04-Virtual Networking Flashcards
(30 cards)
What are Azure Networking Components?
Virtual Network
Load Balancer
Application Gateway
Traffic Manager profile
Virtual network gateway
Virtual WAN
What is Virtual Network
Logically isolated section in MS Azure and securely connect it outward
Logical representation of your own network
Create dedicated private cloud-only virtual network
Securely extend your datacenter with virtual networks
Enable hybrid cloud scenarios
What is Load Balancer
Distributes incoming traffic among backend virtual machine instances
What is Application Gateway
Scalable layer-7 load balancer offering various traffic routing rules and SSL termination for backend
What is Traffic Manager profile
Allows you to control the distribution of user
What is Virtual network gateway
VPN device in your Azure virtual network and used with site-to-site and VNet-to-VNet VPN
What is Virtual WAN
Networking service that provides optimized and automated branch-to-branch
What are Subnets
Logical division within your network
Virtual network can be segmented into one or more subnets
Helps improve security, increase performance, and make it easer to manage the network
Must have unique address range - cannot overlap with other subnets in the virtual network in the subscription
What is Private IP Address
Used within an Azure virtual network (VNet) and your on-prem network when you use VPN gateway or ExpressRoute circuit to extend your network to Azure
What is Public IP Address
Used for communication with the Internet, including Azure public-facing services
Where can you associate Public IP Address
Virtual Machine - NIC
Load Balancer - Front-end configuration (Internet-facing)
VPN Gateway - Gateway IP configuration
Application Gateway - Front-end configuration
Where can you associate Private IP Address
Virtual Machine
Internal Load Balancer
Application Gateway
What is Static IP
FILL IN
What is Dynamic IP
FILL IN
What is Network Security Group
Lists the security rules that ALLOW or DENY inbound or outbound network traffic
Limits network traffic to resources in a virtual network
Associated to a subnet or a network interface
Can be associated multiple times
What are Network Security Group (NSG) Rules
Enable you to filter network traffic that can flow in and out of virtual network subnets and network interfaces
There are default security rules. You cannot delete the default rules, but you can add other rules with a higher priority
Lower the number, Higher the priority
What are NSG Effective Rules
Evaluated independently for the subnet and NIC
“allow” rule must exist at both levels for traffic to be admitted
Use the Effective Rules link if you are not sure which security rules are being applied
How to create NSG rules
Specify
Service - destination protocol and port range for this rule
Port ranges - single port or multiple ports
Priority - lower the number, higher the priority
What is Azure Firewall
Fully stateful firewall as a service
Built-in high available with unrestricted cloud scalability
Create, enforce, log application and network connectivity policies
Threat intelligence-based filtering
Fully integrated with Azure Monitoring for logging and analytics
Support for hybrid connectivity through deployment behind VPN and ExpressRoute Gateways
How you implement firewall
Hub-and-spoke topology is recommended
Shared services are placed in the hub virtual network
Each environment is deployed to a spoke to maintain isolation
What are NAT rules
Translate Public IP address to Private IP address
What are Network rules
Allow HTTP and non-HTTP traffic.
Configure rules that contain src addr, prototols, dst ports and dst addresses.
What are Application rules
Configure fully qualified domain names (FQNDs) that can be accessed from a subnet
When is Azure AD domain created
When you create Azure subscription then an Azure AD domain is created for you
Initial domain name in the form domainname.onmicrosoft.com
You can customize/change the name
After custom name is added it must be verified
