Mod 12 - Describe Azure compute and networking services Flashcards
what are the 3 resources you need to choose when creating VM
- Size (purpose, number of processor cores, and amount of RAM)
- Storage disks (hard disk drives, solid state drives, etc.)
- Networking (virtual network, public IP address, and port configuration)
Azure Virtual Desktop
desktop and application virtualization service that runs on the cloud, type of az VM
Azure Virtual Desktop purpose
: It enables you to use a cloud-hosted version of Windows from any location. Azure Virtual Desktop works across devices and operating systems, and works with apps that you can use to access remote desktops or most modern browsers.
what are 4 attributes of AZ Virtual desktop
- centralized security management for users’ desktops with Azure Active Directory
o MFA
o RBAC - data and apps are separated from the local hardware
- user sessions are isolated in both single and multi-session environments.
- lets you use Windows 10 or Windows 11 Enterprise multi-session, the only Windows client-based operating system that enables multiple concurrent users on a single VM.
Purpose of Azure Virtual Networking
enable Azure resources, such as VMs, web apps, and databases, to communicate with each other, with users on the internet, and with your on-premises client computers
- Public endpoints
have a public IP address and can be accessed from anywhere in the world.
- Private endpoints
exist within a virtual network and have a private IP address from within the address space of that virtual network
Route-based gateways
Route-based gateways implement the route-based VPNs.
Route-based VPNs use “routes” in the IP forwarding or routing table to direct packets into their corresponding tunnel interfaces. The tunnel interfaces then encrypt or decrypt the packets in and out of the tunnels
- Policy-based VPN gateways
Policy-based gateways implement policy-based VPNs.
Policy-based VPNs encrypt and direct packets through IPsec tunnels based on the combinations of address prefixes between your on-premises network and the Azure VNet.
The policy (or Traffic Selector) is usually defined as an access list in the VPN configuration.
Zone-redundant gateways VPN config
means that all instances of the gateways will be deployed across Azure availability zones, and each availability zone is a different fault and update domain
These gateways require different gateway stock keeping units (SKUs) and use Standard public IP addresses instead of Basic public IP addresses.
Active/active VPN config
you assign a unique public IP address to each instance. You then create separate tunnels from the on-premises device to each IP address
Active/standby VPN config
In active-standby mode, one IPsec tunnel is active and the other tunnel is in standby
By default, VPN gateways are deployed as two instances in an active/standby configuration, even if you only see one VPN gateway resource in Azure
how many az VPN gateways can you deploy on a VNET
One
Azure VPN Gateway
instances are deployed in a dedicated subnet of the virtual network and enable the following connectivity:
- Connect on-premises datacenters to virtual networks through a site-to-site connection.
- Connect individual devices to virtual networks through a point-to-site connection.
- Connect virtual networks to other virtual networks through a network-to-network connection
- Point-to-site virtual private network
connections are from a computer outside your organization back into your corporate network. In this case, the client computer initiates an encrypted VPN connection to connect to the Azure virtual network.
