Friday, June 26, 2020

Preparation Guide for Microsoft AZ-400 Microsoft Azure DevOps Solutions Certification


This article is just one another preparation guide to Microsoft exam AZ-400 (but probably the most complete). I hope it will be useful 🙂

Even you don’t plan to take the exam, all this content is really interesting to read and understand if you want to discover and improve your knowledge on DevOps on Azure.

Before starting studying, you must know very well what this certification is about and what are the prerequisites.

The topics included in this exam are the following :

  • Design a DevOps strategy (20-25%)
  • Implement DevOps development processes (20-25%)
  • Implement continuous integration (10-15%)
  • Implement continuous delivery (10-15%)
  • Implement dependency management (5-10%)
  • Implement application infrastructure (15-20%)
  • Implement continuous feedback (10-15%)

More details : https://www.microsoft.com/en-us/learning/exam-az-400.aspx

Module 0 – DevOps & Azure DevOps – basics

Module 1 – Design a DevOps strategy (20-25%)

Free ebook : effective DevOps
https://azure.microsoft.com/en-us/resources/effective-devops/

What is DevOps ?
https://docs.microsoft.com/en-us/azure/devops/learn/what-is-devops

https://docs.microsoft.com/en-us/learn/modules/get-started-with-devops/

DevOps: Bridging the gap between business and development
https://www.developer-tech.com/news/2016/jan/29/devops-bridging-gap-between-business-and-development/

Analyze existing Test Management Tools
Azure Test Plans
https://azure.microsoft.com/en-us/services/devops/test-plans/
https://docs.microsoft.com/en-us/azure/devops/test-plans/index?view=azure-devops

Cloud-based load testing service end of life
https://devblogs.microsoft.com/devops/cloud-based-load-testing-service-eol/

Analyze existing Work Management Tools
Azure Boards
https://docs.microsoft.com/en-us/azure/devops/boards/get-started

Best tool to add, update, and link work items
https://docs.microsoft.com/en-us/azure/devops/boards/work-items/best-tool-add-update-link-work-items?toc=/azure/devops/boards/get-started/toc.json&bc=/azure/devops/boards/get-started/breadcrumb/toc.json&view=azure-devops

Concurrent Pipelines (Parallel Jobs)
https://docs.microsoft.com/en-us/azure/devops/pipelines/licensing/concurrent-jobs-vsts

Design a license management strategy
https://azure.microsoft.com/en-us/services/devops/compare-features/
https://azure.microsoft.com/en-us/pricing/details/devops/azure-devops-services/

Recommend a strategy for measuring and managing technical debt
Design a quality strategy
Managing Technical Debt
https://www.youtube.com/watch?v=KM0O633KZEE
Developers’ Seven Deadly Sins
https://docs.sonarqube.org/display/SONARQUBE45/Developers%27+Seven+Deadly+Sins
Driving continuous quality of your code with SonarCloud
https://www.azuredevopslabs.com/labs/vstsextend/sonarcloud/

Design a secure development process
DevSecOps : https://www.youtube.com/watch?v=ukdW9eTv3uw
WhiteSource Bolt – Free developer tool for finding and fixing open source vulnerabilities
https://bolt.whitesourcesoftware.com/
https://bolt.whitesourcesoftware.com/azure/faq/
Managing Open-source security and license with WhiteSource
https://www.azuredevopslabs.com/labs/vstsextend/WhiteSource

Check policy compliance with gates
https://docs.microsoft.com/en-us/azure/devops/pipelines/policies/azure-policy?view=azure-devops

Azure Blueprints & Policy to get DevOps right | Best of Microsoft Ignite 2018
https://www.youtube.com/watch?time_continue=1&v=OiOXlgFNgDo

Migrate for TFVC to Git
https://github.com/git-tfs/git-tfs

Import a Git repo
https://docs.microsoft.com/en-us/azure/devops/repos/git/import-git-repository?view=azure-devops

Bring your own repo to Azure DevOps
https://docs.microsoft.com/en-us/azure/devops/boards/github/connect-to-github?view=azure-devops
https://dailydotnettips.com/bring-your-own-git-repository-code-to-azure-devops-project/

Module 2 – Implement DevOps development processes (20-25%)

— Design a Version Control Strategy —

Azure DevOps Repo

2 kinds of repo :

  • TFVC (Team Foundation Version Control)
  • Git
  • Pull requests (for example to move new stuff in master branch)
  • Branch policies (ex: prevent people to commit change to master branch)
  • Hooks for CI/CD

