es

u
Azure virtual network and Azure virtual machines

ig
Review

r
d
o
R
an
Al
 Azure Virtual Network

es
This is a private network on Azure. It helps to host Azure resources such as your Azure virtual machines.

u
Its like having a traditional network in your on-premises data center.

ig
Region Address space

r
A virtual network needs to be hosted in a You need to specify an address space for

d
particular region. the virtual network

o
R
Subscription
Subnets
A virtual network needs to be part of a This helps to segment the virtual network
an
subscription. into one or more sub-networks.
Al
 Azure Virtual Machine

es
This service helps you to provision virtual machines on the cloud.

u
Compute Lifecycle

ig
This is your compute service on the Azure You can create the machine whenever you
platform. Here you can create compute

r
want. You can also terminate the machine
resources on-demand. whenever required.

d
Operating system

o
Workload
You can choose from operating systems You can then install different workloads on

R
such as Windows Server 2019 and different the machine.
flavors of Linux.
an
Al
 Azure Virtual Machine

es
u
Less Management Less Investment

ig
You don’t manage the You only pay for how much you

r
use.
infrastructure.

d
o
R
Less operations Configure
an
Don’t need to invest in You can configure various
managing the data center aspects of your virtual machine
Al
 Azure Virtual Machine

es
Isolated network on the

u
Virtual Network cloud

ig
r
d
Public IP Address Network Security
Allows to contact the Group
Filters traffic to and from

o
machine from the Internet the machine

R
an
OS Disk

Used to store the

Al

operating system
 Private IP Address

es
u
Azure assigns private IP By default, Azure
addresses to resources from the assigns a

ig
address range of the subnet. dynamic IP

r
address.

d
o
The first four addresses of You can also
each subnet range are mark a private IP

R
reserved by Azure. an address as static
Al
 Public IP Address

es
u
Basic SKU – Dynamic or
This allows internet resources to
Static. Does not support

ig
communicate with Azure
availability zones.
resources

r
d
Here the allocation of

o
Standard SKU –
the public IP address Only Static

R
can be static or allocation. Does
dynamic depending
an
support zone-
upon the SKU redundancy.
Al
 es
u
Azure Virtual Network

ig
REVIEW

r
d
o
R
an
Al
 Azure Virtual Network

es
Isolation Subnet

u
This is a range of IP addresses within
This is a private

ig
the virtual network. Subnets help to
network in Azure
have better organization and security

r
Network Interface

d
Internet
This is the interconnection

o
All resources in the virtual
network can communicate between the virtual machine

R
with the Internet by default and the virtual network.
an
Al
 IP addresses

es
u
Public IP address Private IP address

ig
This allows for outbound This is used for communication within

r
communication with the Internet. the virtual network.

d
o
R
an
Al
 Virtual Network peering

es
u
Connection Locations

ig
Helps to connect two or more virtual You can connect virtual networks that

r
networks together. The traffic moves are in the same region or across

d
via the Microsoft backbone regions.

o
infrastructure.

R
IP addresses an Peering Connection

The virtual networks in the peering A peering connection is created for

connection must have non- each virtual network.

Al

overlapping IP address spaces.

 Azure DNS

es
DNS Zone Virtual Network link

u
This is used to host the DNS To ensure that the virtual network can

ig
records for a particular use the private DNS zone, you need to
domain. link the virtual network to the zone.

r
Autoregistration

d
Public zone
Here DNS records for your virtual

o
Here Azure DNS can resolve
host names in your public machines get automatically

R
domain. created in the zone.
an
Private zone
Here domain names can be
Al

resolved within the virtual

network.
 es
u
Domain Name System

ig
Review

r
d
o
R
an
Al
 Domain Name System

es
Domain Name Registrar A record

u
This maps a name to an IPv4

ig
This is an organization that allows
address.
you to purchase a domain name.

r
DNS Zone TTL

d
This is used to host DNS records TTL – Time to live specifies how

o
for a particular domain. long each record is cached by

R
clients.

Apex record Record types

an
An apex record is a DNS record at DNS Record types – A, AAAA,
the root of the DNS zone – e.g CNAME, MX
Al

cloud2hub.com. By default @ is
used to represent the apex
records.
 Azure Private DNS

es
This provides a reliable and secure DNS service for your virtual network.

u
Here you can use your own custom private DNS zones

ig
Virtual Network link Automatic updates

r
To resolve records, the virtual network needs to DNS records can be updated whenever a virtual

d
be linked to a zone machine gets created, changes its IP address or

o
gets deleted.

