04-Virtual Networking Flashcards
What are Azure Networking Components?
Virtual Network
Load Balancer
Application Gateway
Traffic Manager profile
Virtual network gateway
Virtual WAN
What is Virtual Network
Logically isolated section in MS Azure and securely connect it outward
Logical representation of your own network
Create dedicated private cloud-only virtual network
Securely extend your datacenter with virtual networks
Enable hybrid cloud scenarios
What is Load Balancer
Distributes incoming traffic among backend virtual machine instances
What is Application Gateway
Scalable layer-7 load balancer offering various traffic routing rules and SSL termination for backend
What is Traffic Manager profile
Allows you to control the distribution of user
What is Virtual network gateway
VPN device in your Azure virtual network and used with site-to-site and VNet-to-VNet VPN
What is Virtual WAN
Networking service that provides optimized and automated branch-to-branch
What are Subnets
Logical division within your network
Virtual network can be segmented into one or more subnets
Helps improve security, increase performance, and make it easer to manage the network
Must have unique address range - cannot overlap with other subnets in the virtual network in the subscription
What is Private IP Address
Used within an Azure virtual network (VNet) and your on-prem network when you use VPN gateway or ExpressRoute circuit to extend your network to Azure
What is Public IP Address
Used for communication with the Internet, including Azure public-facing services
Where can you associate Public IP Address
Virtual Machine - NIC
Load Balancer - Front-end configuration (Internet-facing)
VPN Gateway - Gateway IP configuration
Application Gateway - Front-end configuration
Where can you associate Private IP Address
Virtual Machine
Internal Load Balancer
Application Gateway
What is Static IP
FILL IN
What is Dynamic IP
FILL IN
What is Network Security Group
Lists the security rules that ALLOW or DENY inbound or outbound network traffic
Limits network traffic to resources in a virtual network
Associated to a subnet or a network interface
Can be associated multiple times
What are Network Security Group (NSG) Rules
Enable you to filter network traffic that can flow in and out of virtual network subnets and network interfaces
There are default security rules. You cannot delete the default rules, but you can add other rules with a higher priority
Lower the number, Higher the priority
What are NSG Effective Rules
Evaluated independently for the subnet and NIC
“allow” rule must exist at both levels for traffic to be admitted
Use the Effective Rules link if you are not sure which security rules are being applied
How to create NSG rules
Specify
Service - destination protocol and port range for this rule
Port ranges - single port or multiple ports
Priority - lower the number, higher the priority
What is Azure Firewall
Fully stateful firewall as a service
Built-in high available with unrestricted cloud scalability
Create, enforce, log application and network connectivity policies
Threat intelligence-based filtering
Fully integrated with Azure Monitoring for logging and analytics
Support for hybrid connectivity through deployment behind VPN and ExpressRoute Gateways
How you implement firewall
Hub-and-spoke topology is recommended
Shared services are placed in the hub virtual network
Each environment is deployed to a spoke to maintain isolation
What are NAT rules
Translate Public IP address to Private IP address
What are Network rules
Allow HTTP and non-HTTP traffic.
Configure rules that contain src addr, prototols, dst ports and dst addresses.
What are Application rules
Configure fully qualified domain names (FQNDs) that can be accessed from a subnet
When is Azure AD domain created
When you create Azure subscription then an Azure AD domain is created for you
Initial domain name in the form domainname.onmicrosoft.com
You can customize/change the name
After custom name is added it must be verified
Verify the Custom Domain Name does what?
Demonstrates ownership of the domain name
Adds a DNS record (MX or TXT) that is provided by Azure into your company’s DNS zone
Azure will query the DNS domain for the presence of the record
Can take several minutes or several hours
Azure DNS Zones
DNS zone hosts the DNS records for a domain
Name of zone must be unique within the resource group
Where multiple zones share the same name, each instance is assigned different name server address
Root/Parent domain is registered at the registrar and pointed to Azure NS
What is NS
Name Server, i.e. where DNS records exist
What is DNS Delegation
When delegating a domain to Azure DNS, you must use the name server names provided by Azure DNS - use all four
Once DNS zone is created, update the parent registrar
For child zones, register the NS records in the parent domain
What is DNS Records Set
Collection of records in a zone that have the same name are are the same type
Can add up to 20 records to any record set
Record set cannot contain two identical records
Changing the drop-down Type changes the information required
DNS for Private Domains
Use your own custom domain names
Provides name resolutions for VMs within a VNet and between VNets
Automatic hostname record management
Removes the need for custom DNS solutions
Use all common DNS record types
Available in all Azure regions