Solutions like Azure Repo : Github, Gitlab, BitBucket

Recommend Branching Models
https://docs.microsoft.com/en-us/azure/devops/repos/git/git-branching-guidance
Improve code quality with branch policies
https://docs.microsoft.com/en-us/azure/devops/repos/git/branch-policies?view=azure-devops

Recommend Version Control Systems
https://docs.microsoft.com/en-us/azure/devops/user-guide/source-control

git user guide
https://docs.microsoft.com/en-us/azure/devops/user-guide/code-with-git?view=azure-devops

Configure Branch Policies
https://docs.microsoft.com/en-us/azure/devops/repos/git/_img/branches/branches-page.png?view=azure-devops

Share code and collaborate on your next project using Git and pull requests hosted by Azure DevOps
https://www.youtube.com/watch?v=J_DHkUKxI0E

Azure DevOps – Maitriser le PullRequest
https://www.youtube.com/watch?v=kJN1sZlcUUw

Recommend Code Flow Strategy
https://docs.microsoft.com/en-us/azure/devops/learn/devops-at-microsoft/release-flow

Mono versus Multi repo

Git Branching Antipatterns
https://www.youtube.com/watch?v=ykZbBD-CmP8

Branching Workflow Types

Collaborating with Pull Request
1- Branch
2- Discuss
3- Merge

Azure Repos Collaborating with Pull Requests
https://www.youtube.com/watch?v=tFB_O9FCh08

GitHooks : A mechanism that allows arbitrary code to be run before, or after, certain Git lifecycle events occur
Can be used to enforce policies…
Introduction to GitHooks : https://www.youtube.com/watch?v=8-JL6NOTZOw
https://githooks.com/

GitVersion is a tool to help you achieve Semantic Versioning
Create version number with the following convention Major.Minor.Patch
Semantic Versioning os all about releases, not builds.

Getting started with InnerSource—open source workflows in the enterprise: https://www.youtube.com/watch?v=D3C12ojRcp0

Azure DevOps Team Projects can be public
https://docs.microsoft.com/en-us/azure/devops/organizations/public/about-public-projects?view=azure-devops

Azure DevOps Pipelines

  • Build Automation
  • Continuous Integration
  • Deployment automation
  • Traceability and compliance
  • Hooks for other products

Solutions like Azure DevOps Pipeline :
Build : Jenkins, TeamCity, Travis CI, Circle CI
Deploy : XebiaLabs XL Deploy, Octopus Deploy,

Azure Pipeline free for open source projects in Github public or private repo
https://github.com/marketplace/azure-pipelines

Azure DevOps Public Project is a organization-level setting

Storing Files in Git:

  • Don’t commit the binaries (especially big ones), logs, tracing output or diagnostic data
  • Use a package management system for library files, DLL and other dependent files

Git Large File Storage (LFS) :
An open source Git extension for versioning large files
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server like GitHub.com or GitHub Enterprise.
CLI : https://git-lfs.github.com/

Concepts of pipeline in DevOps

  • Build automation and Continuous Integration
  • Test automation
  • Deployment automation
  • Your Pipeline needs platform provisioning and configuration management
  • Orchestrating it all : Release and Pipeline Orchestration

Azure Pipelines combines continuous integration (CI) and continuous delivery (CD)

An Artifact is a collection of files and packages published by a build. Artifacts are made available to subsequent tasks, such as distribution or deployment

Concurrent Pipelines (Parallel Jobs)
https://docs.microsoft.com/en-us/azure/devops/pipelines/licensing/concurrent-jobs-vsts

— Implement a mobile DevOps strategy —

CI/CD DevOps Pipeline for mobile apps and services <== you must watch it !
https://azure.microsoft.com/pt-br/resources/videos/connect-2017-ci-cd-devops-pipeline-for-mobile-apps-and-services/

Deploy Azure DevOps Builds with App Center
https://docs.microsoft.com/en-us/appcenter/distribution/vsts-deploy

Using Azure DevOps for UI Testing
https://docs.microsoft.com/en-us/appcenter/test-cloud/vsts-plugin

Code signing for iOS
https://docs.microsoft.com/en-us/appcenter/build/ios/code-signing

Automating Selenium Tests in Azure Pipelines
https://www.azuredevopslabs.com/labs/vstsextend/selenium/

— Managing application configuration and secrets —

Implement a secure and compliant development process
Learn how to add continuous security validation to your CI/CD pipeline
https://docs.microsoft.com/en-us/azure/devops/migrate/security-validation-cicd-pipeline?view=azure-devops

Implement general (non-secret) configuration data
External Configuration Store pattern
https://docs.microsoft.com/en-us/azure/architecture/patterns/external-configuration-store

