(2) Describe Azure compute and networking services Flashcards
(2) Describe Azure Architecture and Services
These are lightweight and designed to be created, scaled out, and stopped dynamically; they allow you to respond to changes on demand; the most popular version of this is Docker.
Container
What is used to create solutions within containers?
Microservice Architecture
Use Case: You might split a website into a container hosting your front end, another hosting your back end, and a third for storage. This split allows you to separate portions of your app into logical sections that can be maintained, scaled, or updated independently.
Microservice Architecture - Containers (Example)
Use Case: Imagine your website back-end has reached capacity but the front end and storage aren’t being stressed. With this you could scale the back-end separately to improve performance. If something necessitated such a change, you could also choose to change the storage service or modify the front-end without impacting any of the other components.
Microservice Architecture - Containers (Example)
An event driven, server-less compute option that doesn’t require maintaining virtual machines. If you build an app using VMs or containers, those resources have to be “running” in order for your app to function. With this service, an event wakes up the this service, alleviating the need to keep resources provisioned when there are no events.
Azure Functions
Use Case: When your company is only concerned about the code running your service and not about the underlying platform or infrastructure. This service runs your code when it’s triggered and automatically deallocates resources when the function is finished.
Azure Function(s) - Example
When they are in this mode (default), the service behaves as if they’re restarted every time they respond to an event.
Stateless Azure Function
When they are in this mode (Durable), a context is passed through the function to track prior activity.
Stateful Azure Function
T/F: Functions are NOT a key component of server-less computing.
FALSE: They are a key component. If the needs of the developer’s app change, you can deploy the project in an environment that isn’t server-less. This flexibility allows you to manage scaling, run on virtual networks, and even completely isolate the functions.
VM Use Case: During Testing and Development
They are quick and easy to create different OS and application configurations. Personnel can then easily delete the VMs when they no longer need them.
VM Use Case: When running applications in the Cloud
Applications may need to handle fluctuations in demand (starting up VMs or shutting them down during low use periods).
VM Use Case: When extending your Datacenter to the Cloud
Apps like Sharepoint can run on AZ VM instead of running locally, making it easier and less expensive to deploy than in an on-prem environment.
VM Use Case: During disaster recovery
If a primary datacenter fails, you can create VMs running on Azure to run your critical applications and then shut them down when the primary datacenter become operational again.
What service would Azure VMs be categorized as?
IaaS (Infrastructure as a Service)
Total control over the operating system (OS); the ability to run custom software; To use custom hosting configurations; customer still needs to configure, update and maintain the software running.
Azure Virtual Machines
A template used to create a VM and may already include an OS and other software, like development tools or web hosting environments.
Image
These let you create and manage a group of identical, load-balanced VMs.
Virtual Machine Scale Sets
Automates configs, network routing parameters, and monitors utilization to determine if you need to increase or decrease the number of machines being used; Allows you centrally manage, configure, and update a large number of machines; Automatically deploy a load balancer to make sure that your resources are being used efficiently.
Benefits of Virtual Machines
These are designed to ensure that VMs stagger updates and have varied power and network connectivity, preventing you from losing all your VMs with a single network or power failure.
Virtual Machine Availability Sets
Groups of VMs that can be rebooted at the same time, allows you to apply updates while knowing that only on update domain grouping will be offline at a time.
Update Domain
Groups your VMs by commong power source and network switch. This will split your VMs across up to three areas, helping protect against physical power or networking failures by having VMs in different fault domains.
Fault Domain
This service allows you to use a cloud-hosted version of Windows from any location; it works across devices and operating systems, and works with apps that you can use to access remote desktops or most modern browsers.
Azure Virtual Desktop
How does Azure Virtual Desktop enhance security?
It enables MFA; uses RBACs; the data and the apps are seaparatd from the local hardware. The actual desktop and apps are running in the cloud, meaning the risk of confidential data being left on a personal device is reduced.
What are the 3 resources required for Virtual Machines?
- Size (purpose, number of processor cores, and amount of RAM); 2. Storage Disks (hard disk drives, solid state drives, etc.); 3. Networking (virtual network, public IP addresses, and port configuration)
What are the two options that you can choose for Application Hosting?
- Virtual Machines (VMs); 2. Containers
VMs give you maximum control of the hosting environment and allow you to configure it exactly how you want.
Benefits of Application Hosting with VM
These give you the ability to isolate and individually manage different aspects of the host solution.
Benefits of Application Hosting with Containers
This service allows you the ability to build and host web apps, background jobs, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure.
Azure Application (App) Services
It offers automatically scaling and high availability; it supports Windows and Linux; it enables automate deployments in order to support a continuous deployment model; it is an HTTP-based service that supports multiple programming languages.
Benefits of using the Azure App Services
These enable Azure resources, such as VMs, Web Apps, and databases, to communicate with each other, with users on the internet, and with your on-premises client computers.
Virtual Networks
When you set-up a virtual network, you define a private IP address space by using either public or private IP address ranges. The IP range only exists within the virtual network and isn’t internet routable. You can divide that IP address space into subnets and allocate part of the defined address space to each named subnet.
Isolation and Segmentation: Benefits of Virtual Networks
You can enable incoming connections from the internet by assigning a public IP address to an Azure resource, or putting the resource behind a public load balancer.
