking Enterprise Storage A Hybrid Cloud Model (eBook)

Differentiate between cloud services and VMs interacting with storage service and
SQL Database

Azure Execution Models

Understanding Azure SQL Database and SQL Server in Azure VMs

4.4 Integrate Azure services in a solution with the following technologies:

Azure Machine Learning

Azure Machine Learning FAQ

Getting Started with Azure Machine Learning

Big Data

Developing Big Data Solutions on Azure HDInsight

Azure Media Services

Building an On-demand Video Service with Microsoft Azure Media Services

Azure Search

Introduction to Azure Search

Get started with Azure Search

Azure Search Limits and Constraints

5. Design websites (1520%)

5.1 Design websites for scalability and performance
Create and Deploy Azure Websites

Create a Global Web Presence on Azure Websites

Create websites using Visual Studio

Get started with Azure Websites and ASP.NET

Create a Line-of-Business Application on Azure Websites

Globally scale websites

How to Scale Websites

Integrate Azure Website with Azure CDN

Debug websites

Enable diagnostic logging for Azure Websites

Troubleshooting Azure Websites in Visual Studio

Understand supported languages

.NET Get started with Azure Websites and ASP.NET

Java Get started with Azure Websites and Java

Node.js Build and deploy a Node.js website to Azure Websites

PHP How to create a PHP website in Azure Websites

Python Creating Websites with Django Python

Python - Creating Websites with Bottle Python

Python - Creating Websites with Flask Python

Differentiate between websites to VMs and cloud services

Azure Websites, Cloud Services and Virtual Machines comparison

5.2 Deploy websites

Implement Azure Site Extensions

Azure Websites Site Extensions

Create packages

Create a Web Deployment Package in Visual Studio

Hosting plans and Resource Groups

Azure Websites Web Hosting Plans in-Depth

Deployment slots

Staged Deployment on Azure Websites

Publishing options

Publishing to Azure Websites with Git

Continuous delivery to Azure using Visual Studio Online

How to Deploy Azure Websites using other options, such as WebDeploy and FTP

5.3 Design websites for business continuity

Scale up and scale out using Azure Websites and SQL Database

Scaling Your Web Application with Azure Websites

Getting Started with Azure SQL Database Elastic Scale

Configure data replication patterns

Data Replication and Synchronization Guidance

Update websites with minimal downtime

Staged Deployment on Azure Websites

Backup and restore data

Azure Websites Backups

Restore an Azure Website

Design websites across multiple regions for high availability and disaster recovery

Best Practices: Azure Websites

Design the data tier

Deploy a Secure ASP.NET App with SQL Database to an Azure Website

6. Design a management, monitoring, and business continuity

strategy (1520%)
6.1 Evaluate hybrid and Azure-hosted architectures for Microsoft System
Center deployment.
Understand, at an architectural level, which components are supported in Azure

Microsoft Server Software Support on Azure

System Center 2012 Configuration Manager and Endpoint Protection on Azure

Describe design considerations for managing Azure resources with System Center

Microsoft System Center: Cloud Management with App Controller (eBook)

Understand which scenarios would dictate a hybrid scenario

Microsoft System Center: Integrated Cloud Platform (eBook)

Getting Started with Windows Azure Pack

6.2 Design a monitoring strategy.

Identify the Microsoft products and services for monitoring Azure solutions

Hybrid Cloud Monitoring, Management and Operations

Understand the capabilities of System Center for monitoring an Azure solution

System Center Management Pack for Azure Guide

Understand built-in Azure capabilities

Understanding Monitoring Alerts and Notifications in Azure

How to Monitor Azure Websites

How to Monitor Cloud Services

How to Monitor a Storage Account

Monitoring Azure SQL Database using Dynamic Management Views

Configure Web Endpoint Status Monitoring

About Traffic Manager Monitoring

Microsoft Azure Security and Audit Log Management

Automate Health Monitoring Alert Rules in the Cloud

Describe use cases for Operations Manager, Global Service Monitor, and Application

Global Service Monitor

Microsoft Azure Operational Insights

Application Insights

Identify third-party monitoring tools, including open source

ClearPointe Managed Azure Management

New Relic Application Performance Management on Azure

Alert Logic Log Manager


Nagios XI

Describe the use cases for Windows Software Update Services (WSUS), Configuration
Manager, and custom solutions