Manage secrets, tokens, and certificates
Use Azure Key Vault secrets in your CI build https://www.youtube.com/watch?v=jAJO3jE9qek
Azure Key Vault task
https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-key-vault?view=azure-devops
Using secret in a Pipeline
https://www.azuredevopslabs.com/labs/vstsextend/azurekeyvault/
Variable Groups
https://docs.microsoft.com/en-us/azure/devops/pipelines/library/variable-groups?view=azure-devops&tabs=yaml
https://mrdevops.io/introducing-azure-key-vault-to-kubernetes-931f82364354
https://github.com/SparebankenVest/azure-key-vault-to-kubernetes

Implement tools for managing security and compliance in the pipeline
https://docs.microsoft.com/en-us/azure/devops/migrate/security-validation-cicd-pipeline?view=azure-devops#ci-continuous-integration
https://blogs.msdn.microsoft.com/secdevblog/2016/03/30/roslyn-diagnostics-security-analyzers-overview/
https://www.checkmarx.com/
https://github.com/Microsoft/binskim
Scanning 3rd party packages for vulnerabilities and OSS license usage :
https://www.whitesourcesoftware.com/
https://blogs.msdn.microsoft.com/visualstudioalmrangers/2017/06/08/manage-your-open-source-usage-and-security-as-reported-by-your-cicd-pipeline/
OWASP ZAP : https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Performing a Pen Test after each Deployment using OWASP ZAP, Azure Container Instances, and Azure DevOps
https://www.deliveron.com/blog/performing-a-pen-test-after-each-deployment-using-owasp-zap-azure-container-instances-and-azure-devops/
OWASP Zed Attack Proxy Scan
https://marketplace.visualstudio.com/items?itemName=kasunkodagoda.owasp-zap-scan
Threat Modeling
https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling?SilentAuth=1
Azure Key Vault
https://docs.microsoft.com/en-us/azure/key-vault/about-keys-secrets-and-certificates
https://www.synopsys.com/blogs/software-security/protecting-keys-and-secrets-in-microsoft-azure/

Module 3 – Implement Continuous Integration (10-15%)

— Manage code quality and security policies —

From “Technical debt” to “Technical decision”
https://startups.microsoft.com/en-us/blog/from-technical-debt-to-technical-decision/

Let’s talk about Technical Debt
https://devblogs.microsoft.com/premier-developer/lets-talk-about-technical-debt/

SonarCloud
https://sonarcloud.io/about

CICD for Automation Testers -13.4. SonarCloud setup – Cloud SonarQube version
https://www.youtube.com/watch?v=RLDo_54w0tc

Useful Tasks in Azure DevOps (includes SonarCloud)
https://www.youtube.com/watch?v=8dETmUcAl8w

ndepend
https://www.ndepend.com/

resharper
https://www.jetbrains.com/resharper/

What is a pipeline ?
https://devops.com/continuous-delivery-pipeline/

Building and Deploying your Code with Azure Pipelines
https://www.youtube.com/watch?v=NuYDAs3kNV8

Builds Pipelines in Azure DevOps : defined in YAML file or using Visual Designer
Release Pipelines in Azure DevOps : defined using Visual Designer

Azure Pipelines integrate with Azure deployment, on premises or other clouds (AWS, Google Cloud..)

Azure Pipelines
https://docs.microsoft.com/en-us/azure/devops/pipelines/?view=azure-devops

Use Azure Pipelines
https://docs.microsoft.com/en-us/azure/devops/pipelines/get-started/pipelines-get-started?view=azure-devops&tabs=yaml

Create your first pipeline
https://docs.microsoft.com/en-us/azure/devops/pipelines/create-first-pipeline?view=azure-devops&tabs=tfs-2018-2

/!\ review Azure Pipelines terms
Agent, Artifact, Build, Continuous Delivery, Continuous Integration, Deployment Target, Job, Pipeline, Release, Task, Trigger

Azure DevOps Variables
https://www.synopsys.com/blogs/software-security/protecting-keys-and-secrets-in-microsoft-azure/

Azure Pipelines agents
https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/agents?view=azure-devops
To build your code or deploy your software using Azure Pipelines you need at least one agent. As you add more code and people, you’ll eventually need more.

