Module 2ba - Exploring Azure Core Products - Networking, AVNs Flashcards
What are Azure Virtual Networks (AVNs)? What do they enable resources to do?
A set of Resources that links other Azure Resources, enabling them to communicate with each other, with users on the Internet and with on-prem client computers
Hint: V U
How do you connect one Azure Virtual Network to another one? Why is this significant?
You connect them through VN Peering (VNP) and User-Defined Routing (UDR)
Why the significance?
ISOLATION - Because two AVNs are by default isolated from one another. Resources assigned to one AVN cannot communicate with Resources in another AVN
What two options do you have for AVN DDos Protection? Which one is a Premium Service?
Basic DDos Protection and Standard DDos Protection (Premium Service)
*Know the cost vs benefit of selecting one
What are two (2) means by which AVNs can communicate with the public Internet?
AVNs can connect to the public internet by default. You just need to enable a public IP Address OR a public Load Balancer (these are both Resources you can provision for the AVN).
AVNs - Define the concept of Isolation
Isolation: AVNs allow you to create multiple isolated virtual networks, defined by a private IP Address Space that uses public or private IP Address Ranges
AVNs - How do you handle Name Resolution?
Use the built-in Name Resolution Service for name resolution, or configure the VN to use an internal or external DNS
Hhint: four (4) ways
How do you manage AVNs?
AVNs can be managed through
- Azure Portal
- Azure CLI
- Secure Shell
- Remote Desktop Protocol (good ol’ fashioned RPD lolol)
How do you modify an AVN after creation?
Azure Portal and Azure CLI
- Add PEERINGS (link to another AVN)
- Add additional Address Spaces
- Connect machines
- Add additional SubNets
AVN Names must be unique globally (T/F)?
False. They need to be unique within your SUBSCRIPTION, but NOT GLOBALLY
Hint: 3 ways to do it
How do AVNs communicate with On-Prem resource/end points?
- Point-To-Site
- Site-to-Site VPN
- Azure ExpressRoute
Hint: 3 ways to do it
How do you enable integration and communication between the Resources in an AVN?
Deploy Resources to the SAME AVNs - AVNs can connect to/add virtually all other Service types; Power Apps Service Environment, AK8s, VM Scale Sets, etc that are deployed to themselves
Setup Private Link - private access to specific Resources from Virtual Network or One-Prem Network
Service Endpoints - Endpoints can be used to connect to other Resource types like SQL DBs or Storage Accounts. You can link multiple Azure resources to AVNs to provide improved security and optimized routing between resources (AVNs isolate those resources to the single network)
AVNs - define the concept of Segmentation
Segmentation: You can divvy up the IP Address space into SubNets (via CIDR) and allocate part of the defined space to each named SubNet
Hint: 2 ways to do it
How can AVNs filter network traffic?
You can filter traffic between SubNets using two approaches:
Network Security Groups - A Resource where you can add inbound and outbound security rules for ingress/egress traffic
Network Virtual Appliances - An NVA is a specialized VM that carries out a specific network function like running a firewall or performing WAN optimization
What is the default behavior for routing network traffic, and what are the two ways to override it?
By default, Azure routes traffic between subnets on any connected virtual networks, on-prem networks, and the internet.
To override:
Route Tables - Define rules about how traffic gets directed and rerouted
Border Gateway Protocol (BGP) - Propagates On-Prem BGP routes to AVNs, works with Azure VPN Gateways or ExpressRoutes
General Knowledge: What is CIDR Notation?
Classless Inter-Domain Routing. Defines the range of IP Addresses available for your AVN. Azure provides the initial IP Address, you’ll need to partition it.