05-Intersite Connectivity Flashcards
What is VNet peering
Connects two Azure virtual networks
Easy to setup, seamless data transfer, and great performance
What are two types of VNet Peering
Regional and Global
What does VNet Peering use for privacy and isolation
They use Azure backbone
Across what can you VNet peer
You can peer across subscriptions and tenants
What does Gateway Transit and Connectivity allow
Allows peered virtual networks to share the gateway and get access to resources
No VPN gateway is required in the peered virtual network
Default VNet peering provides full conectivity
How to configure VNet Peering
- Allow virtual network access settings
2. Configure forwarded traffic settings
What is Service Chaining?
Leverage user-defined routes and services chaining to implement custom routing
Implement VNet hub with a network virtual appliance or a VPN gateway
Enables to you direct traffic from one virtual network to a virtual appliance, or a virtual network gateway in a peered virtual network, through user-defined routes
Site-to-site connections
Connect on-prem datacenters to Azure virtual networks
VNet-to-VNet connections
Connect Azure virtual networks (custom)
Point-to-site (User VPN) connections
Connect individual devices to Azure virtual networks
How to implement Site-to-Site VPM Connections
- Create VNets and Subnets
- Specify DNS Server
- Create Gateway Subnet
- Create VPN Gateway
- Create Local Network Gateway
- Configure VPN Device
- Create VPN Connection
Where to deploy Azure Firewall Subnet
Deploy into subnet called the “Firewall subnet”
Where to deploy VPN gateway
Deploy into subnet called the “Gateway subnet”
VPN Gateway Configuration
Most VPN types are Route Based
Choice of gateway SKY affects the number of connection you can have and the aggregate throughput benchmark
Associate a virtual network that includes the gateway subnet
Gateway needs a public IP address
VPN types
- Route Based
2. Policy Based
What is SKU
Stock Keeping Unit
Route-based VPN
fill in
Policy-based VPN
fill in
Local Network Gateway
Defines on-prem network configuration
Gives site a name by which Azure can refer to it
Use public IP address or FQDN for Local Ne
fill in
Configure on-prem VPN Device
Consult list of supported VPN devices
VPN device configuration script may be available
Remember the SHARED KEY for Azure connection
Specify IP Address
Create VPN Connectioin
Create connection object
Configure name for connection and specify as site-to-site
Fill in
How are VPN gateways deployed
As two instances, Active and Standby
ExpressRoute
Private route from on-prem to Microsoft datacenter
Connection do not go over Internet (goes over Partner network)
What are ExpressRoute Capabilities
Layer 3 connectivity with redundancy
Connectivity to all regions within a geography
Global connectivity with ExpressRoute premium add-on
Across on-prem connectivity with ExpressRoute Global Reach
Bandwidth options - 50 Mbps to 100 Gbps
Billing models - Unlimited, metered, premium
How can Site-to-Site and ExpressRoute coexist
Yes, use S2S as secure failover path for ExpressRoute
S2S to connect to sites that are not connected with ExpressRoute
Two VNet gateways for the same virtual network
Different Intersite Connections
Virtual network, point-to-site
Virtual network, site-to-site
ExressRoute
What are Virtual WANs
Brings together S2S, P2S, and ExpressRoute
Integrated connectivity using hub-and-spoke connectivity model
Connect virtual networks and workloads to the Azure hub automatically
Visualize the end-to-end flow within Azure
Two types: Basic and Standard