  • Microsoft-hosted agent (runs on a VM or in a container)
  • Self-hosted agents (MacOs, Linux, Windows, Docker)
    Azure Pipelines: https://dev.azure.com/{your_organization}/_settings/agentpools
    Agent pools : https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/pools-queues?view=azure-devops
    default pool is for self-hosted agents, Hosted pool are all other agents

Create your first pipeline
https://docs.microsoft.com/en-us/azure/devops/pipelines/create-first-pipeline?view=azure-devops&tabs=tfs-2018-2

Configuring CI/CD Pipelines as Code with YAML in Azure DevOps
https://www.azuredevopslabs.com/labs/azuredevops/yaml/

Continuously deploy from a Jenkins build /!\
https://docs.microsoft.com/en-us/azure/devops/pipelines/release/integrate-jenkins-pipelines-cicd?view=azure-devops&tabs=yaml

Configuring a CD pipeline for your Jenkins CI /!\
https://www.azuredevopslabs.com/labs/vstsextend/jenkins/

Integrate Your GitHub Projects With Azure Pipelines
https://www.azuredevopslabs.com/labs/azuredevops/github-integration/

Build, test, and push Docker container apps ==> A must do !
https://docs.microsoft.com/en-us/azure/devops/pipelines/languages/docker?view=azure-devops

Use Docker multi-stage builds /!\
https://docs.docker.com/v17.09/engine/userguide/eng-image/multistage-build/

Deploy to an Azure Web App for Containers
https://docs.microsoft.com/en-us/azure/devops/pipelines/apps/cd/deploy-docker-webapp?view=azure-devops

Deploy a Docker container app to Azure Kubernetes Service
https://docs.microsoft.com/en-us/azure/devops/pipelines/apps/cd/deploy-aks?view=azure-devops

Deploying a Multi-container application to Azure Kubernetes Service – https://www.azuredevopslabs.com/labs/vstsextend/kubernetes/

Pipeline options for Git repositories
https://docs.microsoft.com/en-us/azure/devops/pipelines/repos/pipeline-options-for-git?view=azure-devops

Module 4 – Implement continuous delivery (10-15%)

Release approvals and gates overview
https://docs.microsoft.com/en-us/azure/devops/pipelines/release/approvals/?view=azure-devops

Release deployment control using gates
https://docs.microsoft.com/en-us/azure/devops/pipelines/release/approvals/gates?view=azure-devops

YAML Release Pipelines in Azure DevOps
https://www.youtube.com/watch?v=ORy3OeqLZlE

Jenkins
https://jenkins.io

Circle CI
https://circleci.com

Azure DevOps Marketplace
https://marketplace.visualstudio.com

Azure DevOps Agents
https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/pools-queues?view=azure-devops

What is A/B testing ?
https://docs.microsoft.com/en-us/gaming/playfab/features/analytics/ab-testing/

Deployment Strategies Defined
http://blog.itaysk.com/2017/11/20/deployment-strategies-defined

What is canary & dark launching
https://www.functionize.com/blog/what-is-canary-testing-and-dark-launching/

Continuous Delivery and DevOps with Azure DevOps: The Big Picture (excellent content)
https://app.pluralsight.com/library/courses/continuous-delivery-azure-devops-big-picture/table-of-contents

Module 5 – Implement dependency management (5-10%)

Azure Artifacts :

  • Package management
  • Nuget
  • NPM
  • Artifact repo
  • Track usage of external packages
  • Traceability

Package Management with Azure Artifacts
https://www.azuredevopslabs.com/labs/azuredevops/packagemanagement

(Re-)Introducing Azure Artifacts – PRE05 (may 2019)
https://www.youtube.com/watch?v=M9KU0k_HRA0&list=PLlrxD0HtieHgspNIlv1x2H5_cxSRm7B17&index=14&t=0s

Whitesource Bolt
https://marketplace.visualstudio.com/items?itemName=whitesource.ws-bolt

https://bolt.whitesourcesoftware.com/azure/faq/

Module 6 – Implement application infrastructure (15-20%)

— Implement infrastructure as code (IaC) —

Nested ARM Templates: Modularity and Reuse
https://dzone.com/articles/cloud-vs-on-premise-software-deployment-whats-righ

Understand the structure and syntax of Azure Resource Manager templates
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authoring-templates

Using linked and nested templates when deploying Azure resources
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-linked-templates

Use Azure Key Vault to pass secure parameter value during deployment
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter

Terraform with Azure
https://www.terraform.io/docs/providers/azurerm/index.html

Using Ansible on Azure
https://docs.microsoft.com/en-us/azure/ansible/ansible-overview

Ansible module for Azure
https://docs.ansible.com/ansible/latest/modules/list_of_cloud_modules.html#azure

Automating Infrastructure Deployments in the Cloud with Ansible and Azure Pipelines
https://www.azuredevopslabs.com/labs/vstsextend/ansible/

