Design and Implement Hybrid Networking

Question 1

What is Windows Admin Center?

Answer 1

You plan to configure Azure Extended Network to extend an on-premises subnet into Azure.

What should you deploy first?

Windows Admin Center is used to configure and manage the solution though a wizard. All the other options are for unrelated technologies.

Question 2

Azure VPN gateway

Answer 2

a specific type of virtual network gateway that is used to send and receive encrypted traffic between an Azure virtual network and an on-premises location over the public Internet.

Question 3

Types of VPN Gateways

Answer 3

Point to site over the internet
Site to site over the internet
Site to site over a dedicated network, such as Azure ExpressRoute

Question 4

Planning factors for VPN gateways

Answer 4

Throughput - Mbps or Gbps
Backbone - Internet or private?
Availability of a public (static) IP address
VPN device compatibility
Multiple client connections or a site-to-site link?
VPN gateway type
Azure VPN Gateway SKU

Question 5

PolicyBased VPN

Answer 5

PolicyBased VPNs were previously called static routing gateways in the classic deployment model. Policy-based VPNs encrypt and direct packets through IPsec tunnels based on the IPsec policies configured with the combinations of address prefixes between your on-premises network and the Azure VNet. The policy (or traffic selector) is usually defined as an access list in the VPN device configuration. The value for a PolicyBased VPN type is PolicyBased. When using a PolicyBased VPN, keep in mind the following limitations:

Policy based VPNs which support IKEv1 protocols can be used with Basic Gateway SKUs only.

You can have only 1 tunnel when using a PolicyBased VPN.

You can only use PolicyBased VPNs for S2S connections, and only for certain configurations. Most VPN Gateway configurations require a RouteBased VPN.

Question 6

VPN gateway subnet

Answer 6

The gateway subnet contains the IP addresses that the virtual network gateway VMs and services use. When you create your virtual network gateway, gateway VMs are deployed to the gateway subnet and configured with the required VPN gateway settings. Never deploy anything else (for example, additional VMs) to the gateway subnet.

Question 7

network virtual appliance (NVA)

Answer 7

These types of devices are known as network virtual appliances (NVAs); they are deployed directly into a Virtual WAN hub and have an externally facing public IP address.

Question 8

Customer Resource Group

Answer 8

This will contain an application placeholder for the Managed Application. Partners can use this resource group to expose whatever customer properties they choose here.

Question 9

Managed Resource Group

Answer 9

Customers cannot configure or change resources in this resource group directly, as this is controlled by the publisher of the Managed Application. This Resource Group will contain the NetworkVirtualAppliances resource.

Question 10

NVA Infrastructure Units

Answer 10

An NVA Infrastructure Unit is a unit of aggregate bandwidth capacity for an NVA in the Virtual WAN hub.

Question 11

One NVA Infrastructure Unit

Answer 11

represents 500 Mbps of aggregate bandwidth for all branch site connections coming into this NVA.

Question 12

How many infrastructure units does Azure support in a NVA virtual hub deployment

Answer 12

1-80 NVA Infrastructure Units for a given NVA virtual hub deployment.

Question 13

ASNs reserved by Azure

Answer 13

Public ASNs: 8074, 8075, and 12076

Private ASNs: 65515, 65517, 65518, 65519, and 65520

Question 14

ASNs reserved by IANA

Answer 14

23456, 64496-64511, 65535-65551, and 429496729

Question 15

OpenVPN

Answer 15

users can authenticate to Azure AD when using the VPN connection