VM and Resource Management Flashcards
Disk Encryption
-Protects data on virutal machines
-uses BitLocker on Windows VM to encrypt OS and data disks
-Uses DM-Crypt on Linux VMs to encrypt OS and data disks
-Integrated with Azure Key Vault. The Key Vauly must reside in the same regin and subscription as the VM being encrypted
-Supported Windows VMs: Gen1 VMs and Gen 2 VMs, VMs with premium storage
Azure Disk Encryption is not possible on:
basic tier virutal machines as well as A-series VMs or on VMs with less than 2 GB of RAM
Disk Encryption only works on a Linux VM if:
DM-Crypt and VFAT modules are present
Blueprints
a declarative way to orchestrate the deployment of various resource templates and other artifcats such as:
-role assignments
-policy assignments
-Azure Resource Manager templates
-Resource Groups
Each published version of a blueprint can be assigned to an existing management group or subscription
Where cna you buy an Azure Premium P2 subscription?
M365 Admin portal
Resources contained within a Resource Group can span:
multiple regions
Resource Locks
When a lock is applied at a parent scope, all resources withint that scipe inherit the lock. Resources added later will also inherit the lock from the parent
the most restrictive lock in the inheritance takes precendence
Resources
a resources region cannot be changed!
-you can move resources to different resource groups, but the region of the resource cannot change
You need to monitor the metrics and logs of a Linux VM, what should you use?
Linux Diagnostic Extension (LAD)
When you add a monitoring solution to a subscription, it is auto deployed by default to all Windows/Linux agents connected to Log Analytics workspace. You may want to limit costs by sending only selected agents. What 3 steps?
- Create a computer group
- Create a scope configuration
- Apply the scope configuration to the solution
Azure VM extensions
-can be deployed with Azure Resource Manager templates
-templates are ideal when deploying one or more VMs that require post deployment configurations such as onboarding to Azure Anitmalware