Azure Compute and Networking Services Flashcards
1
Q
What are the technical service pillars of Azure?
A
- compute services
- Networking services
- Storage services
- Database services
2
Q
What are Compute Services?
A
- the desire is to execute a type of code in the cloud
3
Q
What Compute types exist in Azure?
A
- Virtual Machines (VM)
- VM Scale Sets (VMSS)
- App Services (Web apps)
- Azure Container Instances (ACI)
- Azure Container Apps
- Azure Kubernetes Service (AKS)
- Azure Virtual Desktop
- about a dozen in total
4
Q
What are Virtual Machines in Azure?
A
- single physical machine subdivided into slices and you get to rent a slice of it
- virtual machine
- Infrastructure as a Service
- full control over it, as if it were your machine
- Windows or Linux OS
5
Q
How many options exist for Virtual Machine Types?
A
- over 700 to choose from
- number of CPU cores, CPU speed, RAM size, temporary disk size, IOPS, etc
6
Q
How do you scale Azure VMs?
A
- increase the size of a vm, 4 to 8 vCPU, up to 64 vCPUs or higher (scale up)
- add more VMs and have them work together to handle the work (scale out)
7
Q
What is a Virtual Machine Scale Set (VMSS) and what does it do?
A
- group of virtual machines that can grow and shrink in quantity based on predefined rule
- Elasticity
- two or more virtual machines running the exact same code
- can handle up to 100 VMs in a single scale set
- can scale up to 1000 VMs
8
Q
How do VMSS decide when to scale up/down/out/in?
A
- usually based on monitoring demand
- can be based on time (schedule)
- can be based on many other factors
9
Q
What are Availability Sets? When are they used?
A
- only applicable to multiple Virtual Machines that have an identical function
- you want to signal Azure to keep them seperated from each other
- Fault isolation:
- > if something bad were to happen it should only happen to one machine
- > puts them on seperate fault domains and seperate update domains
-> update one at a time, not all together
-> keeps them physically seperate to provide reliability/availability
10
Q
What are fault domains?
A
- is some type of outage
- could be a power or network outage that is going to affect a group of computers/ a reck with 300 VMs
11
Q
What are update domains?
A
- planned outtages
- beside this, like fault domain
- ## when a new version of the platform is rolled out, not all are rollout out at once, first update domain 1, then 2, …
12
Q
What are Proximity Groups?
A
- opposite of Availability Sets
- multiple VMs with identical function
- arranged in Virtual Machine Scale Set
- you want them placed together
- trade-off: less availability for more performance
- fastest inter-server communication
13
Q
What are App Services (Web Apps)?
A
- new paradigm for running code in cloud / cloud native
- give code and configuration to Azure and they will run it
- promise of performance but no access to hardware
- Platform as a Service (PaaS)
14
Q
What are Container Services?
A
- containers contain everything the apps needs to run in a “container image”
- fastest and easiest to deploy
- Azure Container Instance (ACI) - single instance, quickest way to deploy a container
- Azure Container Apps - easy to use like a web service, with advanced features
- Azure Kubernetes Service (AKS) - runs on a cluster of servers, enterprise-grade
15
Q
What is Azure Virtual Desktop
A
- desktop version of windows that runs in the cloud
- your software installed, your files available from everywhere
- can even see your desktop on iOS and Android or from any other web browser
- Runs on azure
16
Q
What are Azure Functions?
A
- small pieces of code that run entirely in the cloud
- usually Utility functions - does something specific in a finite amount of time
- triggered by something happening (HTTP call, timer, blob creation, message queue, …)
- very inexpensive (free tier - one million executions per month free)
- can support more complicated design (durable functions, long-running functions, premium or dedicated hosting options)
17
Q
Describe an example for an Azure function
A
- small piece of code that runs every day at 12am and summarizes yesterday’s data
- small piece of code that checks a blob container for new files and does something every time it find a new one
- a small piece of code that runs every 6 hours and retrieves the latest weather forecast from a publicly accessible weather API
18
Q
How does Azure deal with Networking?
A
- called Virtual Networks, VNets
- by default, two VMs in Azure are not allowed to talk to each other
- Virtual networks can be used to set up connectivity between VMs
- Infrastructure as a Service
- have an analogue to physical networks
- effectively a database entry in a table that established the path between VM A and VM B
19
Q
Describe VNets
A
- at creation assigned an address space of either IPv4 or IPv6 addresses or both
- these are private addresses, which cannot be accessed from outside of Azure or other networks inside Azure
- a signle VNet is usually assigned a large quantity of address space to support potential future growth
- there is no shortage of private IP addresses
20
Q
What are Subnets?
A
- VNets are subdevided into one or more subnets
- subnet is assigned a range of IP addresses which must exist in the address space of the parent VNet
- usually there is a security layer between subnets, traffic must match a predefined rule set to pass
21
Q
How do VMs interact with VNets?
A
- all VMs must belong to at least one subnet, using a Network Interface Card (NIC)
- some VMs have more than one NIC and can connect to more than one subnet
- VMs can optionally be assigned public IP, which makes it eligible to be accesses from outside Azure (subnet to security/firewalls)
22
Q
What are Network Security Groups? What are rules based on?
A
- also called NSG
- an access control list (ACL) that blocks traffic inbound and outbound from a subnet unless it matches certain rules
- rules are based on source IP, source port, destination IP, destination port and protocol (5-tuple match)
23
Q
How do NSGs work?
A
- can allow communication between different subnets on the same network through adding specific NSG rules
- no traffic passed the NSG filter unless an “ALLOW” rule matches
- “Deny” rules also exist
- rules have priorities and the highest priority rule that matches is the one that applies
24
Q
How can you enable one virtual machine to talk to another virtual machine on a completely different network?
A
- can’t be done using NSGs
- one solution is called Peering
- you can set up a Peering relationship between two subnets on different networks
- this allows communication between vms on both networks
- one requirement: cannot have conflicting IP addresses
25
What is understood unter Azure DNS?
- DNS stands for Domain Name System
- you can give your IP addresses names using DNS
- DNS only applies internally to Azure to applied Networks
26
What is the Azure VPN Gateway?
- VPN = Virtual Private Network
- allows communication between a workstation and a network or between two networks
- encrypts traffic between those two points
27
What is important about the inside/outside of Azure in regards to VPNs?
- from outside of Azure, VPNs require a physical device to be installed
- Inside of Azure, you can install a VPN Gateway as a virtual device on your network
- VPN Gateway requires its own subnet
28
What is P2S in relation to VPN?
- "Point to Site"
- desktop computer is "point" and companys network is "site"
29
How can two networks be connected through VPN devices?
- through VPN Peering
- "Site to Site" VPN -> S2S
- can connect an entire office of computers to an Azure subnet
- or two offices together
30
What is ExpressRoute in Azure?
- like a VPN but faster
- private connection from your Internet Service Provider to Azures Internet Service Provider
- bypasses public internet
