VNets and Stuff Like That Flashcards
What are two things that can be used to facilitate inbound and outbound connections from an Azure VNet to the Internet?
- Public IP
- Public Load Balancer
What are the three key mechanisms Azure resources can use to communicate?
- VNets
- VNET Service Endpoints
- VNet peering
What are the three methods to extend an on-premise data center to an Azure VNet?
- Site-to-Site VPN
- Point-to-Site VPN
- Azure ExpressRoute
What can be used to override Azure VNet default routing?
- BGP Routes
- Route Tables
What are some design considerations for Azure VNets?
- VNets exist on a per region, per subscription basis
- Use RFC 1918 addresses
- Ensure address blocks do not overlap with anything existing
- Security isolation
- IP address limitations
- Connectivity from Azure to on-premise networks
- Any services that require their own subnet
Which addresses are reserved by default when you create an Azure VNet for which purposes?
- x.x.x.0 network address
- x.x.x.1 Azure default gateway
- x.x.x.2 & x.x.x.3 Azure DNS
- x.x.x.255 broadcast address
What are the 4 considerations you must make for Azure Subnets
- IPv6 must use /64 mask
- Unique address range for each subnet using CIDR notation
- Subnets can be used for traffic management
- Virtual Network Service Endpoints can be used to limit resources to specific subnets
What is the recommended naming convention for an Azure Resource?
{resource-type}-{application}-{environment}-{AZ Region}-{instance-id}
Examples:
pip-sharepoint-test-wetsus-001
vnet-corporate-prod-eastus-101
What are the four scopes of Azure resources and what is special about their naming conventions?
- Management Group
- Subscription
- Resource Group
- Resource
Names within a given scope must be unique to that scope.
What are the three categories for Azure services that support availability (zones)?
- Zonal services - can be pinned to a specific zone
- Zone redundant services - replicated or distributed across zones
- Nonregional services - resilient to zone-wide outages
Name some entities that can be assigned a Public IP address in Azure.
- Virtual Machine network interfaces
- Virtual Machine Scale Sets
- Public Load Balancers
- Virtual Network Gateways (VPN/ER)
- NAT gateways
- Application Gateways
- Azure Firewall
- Bastion Host
- Route Server
What options are available for Public IP addresses in Azure?
- IPv4 or IPv6
- Statically assigned or dynamic
What features do the Standard SKU for Public IP Addressing in Azure have over the Basic SKU?
- Static IPv4 addresses (only) in addition to IPv6
- Secure by default, Network Security Groups required
- Support for Availability Zones
- Support for Routing Preference
- Support for Global Tier
From the Azure portal, how might you navigate to create a new VNet?
- Hamburger Menu > All Services > Search Bar: Virtual Networks > Create (Button)
- Hamburger Menu > All Services > Categories > Networking > Network Foundation > Virtual Networks
How are DNS queries routed to Azure DNS servers?
Using Anycast networking (closest server)
What are the most common types of manually created DNS records in Azure DNS?
Host A (IPv4)
Host AAAA (IPv6)
CNAME
What are some considerations when using Domains and Zones with Azure Public DNS?
- Zone name must be unique within a Resource Group
- Zone names can be reused in different Resource Groups
- Different Name Servers are assigned to same zone names in different RGs
- Root/Parent domain is pointed to Azure DNS from domain registrar
- Child domains are registered to AzureDNS directly
What are the steps to delegate a DNS domain in Azure DNS?
1.) Obtain the Azure DNS Name Server names for your zone
2.) Navigate to the domain registrar’s DNS management tools
3.) Edit the domain registrar’s NS records and replace them with the ones Azure DNS created
Where would you create a child zone if needed for resources in an Azure VNet?
A-Name record in the parent zone from Azure DNS (not the domain registrar)
What are the three methods you could choose if you need Private DNS within your Azure VNets?
- Azure provided name resolution
- Azure DNS Private Zones
- Your own DNS server
What are the 3 main limitations of Azure provided (Private) DNS?
- Can’t resolve across different VNets.
- Registers resource names, not guest OS names.
- Doesn’t allow manual record creation (automatically created and managed by Azure)
What (4) advantages do Azure Private DNS Zones have over using the Azure Provided name resolution?
- Manual configuration of records
- Configure specific DNS name for a zone
- Resolve names and IP addresses across different zones
- Resolve names and IP addresses across different VNets
What is the default virtual IP address used by Azure DNS for recursive name resolution?
168.63.129.16
What type of DNS deployment would you most commonly need for a Hybrid on-premise environment?
Your own DNS server deployment within Azure and forwarding to the Azure recursive resolvers. (168.63.129.16)
What is a private connection between two separate VNets called?
VNet peering (same region) or Global VNet peering (different regions)
What are some benefits of VNet peering? (Qty 6)
- low-latency high-bandwidth connection between VNet resources
- can apply network security groups to restrict access back and forth
- transfer data between Azure subscriptions, tenants, deployment models, or regions
- peer VNets created through Azure Resource Manager (ARM)
- peer VNets created in classic deployment to ones created in ARM
- no downtime when creating the peer
