Azure Compute and Networking Services

Question 1

What are the technical service pillars of Azure?

Answer 1

• compute services
• Networking services
• Storage services
• Database services

Question 2

What are Compute Services?

Answer 2

• the desire is to execute a type of code in the cloud

Question 3

What Compute types exist in Azure?

Answer 3

• Virtual Machines (VM)
• VM Scale Sets (VMSS)
• App Services (Web apps)
• Azure Container Instances (ACI)
• Azure Container Apps
• Azure Kubernetes Service (AKS)
• Azure Virtual Desktop
• about a dozen in total

Question 4

What are Virtual Machines in Azure?

Answer 4

• single physical machine subdivided into slices and you get to rent a slice of it
• virtual machine
• Infrastructure as a Service
• full control over it, as if it were your machine
• Windows or Linux OS

Question 5

How many options exist for Virtual Machine Types?

Answer 5

• over 700 to choose from
• number of CPU cores, CPU speed, RAM size, temporary disk size, IOPS, etc

Question 6

How do you scale Azure VMs?

Answer 6

• increase the size of a vm, 4 to 8 vCPU, up to 64 vCPUs or higher (scale up)
• add more VMs and have them work together to handle the work (scale out)

Question 7

What is a Virtual Machine Scale Set (VMSS) and what does it do?

Answer 7

• group of virtual machines that can grow and shrink in quantity based on predefined rule
• Elasticity
• two or more virtual machines running the exact same code
• can handle up to 100 VMs in a single scale set
• can scale up to 1000 VMs

Question 8

How do VMSS decide when to scale up/down/out/in?

Answer 8

• usually based on monitoring demand
• can be based on time (schedule)
• can be based on many other factors

Question 9

What are Availability Sets? When are they used?

Answer 9

• only applicable to multiple Virtual Machines that have an identical function
• you want to signal Azure to keep them seperated from each other
• Fault isolation:
• > if something bad were to happen it should only happen to one machine
• > puts them on seperate fault domains and seperate update domains
  -> update one at a time, not all together
  -> keeps them physically seperate to provide reliability/availability

Question 10

What are fault domains?

Answer 10

• is some type of outage
• could be a power or network outage that is going to affect a group of computers/ a reck with 300 VMs

Question 11

What are update domains?

Answer 11

• planned outtages
• beside this, like fault domain
• ## when a new version of the platform is rolled out, not all are rollout out at once, first update domain 1, then 2, …

Question 12

What are Proximity Groups?

Answer 12

• opposite of Availability Sets
• multiple VMs with identical function
• arranged in Virtual Machine Scale Set
• you want them placed together
• trade-off: less availability for more performance
• fastest inter-server communication

Question 13

What are App Services (Web Apps)?

Answer 13

• new paradigm for running code in cloud / cloud native
• give code and configuration to Azure and they will run it
• promise of performance but no access to hardware
• Platform as a Service (PaaS)

Question 14

What are Container Services?

Answer 14

• containers contain everything the apps needs to run in a “container image”
• fastest and easiest to deploy
• Azure Container Instance (ACI) - single instance, quickest way to deploy a container
• Azure Container Apps - easy to use like a web service, with advanced features
• Azure Kubernetes Service (AKS) - runs on a cluster of servers, enterprise-grade

Question 15

What is Azure Virtual Desktop

Answer 15

• desktop version of windows that runs in the cloud
• your software installed, your files available from everywhere
• can even see your desktop on iOS and Android or from any other web browser
• Runs on azure

Question 16

What are Azure Functions?

Answer 16

• small pieces of code that run entirely in the cloud
• usually Utility functions - does something specific in a finite amount of time
• triggered by something happening (HTTP call, timer, blob creation, message queue, …)
• very inexpensive (free tier - one million executions per month free)
• can support more complicated design (durable functions, long-running functions, premium or dedicated hosting options)

Question 17

Describe an example for an Azure function

Answer 17

• small piece of code that runs every day at 12am and summarizes yesterday’s data
• small piece of code that checks a blob container for new files and does something every time it find a new one
• a small piece of code that runs every 6 hours and retrieves the latest weather forecast from a publicly accessible weather API

Question 18

How does Azure deal with Networking?

Answer 18

• called Virtual Networks, VNets
• by default, two VMs in Azure are not allowed to talk to each other
• Virtual networks can be used to set up connectivity between VMs
• Infrastructure as a Service
• have an analogue to physical networks
• effectively a database entry in a table that established the path between VM A and VM B

Question 19

Describe VNets

Answer 19

• at creation assigned an address space of either IPv4 or IPv6 addresses or both
• these are private addresses, which cannot be accessed from outside of Azure or other networks inside Azure
• a signle VNet is usually assigned a large quantity of address space to support potential future growth
• there is no shortage of private IP addresses

Question 20

What are Subnets?

Answer 20

• VNets are subdevided into one or more subnets
• subnet is assigned a range of IP addresses which must exist in the address space of the parent VNet
• usually there is a security layer between subnets, traffic must match a predefined rule set to pass

Question 21

How do VMs interact with VNets?

Answer 21

• all VMs must belong to at least one subnet, using a Network Interface Card (NIC)
• some VMs have more than one NIC and can connect to more than one subnet
• VMs can optionally be assigned public IP, which makes it eligible to be accesses from outside Azure (subnet to security/firewalls)

Question 22

What are Network Security Groups? What are rules based on?

Answer 22

• also called NSG
• an access control list (ACL) that blocks traffic inbound and outbound from a subnet unless it matches certain rules
• rules are based on source IP, source port, destination IP, destination port and protocol (5-tuple match)

Question 23

How do NSGs work?

Answer 23

• can allow communication between different subnets on the same network through adding specific NSG rules
• no traffic passed the NSG filter unless an “ALLOW” rule matches
• “Deny” rules also exist
• rules have priorities and the highest priority rule that matches is the one that applies

Question 24

How can you enable one virtual machine to talk to another virtual machine on a completely different network?

Answer 24

• can’t be done using NSGs
• one solution is called Peering
• you can set up a Peering relationship between two subnets on different networks
• this allows communication between vms on both networks
• one requirement: cannot have conflicting IP addresses

Question 25

What is understood unter Azure DNS?

Answer 25

• DNS stands for Domain Name System
• you can give your IP addresses names using DNS
• DNS only applies internally to Azure to applied Networks

Question 26

What is the Azure VPN Gateway?

Answer 26

• VPN = Virtual Private Network
• allows communication between a workstation and a network or between two networks
• encrypts traffic between those two points

Question 27

What is important about the inside/outside of Azure in regards to VPNs?

Answer 27

• from outside of Azure, VPNs require a physical device to be installed
• Inside of Azure, you can install a VPN Gateway as a virtual device on your network
• VPN Gateway requires its own subnet

Question 28

What is P2S in relation to VPN?

Answer 28

• “Point to Site”
• desktop computer is “point” and companys network is “site”

Question 29

How can two networks be connected through VPN devices?

Answer 29

• through VPN Peering
• “Site to Site” VPN -> S2S
• can connect an entire office of computers to an Azure subnet
• or two offices together

Question 30

What is ExpressRoute in Azure?

Answer 30

• like a VPN but faster
• private connection from your Internet Service Provider to Azures Internet Service Provider
• bypasses public internet