Windows Server Update Services

Software Update Management in System Center Configuration Manager

Manage Windows Updates on an Azure VM using Azure Automation

Describe the Azure architecture constructs, such as availability groups and update
domains, and how they impact a patching strategy

Azure Cloud Services Guest OS Update Settings

Update an Azure Cloud Service

Azure Cloud Lifecycle FAQ

6.3 Describe Azure business continuity/disaster recovery (BC/DR) capabilities.

Understand the architectural capabilities of BC/DR

Azure Storage Redundancy Options

Azure SQL Database Business Continuity

Azure Recovery Options for Azure Virtual Machines

SQL Server in Azure IaaS VMs Disaster Recovery

Describe Hyper-V Replica and Azure Site Recovery (ASR) and associated use cases

Azure Site Recovery

6.4 Design a disaster recovery strategy.

Design and deploy Azure Backup and other Microsoft backup solutions for Azure

Azure Backup Overview

Azure Backup Frequently Asked Questions

Getting Started with Azure Backup

Understand use cases when StorSimple and System Center Data Protection Manager
would be appropriate

Backup DPM Workloads to Azure

Configure Azure Storage for System Center DPM

StorSimple Solution Overview

6.5 Design Azure Automation and PowerShell workflows.

Create a PowerShell script specific to Azure

Approved Verbs for Windows PowerShell Commands

How to install and configure Azure PowerShell

Azure PowerShell Cmdlet Reference

Using PowerShell with Azure Resource Manager

Using Azure PowerShell with the Azure Service Management REST API

Azure Script Center

6.6 Describe the use cases for Azure Automation configuration.

Understand when to use Azure Automation, Chef, Puppet, PowerShell, or Desired
State Configuration (DSC)

Getting Started with Azure Automation

End-to-End Azure Provisioning with Azure Automation and PowerShell DSC Part 1

End-to-End Azure Provisioning with Azure Automation and PowerShell DSC Part 2

PowerShell DSC Resource Kit

PowerShell DSC for Linux

Automated Provisioning for Linux with Azure Xplat CLI and Node.js Part 1

Automated Provisioning for Linux with Azure Xplat CLI and Node.js Part 2

Puppet and Azure: Bringing DevOps to the Enterprise

Deploying Puppet Enterprise in Microsoft Azure

Hands-free Configuration of Microsoft Azure VMs using Chef

Getting Started with Docker on Microsoft Azure

Scheduling your Exam

When youre ready to take your exam, you can schedule to take it as an online proctored exam or
at aPearson VUE exam testing facility worldwide.

DO IT! Schedule Exam 70-534

For other questions regarding Microsoft certification exams and exam policies, visit the Microsoft
LearningExam policies and FAQ page.
Good luck with your exam preparation!

70-534, study guide, architect, Certification, Microsoft Azure, EarlyExperts

Interested in learning more about the Cloud &

Be sure to check out these additional resources:

GET CERTIFIED! Join EARLY EXPERTS. We'll help you get certified on
Hyper-V, Cloud and MORE!

READ IT! Accelerating DevOps with the Cloud using Microsoft Azure & Friends

WATCH IT! MVA Jump Start: DevOps for IT Pros

DO IT! Step-by-Step: 20+ Key Cloud Scenarios for IT Pros

Are you a STARTUP? Join BizSpark for FREE access to Azure cloud services

About the Author ...

Keith Mayer is a Principal Technical Architect at Microsoft, focused on helping ISV
partners leverage the Azure cloud platform. Keith has over 20 years of experience as a
technical leader of complex IT projects, in diverse roles, such as Network Engineer, IT
Manager, Technical Instructor and Consultant. He has consulted and trained thousands of
customers and partners worldwide on design of enterprise technology solutions.
Keith is currently certified on several Microsoft technologies, including Azure, Private
Cloud, System Center, Hyper-V, Windows, Windows Server, SharePoint, SQL Server and
Exchange. He also holds other industry certifications from VMware, Amazon AWS, IBM,
Cisco, Citrix, HP, CheckPoint, CompTIA and Interwoven.
You can contact Keith online at