Internet Communications: Benefits of Virtual Networks
These can connect to the other Azure resource types, such as Azure SQL databases and storage accounts. This approach enables you to link multiple Azure resources to virtual networks to improve security and provide optimal routing between resources.
Service Endpoints
What are the 3 ways you can communicate with on-premises resources?
- P2S VPN (Point-to-Site Virtual Private Network); 2. S2S VPN (Site-to-Site Virtual Private Network; 3. Azure ExpressRoute
Connections are from a computer outside your organization back into your coporate network. In this case, the client computer initiates an encrypted VPN connection to connect to the Azure Virtual Network.
P2S VPN (Point-to-Site Virtual Private Network)
This links your on-premises VPN device or gateway to the Azure VPN gateway in a virtual network. In effect, the devices in Azure can appear as being on the local network. The connection is encrypted and works over the internet.
S2S VPN (Site-to-Site Virtual Private Network
This provides a dedicated private connectivity to Azure that doesn’t travel over the internet. It is useful for environments where you need greater bandwidth and even higher levels of security.
Azure ExpressRoute
Routing tables allow you to define the rules about how traffic should be directed and the Border Gateway Protocol (BGP) works with Azure VPN gateways to propagate on-premises BGP routes.
Routing Network Traffic: Benefits of Virtual Networks
This allows two virtual networks to connect directly to each other. The network traffic between these two networks is private, and travels on the Microsoft backbone network, never entering the public internet. It also enables resources in each virtual network to communicate with each other.
Virtual Network Peering
These instances are deployed in a dedicated subnet of the virtual network and enable the following connectivity: VPNs, S2S, P2S, N2N
VPN Gateway
These use encrypted tunnel within another network. Typically deployed to connect two or more trusted private networks to one another over an untrusted network (typically the public internet).
Virtual Private Network (VPN)
These specify statically the IP address of packets that should be encrypted through each tunnel. This type of device evaluates every data packet against those sets of IP addresses to choose the tunnel where that packet is going to be sent.
Policy-Based VPN Gateway
IP routing (either static routes or dynamic routing protocols) decides which one of these tunnel interfaces to use when sending each packet. Route-based VPNs are the preferred connection method for on-premises devices. They’re more resilient to topology changes such as the creation of new subnets.
Route-Based VPN Gateway
What gateway will you need to use if you need any of the following connection types: Connections between virtual networks, P2S, Multisite connections or Azure ExpressRoute.
Route-Based VPN Gateway
Use Case: When planed maintenance or unplanned maintenance affects the active instance, the standby instance automatically assumes the responsibility for connections without any user intervention. Connections are interrupted during the failover, but they’re typically restored within a few seconds for planned maintenance and with 90 seconds for unplanned disruptions.
High Availability Scenario: Active / Standby
Use Case: In this configuration, you assign a unique public IP address to each instance. You then create separate tunnels from the on-premises device to each IP address. You can extend the high availability by deploying an additional VPN device on-premises.
High Availability Scenario: Active / Active
Use Case: In this case, where there’s risk associated with an outage of an ExpressRoute circuit, you can also provision a VPN gateway that uses the internet as an alternative method of connectivity. In this way, you can ensure there’s always a connection to the virtual networks.
High Availability Scenario: ExpressRoute Failover
Use Case: this physically and logically separates gateways within a region while protecting your on-premises network connectivity to Azure from zone-level failures. These gateways require different gateway stock keeping units (SKUs) and use Standard Public IP addresses instead of Basic Public IP addresses.
High Availability Scenario: Zone-Redundant Gateways
This service lets you extend your on-premises networks into the Microsoft cloud over a private connection, with the help of a connectivity provider.
Azure ExpressRoute
What are the benefits of Azure ExpressRoute?
Global Reach/Connectivity, Dynamic Routing, & built-in Redundancy.
Use Case: Say you have an office in Asia and a datacenter in Europe, both with this Azure Service and its circuits connecting them to the Microsoft network. You could use the Global Reach to connect those two facilities, allowing them to communicate without transferring data over the public internet.
Azure ExpressRoute
Connectivity Models: this refers to your datacenter, office, or other facility being physically co-located at a cloud exchange such as an ISP. If this is the case, you can request a virtual cross-connect to the Microsoft cloud.
Co-Location at a Cloud Exchange
This refers to using a physical connection to your facility and the Microsoft cloud.
P2P (Point-to-Point)
This allows you to integrate your WAN with Azure by providing connections to your offices and datacenters.
Any-to-Any Networks
The ability to connect directly into the Microsoft’s global network at a peering location strategically distributed across the world. It provides dual 100 Gbps or 10 Gbps connectivity, which supports Active / Active connectivity scale.
Azure ExpressRoute Direct
What are the benefits of Azure DNS services?
Reliability & Performance (uses anycasting networking so each DNS query is answered by the closest available DNS server); Security (RBAC, monitoring logs, resource locking for subscriptions); Ease of use (can access and adjust from Azure Portal, Azure Powershell cmdlets, and Azure CLI); Alias Record (If the IP address of the underlying resource changes, the alias record set seamlessly updates itself during DNS resolution.
These have public IP address and can be accessed from anywhere in the world.
Public Endpoints
Exist within a virtual network and have a private IP address from within the address space of that virtual network.
Private Endpoints
