Azure Networking Flashcards
In Azure networking, can you have a peered connection between two vNets in different regions?
Yes, you can peer virtual networks (vNets) across different Azure regions using global virtual network peering. This allows resources in each vNet to communicate directly with each other across regions.
Note that data transfer costs apply for cross-region peering.
In Azure will taking a backup of a VM help with the availability of the VM?
Taking a backup of an Azure VM does not directly enhance the availability of the VM itself; rather, it supports business continuity and disaster recovery. Backups allow you to restore a VM to a previous state if it encounters issues, but they don’t prevent downtime or increase the VM’s operational uptime. For availability improvements, focus on options like:
- Availability Sets: Protect against downtime during planned maintenance and hardware failures within a single data center.
- Availability Zones: Spread VM instances across multiple datacenters within a region, providing protection from entire data center failures.
- Azure Site Recovery (ASR): Offers disaster recovery by replicating workloads to another region, ensuring the service continues during regional outages.
How can I expose my service to other Azure tenants privately?
Use the :
- Azure Standard Load balancer
- Private Link
Describe what service endpoint is used for?
Azure Service Endpoints securely connect virtual networks (VNets) to Azure services over the private Azure backbone, bypassing the public internet.
Key Purposes:
- Secure Access: Direct, secure access to Azure services like Storage, SQL, and Cosmos DB, reducing exposure to internet threats.
- Simplified Architecture: Eliminates the need for NATs or gateways for connecting to Azure services within a VNet.
- Improved Performance: Lowers latency by using Azure’s backbone network.
- Access Control: Allows you to restrict access to services from specified VNets with VNet rules.
- Cost-Efficiency: No extra data charges; however, it doesn’t support cross-tenant access like Private Link.
Describe what private endpoints in Azure are used for?
Azure private endpoints are used to secure network access to services by allowing private, direct connections from your virtual network to supported Azure services. They work by assigning a private IP address from the virtual network’s address space to the Azure resource, making the service accessible only through that IP address within the network.
Key benefits of private endpoints include:
- Enhanced Security: Private endpoints prevent unauthorized access to services by limiting traffic to private IP addresses within a virtual network.
- Reduced Exposure to Internet-Based Threats: Since traffic doesn’t go over the public internet, this lowers the attack surface.
- Simplified Network Management: They help ensure a secure, seamless connection to services without additional firewall rules or complex routing.
- Compatibility with On-Premises Connections: Private endpoints allow connections through VPN or ExpressRoute.
What is the difference between Private endpoints, Service endpoints and Private link?
Private Endpoints:
- Provides a private IP within your virtual network to access a specific Azure service.
- Ensures traffic stays within the virtual network, avoiding the public internet.
- Works as part of the Private Link feature, offering secure access at the network level for supported Azure services.
Service Endpoints:
- Extends your virtual network identity to Azure services over Microsoft’s backbone network.
- Does not assign a private IP; instead, it uses the public IP but restricts access to your VNet.
- Helps enforce network policies by limiting access to specific subnets within your VNet.
Private Link:
- The umbrella feature that enables Private Endpoints.
- Allows you to connect to services via private IPs, including Azure services and customer/partner services hosted on Azure.
What does Traffic Analytics provide regarding Total network traffic flows across resources?
Total network traffic flows across resources
What does Traffic Analytics provide regarding Traffic flow type (inbound, outbound)?
Traffic flow type (inbound, outbound)
What does Traffic Analytics provide regarding Application and protocol distribution?
Application and protocol distribution
What does Traffic Analytics provide regarding Traffic volume over time?
Traffic volume over time
What does Traffic Analytics provide regarding Traffic distribution by source and destination IP?
Traffic distribution by source and destination IP
What does Traffic Analytics provide regarding Traffic distribution by region and country?
Traffic distribution by region and country
What does Traffic Analytics provide regarding Top IPs sending and receiving traffic?
Top IPs sending and receiving traffic
What does Traffic Analytics provide regarding Top virtual networks, subnets, and peered networks?
Top virtual networks, subnets, and peered networks
What does Traffic Analytics provide regarding Top traffic sources and destinations?
Top traffic sources and destinations
