(2) Describe Azure compute and networking services

Question 1

These are lightweight and designed to be created, scaled out, and stopped dynamically; they allow you to respond to changes on demand; the most popular version of this is Docker.

Answer 1

Container

Question 2

What is used to create solutions within containers?

Answer 2

Microservice Architecture

Question 3

Use Case: You might split a website into a container hosting your front end, another hosting your back end, and a third for storage. This split allows you to separate portions of your app into logical sections that can be maintained, scaled, or updated independently.

Answer 3

Microservice Architecture - Containers (Example)

Question 4

Use Case: Imagine your website back-end has reached capacity but the front end and storage aren’t being stressed. With this you could scale the back-end separately to improve performance. If something necessitated such a change, you could also choose to change the storage service or modify the front-end without impacting any of the other components.

Answer 4

Microservice Architecture - Containers (Example)

Question 5

An event driven, server-less compute option that doesn’t require maintaining virtual machines. If you build an app using VMs or containers, those resources have to be “running” in order for your app to function. With this service, an event wakes up the this service, alleviating the need to keep resources provisioned when there are no events.

Answer 5

Azure Functions

Question 6

Use Case: When your company is only concerned about the code running your service and not about the underlying platform or infrastructure. This service runs your code when it’s triggered and automatically deallocates resources when the function is finished.

Answer 6

Azure Function(s) - Example

Question 7

When they are in this mode (default), the service behaves as if they’re restarted every time they respond to an event.

Answer 7

Stateless Azure Function

Question 8

When they are in this mode (Durable), a context is passed through the function to track prior activity.

Answer 8

Stateful Azure Function

Question 9

T/F: Functions are NOT a key component of server-less computing.

Answer 9

FALSE: They are a key component. If the needs of the developer’s app change, you can deploy the project in an environment that isn’t server-less. This flexibility allows you to manage scaling, run on virtual networks, and even completely isolate the functions.

Question 10

VM Use Case: During Testing and Development

Answer 10

They are quick and easy to create different OS and application configurations. Personnel can then easily delete the VMs when they no longer need them.

Question 11

VM Use Case: When running applications in the Cloud

Answer 11

Applications may need to handle fluctuations in demand (starting up VMs or shutting them down during low use periods).

Question 12

VM Use Case: When extending your Datacenter to the Cloud

Answer 12

Apps like Sharepoint can run on AZ VM instead of running locally, making it easier and less expensive to deploy than in an on-prem environment.

Question 13

VM Use Case: During disaster recovery

Answer 13

If a primary datacenter fails, you can create VMs running on Azure to run your critical applications and then shut them down when the primary datacenter become operational again.

Question 14

What service would Azure VMs be categorized as?

Answer 14

IaaS (Infrastructure as a Service)

Question 15

Total control over the operating system (OS); the ability to run custom software; To use custom hosting configurations; customer still needs to configure, update and maintain the software running.

Answer 15

Azure Virtual Machines

Question 16

A template used to create a VM and may already include an OS and other software, like development tools or web hosting environments.

Answer 16

Image

Question 17

These let you create and manage a group of identical, load-balanced VMs.

Answer 17

Virtual Machine Scale Sets

Question 18

Automates configs, network routing parameters, and monitors utilization to determine if you need to increase or decrease the number of machines being used; Allows you centrally manage, configure, and update a large number of machines; Automatically deploy a load balancer to make sure that your resources are being used efficiently.

Answer 18

Benefits of Virtual Machines

Question 19

These are designed to ensure that VMs stagger updates and have varied power and network connectivity, preventing you from losing all your VMs with a single network or power failure.

Answer 19

Virtual Machine Availability Sets

Question 20

Groups of VMs that can be rebooted at the same time, allows you to apply updates while knowing that only on update domain grouping will be offline at a time.

Answer 20

Update Domain

Question 21

Groups your VMs by commong power source and network switch. This will split your VMs across up to three areas, helping protect against physical power or networking failures by having VMs in different fault domains.

