Mod 12 - Describe Azure compute and networking services Flashcards
what are the 3 resources you need to choose when creating VM
- Size (purpose, number of processor cores, and amount of RAM)
- Storage disks (hard disk drives, solid state drives, etc.)
- Networking (virtual network, public IP address, and port configuration)
Azure Virtual Desktop
desktop and application virtualization service that runs on the cloud, type of az VM
Azure Virtual Desktop purpose
: It enables you to use a cloud-hosted version of Windows from any location. Azure Virtual Desktop works across devices and operating systems, and works with apps that you can use to access remote desktops or most modern browsers.
what are 4 attributes of AZ Virtual desktop
- centralized security management for users’ desktops with Azure Active Directory
o MFA
o RBAC - data and apps are separated from the local hardware
- user sessions are isolated in both single and multi-session environments.
- lets you use Windows 10 or Windows 11 Enterprise multi-session, the only Windows client-based operating system that enables multiple concurrent users on a single VM.
Purpose of Azure Virtual Networking
enable Azure resources, such as VMs, web apps, and databases, to communicate with each other, with users on the internet, and with your on-premises client computers
- Public endpoints
have a public IP address and can be accessed from anywhere in the world.
- Private endpoints
exist within a virtual network and have a private IP address from within the address space of that virtual network
Route-based gateways
Route-based gateways implement the route-based VPNs.
Route-based VPNs use “routes” in the IP forwarding or routing table to direct packets into their corresponding tunnel interfaces. The tunnel interfaces then encrypt or decrypt the packets in and out of the tunnels
- Policy-based VPN gateways
Policy-based gateways implement policy-based VPNs.
Policy-based VPNs encrypt and direct packets through IPsec tunnels based on the combinations of address prefixes between your on-premises network and the Azure VNet.
The policy (or Traffic Selector) is usually defined as an access list in the VPN configuration.
Zone-redundant gateways VPN config
means that all instances of the gateways will be deployed across Azure availability zones, and each availability zone is a different fault and update domain
These gateways require different gateway stock keeping units (SKUs) and use Standard public IP addresses instead of Basic public IP addresses.
Active/active VPN config
you assign a unique public IP address to each instance. You then create separate tunnels from the on-premises device to each IP address
Active/standby VPN config
In active-standby mode, one IPsec tunnel is active and the other tunnel is in standby
By default, VPN gateways are deployed as two instances in an active/standby configuration, even if you only see one VPN gateway resource in Azure
how many az VPN gateways can you deploy on a VNET
One
Azure VPN Gateway
instances are deployed in a dedicated subnet of the virtual network and enable the following connectivity:
- Connect on-premises datacenters to virtual networks through a site-to-site connection.
- Connect individual devices to virtual networks through a point-to-site connection.
- Connect virtual networks to other virtual networks through a network-to-network connection
- Point-to-site virtual private network
connections are from a computer outside your organization back into your corporate network. In this case, the client computer initiates an encrypted VPN connection to connect to the Azure virtual network.
- Site-to-site virtual private network
link your on-premises VPN device or gateway to the Azure VPN gateway in a virtual network. In effect, the devices in Azure can appear as being on the local network. The connection is encrypted and works over the internet
what are 3 options for express route
- Connectivity can be from an any-to-any (IP VPN) network,
- a point-to-point Ethernet network, or
- a virtual cross-connection through a connectivity provider at a colocation facility
ExpressRoute enables direct access to 4 MS services
- Microsoft Office 365
- Microsoft Dynamics 365
- Azure compute services, such as Azure Virtual Machines
- Azure cloud services, such as Azure Cosmos DB and Azure Storage
ExpressRoute Global Reach
exchange data across your on-premises sites by connecting your ExpressRoute circuits. allowing them to communicate without transferring data over the public internet.
Any-to-any networks
With any-to-any connectivity, you can integrate your wide area network (WAN) with Azure by providing connections to your offices and datacenters
Directly from ExpressRoute sites
You can connect directly into the Microsoft’s global network at a peering location strategically distributed across the world.
Point-to-point Ethernet connection
Point-to-point ethernet connection refers to using a point-to-point connection to connect your facility to the Microsoft cloud
CloudExchange colocation model
Co-location refers to your datacenter, office, or other facility being physically co-located at a cloud exchange, such as an ISP. If your facility is co-located at a cloud exchange, you can request a virtual cross-connect to the Microsoft cloud
what are the 4 express route connectivity model
- CloudExchange colocation
- Point-to-point Ethernet connection
- Any-to-any connection
- Directly from ExpressRoute sites
what are the 3 items that still go over public internet
DNS queries, certificate revocation list checking, and Azure Content Delivery Network requests
what routing protocol is used for expressroute
BGP
- Azure ExpressRoute
provides a dedicated private connectivity to Azure that doesn’t travel over the internet. ExpressRoute is useful for environments where you need greater bandwidth and even higher levels of security.
how does azure route traffic by default
any connected virtual networks, on-premises networks, and the internet
what are the two ways azure VNETS filter traffic between subnets
- Network security groups
- Network virtual appliances
- Network security groups
Azure resources that can contain multiple inbound and outbound security rules
- Network virtual appliances
specialized VMs that can be compared to a hardened network appliance. A network virtual appliance carries out a particular network function, such as running a firewall or performing wide area network (WAN) optimization
what order are NSG Rules processed
processed in priority order, with lower numbers processed before higher numbers