—Manage Azure Kubernetes Service infrastructure —

Provisionning Azure Kubernetes Services
with Azure CLI : https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest#az-aks-create
with PowerShell : https://docs.microsoft.com/en-us/powershell/module/azurerm.aks/New-AzureRmAks?view=azurermps-6.13.0
with ARM template : https://azure.microsoft.com/en-us/resources/templates/101-aks/
with Ansible : https://docs.ansible.com/ansible/latest/modules/azure_rm_aks_module.html#azure-rm-aks-module
with Terraform : https://www.terraform.io/docs/providers/azurerm/r/kubernetes_cluster.html

Deploy workload on Kubernetes
https://kubernetes.io/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro/

Deploy, Scale And Upgrade An Application On Kubernetes With Helm
https://docs.bitnami.com/kubernetes/how-to/deploy-application-kubernetes-helm/

Scaling options for applications in Azure Kubernetes Service (AKS)
https://docs.microsoft.com/en-us/azure/aks/concepts-scale

— Implement infrastructure compliance and security —

Automate resources in your datacenter or cloud by using Hybrid Runbook Worker
https://docs.microsoft.com/en-us/azure/automation/automation-hybrid-runbook-worker

Integrate with service hooks
https://docs.microsoft.com/en-us/azure/devops/service-hooks/overview?view=azure-devops

Azure DevOps Access levels
https://docs.microsoft.com/en-us/azure/devops/organizations/security/access-levels?view=azure-devops

Module 7 – Implement continuous feedback (10-15%)

Azure Board

  • Works items (bug, feature, task…)
  • Traceability
  • Planning
  • Backlog (list ordered by priorities)
  • Sprint
  • Kanban
  • Queries

Similar solutions like Azure Board : TrelloJira

Azure Test Plans

  • Planned and exploratory testing solution
  • Capture rich data
  • Test across web and desktop
  • Get end-to-end traceability

App Insights Metrics Dashboard
https://docs.microsoft.com/en-us/azure/azure-monitor/app/overview-dashboard

Monitor the availability of any website
https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability

Dashboards, Charts, Reports, & Widgets
https://docs.microsoft.com/en-us/azure/devops/report/dashboards/?view=azure-devops

Configure a Burndown or Burnup widget
https://docs.microsoft.com/en-us/azure/devops/report/dashboards/configure-burndown-burnup-widgets?view=azure-devops

Lead time and cycle time widgets
https://docs.microsoft.com/en-us/azure/devops/report/dashboards/cycle-time-and-lead-time?view=azure-devops

Configure the Velocity widget
https://docs.microsoft.com/en-us/azure/devops/report/dashboards/team-velocity?view=azure-devops

Teams & Azure DevOps integration
https://azuredevopslabs.com/labs/vsts/teams

Feature flag driven environment
http://blog.launchdarkly.com/feature-flag-driven-development/

Feature Flag Management with LaunchDarkly and AzureDevOps
https://www.azuredevopslabs.com/labs/vstsextend/launchdarkly

Uservoice Azure DevOps integration
https://feedback.uservoice.com/knowledgebase/articles/363410-vsts-azure-devops-integration

Release Gates
https://docs.microsoft.com/en-us/azure/devops/pipelines/release/approvals/gates?view=vsts

A good incident postmortem
https://blogs.msdn.microsoft.com/bharry/2018/03/02/a-good-incident-postmortem/

Our DevOps Journey
https://stories.visualstudio.com/devops/

Additional great resources to prepare AZ 400

Azure DevOps labs (a big bunch of Azure DevOps labs)
https://azuredevopslabs.com

Azure DevOps Training Workshop 2018 (5 hours &17 minutes of video !!)
https://www.youtube.com/watch?v=6zledVXBvJs

How to Pass the AZ-400 Microsoft Azure DevOps Solutions Exam
https://azurementor.wordpress.com/2018/11/18/how-to-pass-the-az-400-microsoft-azure-devops-solutions-beta-exam

Azure DevOps AZ-400 Exam – Study Notes
https://gregorsuttie.com/2018/10/27/azure-devops-az-400-exam-study-notes/

Be prepared for questions on :

  • Azure Repos
  • TFSVC vs Git
  • Azure DevOps pipelines : Build & Release
  • Jenkins
  • Azure App Center
  • Azure Boards
  • Azure Key Vault
  • Azure Automation + PowerShell DSC
  • Azure Kubernetes Services
  • Docker Containers
  • Azure Resource Manager Templates

Hope this study guide will be useful for you. Don’t hesitate to post a comment or send me a message on Twitter @squastana or on LinkedIn
https://www.linkedin.com/in/stanislasquastana/

Last but not least, don’t forget to spend time on http://microsoft.com/learn where you can find additional materials to prepare your certification.

— Stanislas Quastana —

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)