Answer 21

Fault Domain

Question 22

This service allows you to use a cloud-hosted version of Windows from any location; it works across devices and operating systems, and works with apps that you can use to access remote desktops or most modern browsers.

Answer 22

Azure Virtual Desktop

Question 23

How does Azure Virtual Desktop enhance security?

Answer 23

It enables MFA; uses RBACs; the data and the apps are seaparatd from the local hardware. The actual desktop and apps are running in the cloud, meaning the risk of confidential data being left on a personal device is reduced.

Question 24

What are the 3 resources required for Virtual Machines?

Answer 24

1. Size (purpose, number of processor cores, and amount of RAM); 2. Storage Disks (hard disk drives, solid state drives, etc.); 3. Networking (virtual network, public IP addresses, and port configuration)

Question 25

What are the two options that you can choose for Application Hosting?

Answer 25

1. Virtual Machines (VMs); 2. Containers

Question 26

VMs give you maximum control of the hosting environment and allow you to configure it exactly how you want.

Answer 26

Benefits of Application Hosting with VM

Question 27

These give you the ability to isolate and individually manage different aspects of the host solution.

Answer 27

Benefits of Application Hosting with Containers

Question 28

This service allows you the ability to build and host web apps, background jobs, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure.

Answer 28

Azure Application (App) Services

Question 29

It offers automatically scaling and high availability; it supports Windows and Linux; it enables automate deployments in order to support a continuous deployment model; it is an HTTP-based service that supports multiple programming languages.

Answer 29

Benefits of using the Azure App Services

Question 30

These enable Azure resources, such as VMs, Web Apps, and databases, to communicate with each other, with users on the internet, and with your on-premises client computers.

Answer 30

Virtual Networks

Question 31

When you set-up a virtual network, you define a private IP address space by using either public or private IP address ranges. The IP range only exists within the virtual network and isn't internet routable. You can divide that IP address space into subnets and allocate part of the defined address space to each named subnet.

Answer 31

Isolation and Segmentation: Benefits of Virtual Networks

Question 32

You can enable incoming connections from the internet by assigning a public IP address to an Azure resource, or putting the resource behind a public load balancer.

Answer 32

Internet Communications: Benefits of Virtual Networks

Question 33

These can connect to the other Azure resource types, such as Azure SQL databases and storage accounts. This approach enables you to link multiple Azure resources to virtual networks to improve security and provide optimal routing between resources.

Answer 33

Service Endpoints

Question 34

What are the 3 ways you can communicate with on-premises resources?

Answer 34

1. P2S VPN (Point-to-Site Virtual Private Network); 2. S2S VPN (Site-to-Site Virtual Private Network; 3. Azure ExpressRoute

Question 35

Connections are from a computer outside your organization back into your coporate network. In this case, the client computer initiates an encrypted VPN connection to connect to the Azure Virtual Network.

Answer 35

P2S VPN (Point-to-Site Virtual Private Network)

Question 36

This links your on-premises VPN device or gateway to the Azure VPN gateway in a virtual network. In effect, the devices in Azure can appear as being on the local network. The connection is encrypted and works over the internet.

Answer 36

S2S VPN (Site-to-Site Virtual Private Network

Question 37

This provides a dedicated private connectivity to Azure that doesn't travel over the internet. It is useful for environments where you need greater bandwidth and even higher levels of security.

Answer 37

Azure ExpressRoute

Question 38

Routing tables allow you to define the rules about how traffic should be directed and the Border Gateway Protocol (BGP) works with Azure VPN gateways to propagate on-premises BGP routes.

Answer 38

Routing Network Traffic: Benefits of Virtual Networks

Question 39

This allows two virtual networks to connect directly to each other. The network traffic between these two networks is private, and travels on the Microsoft backbone network, never entering the public internet. It also enables resources in each virtual network to communicate with each other.

Answer 39

Virtual Network Peering

Question 40

These instances are deployed in a dedicated subnet of the virtual network and enable the following connectivity: VPNs, S2S, P2S, N2N

Answer 40

VPN Gateway

Question 41

These use encrypted tunnel within another network. Typically deployed to connect two or more trusted private networks to one another over an untrusted network (typically the public internet).

Answer 41

Virtual Private Network (VPN)

Question 42

These specify statically the IP address of packets that should be encrypted through each tunnel. This type of device evaluates every data packet against those sets of IP addresses to choose the tunnel where that packet is going to be sent.

Answer 42

Policy-Based VPN Gateway

Question 43

IP routing (either static routes or dynamic routing protocols) decides which one of these tunnel interfaces to use when sending each packet. Route-based VPNs are the preferred connection method for on-premises devices. They're more resilient to topology changes such as the creation of new subnets.

Answer 43

Route-Based VPN Gateway

Question 44

What gateway will you need to use if you need any of the following connection types: Connections between virtual networks, P2S, Multisite connections or Azure ExpressRoute.

Answer 44

Route-Based VPN Gateway

Question 45

Use Case: When planed maintenance or unplanned maintenance affects the active instance, the standby instance automatically assumes the responsibility for connections without any user intervention. Connections are interrupted during the failover, but they're typically restored within a few seconds for planned maintenance and with 90 seconds for unplanned disruptions.

Answer 45

High Availability Scenario: Active / Standby

Question 46

Use Case: In this configuration, you assign a unique public IP address to each instance. You then create separate tunnels from the on-premises device to each IP address. You can extend the high availability by deploying an additional VPN device on-premises.

Answer 46

High Availability Scenario: Active / Active

Question 47

Use Case: In this case, where there's risk associated with an outage of an ExpressRoute circuit, you can also provision a VPN gateway that uses the internet as an alternative method of connectivity. In this way, you can ensure there's always a connection to the virtual networks.

Answer 47

High Availability Scenario: ExpressRoute Failover

Question 48

Use Case: this physically and logically separates gateways within a region while protecting your on-premises network connectivity to Azure from zone-level failures. These gateways require different gateway stock keeping units (SKUs) and use Standard Public IP addresses instead of Basic Public IP addresses.

Answer 48

High Availability Scenario: Zone-Redundant Gateways

Question 49

This service lets you extend your on-premises networks into the Microsoft cloud over a private connection, with the help of a connectivity provider.

Answer 49

Azure ExpressRoute

Question 50

What are the benefits of Azure ExpressRoute?

Answer 50

Global Reach/Connectivity, Dynamic Routing, & built-in Redundancy.

Question 51

Use Case: Say you have an office in Asia and a datacenter in Europe, both with this Azure Service and its circuits connecting them to the Microsoft network. You could use the Global Reach to connect those two facilities, allowing them to communicate without transferring data over the public internet.

Answer 51

Azure ExpressRoute

Question 52

Connectivity Models: this refers to your datacenter, office, or other facility being physically co-located at a cloud exchange such as an ISP. If this is the case, you can request a virtual cross-connect to the Microsoft cloud.

Answer 52

Co-Location at a Cloud Exchange

Question 53

This refers to using a physical connection to your facility and the Microsoft cloud.

Answer 53

P2P (Point-to-Point)

Question 54

This allows you to integrate your WAN with Azure by providing connections to your offices and datacenters.

Answer 54

Any-to-Any Networks

Question 55

The ability to connect directly into the Microsoft's global network at a peering location strategically distributed across the world. It provides dual 100 Gbps or 10 Gbps connectivity, which supports Active / Active connectivity scale.

Answer 55

Azure ExpressRoute Direct

Question 56

What are the benefits of Azure DNS services?

Answer 56

Reliability & Performance (uses anycasting networking so each DNS query is answered by the closest available DNS server); Security (RBAC, monitoring logs, resource locking for subscriptions); Ease of use (can access and adjust from Azure Portal, Azure Powershell cmdlets, and Azure CLI); Alias Record (If the IP address of the underlying resource changes, the alias record set seamlessly updates itself during DNS resolution.

Question 57

These have public IP address and can be accessed from anywhere in the world.

Answer 57

Public Endpoints

Question 58

Exist within a virtual network and have a private IP address from within the address space of that virtual network.

Answer 58

Private Endpoints