R
Autoregistration
Records
Here DNS records get automatically registered Supports the common DNS record types – A,
an
for the virtual machines in the virtual network AAAA, CNAME, MX , SOA, TXT.
Al
 Azure Public DNS

es
This is a hosting service that provides name resolution by using Microsoft Azure Infrastructure.

u
You can manage your records in Azure DNS

ig
Reliability Records

r
Here you can make use of Azure’s global Supports the common DNS record types – A,

d
network of DNS name servers. AAAA, CNAME, MX , SOA, TXT.

o
R
Tools
Domain name
You can use tools such as PowerShell to Currently you can’t buy a domain name when it
an
manage your DNS zones. comes to Azure DNS.
Al
 Azure Virtual Machine

es
This service helps you to provision virtual machines on the cloud.

u
Compute Lifecycle

ig
This is your compute service on the Azure platform. Here you can You can create the machine whenever you want. You can also
create compute resources on-demand. terminate the machine whenever required.

r
d
Operating system

o
Workload
You can choose from operating systems such as Windows Server
You can then install different workloads on the machine.

R
2019 and different flavors of Linux.
an
Al
 Azure Virtual Machine

es
u
Less Management Less Investment

ig
You don’t manage the infrastructure. You only pay for how much you use.

r
d
o
R
Less operations Configure
an
You can configure various aspects of
Don’t need to invest in managing the
data center your virtual machine
Al
 Azure Virtual Machine

es
Isolated network on the cloud

u
Virtual Network

ig
r
d
Allows to contact the machine Public IP Address Network Security Filters traffic to and from the
Group

o
from the Internet machine

R
an
OS Disk

Used to store the operating

Al

system
 Private IP Address

es
u
Azure assigns private By default, Azure
IP addresses to assigns a dynamic IP

ig
resources from the address.
address range of the

r
subnet.

d
The first four

o
You can also mark a
addresses of each private IP address as

R
subnet range are static
reserved by Azure. an
Al
 Public IP Address

es
u
This allows internet Basic SKU – Dynamic
resources to or Static. Does not

ig
communicate with support availability
Azure resources zones.

r
d
Here the allocation of

o
Standard SKU – Only
the public IP address Static allocation. Does

R
can be static or support zone-
dynamic depending an redundancy.
upon the SKU
Al
 es
u
Azure Load Balancer

ig
Review

r
d
o
R
an
Al
 Azure Availability sets

es
Failure Unplanned events

u
This feature helps to protect against This is when the underlying infrastructure fails
unexpectedly. The failures could be attributed

ig
infrastructure level failures.
to network failures , local disk failures or even
rack failures

r
d
Planned maintenance events Availability sets

o
Here Microsoft needs to make planned updates Here when a machine is assigned to an

R
to the underlying physical environment. In such availability set, it is assigned to a fault and
cases , a reboot might be required on your
an update domain.
virtual machine
Al
 Azure Availability zones

es
Failure Zones

u
This features help provides better availability for Each Availability zone is a unique physical
location in an Azure region. Each zone

ig
your application by protecting them from
datacenter failures. comprises of one or more data centers that has
independent power, cooling, and networking

r
d
Protection Availability

o
Hence the physical separation of the Availability Using Availability Zones, you can be guaranteed

R
Zones helps protect applications against data an availability of 99.99% for your virtual
center failures an machines. You need to ensure that you have 2
or more virtual machines running across
multiple availability zones.
Al
 Azure Load Balancer

es
This is a service that is used to distribute incoming traffic across a group of backend resources or servers.

u
This service operates at Layer 4 of the OSI model.

ig
Public Load Balancer Performance

r
This provides outbound connections for virtual The Load balancer provides low latency and

d
machines inside the virtual network. high throughput.

o
R
Internal Load Balancer
Scaling
This is used to load balance traffic inside a The Load Balancer can scale up to millions of
an
virtual network. flows for all TCP and UDP applications.
Al
 Azure Load Balancer SKUs

es
Basic SKU Standard SKU

u
This is a free version of the Load Balancer Here there is an hourly charge

ig
r
The backend virtual machines need to be Here the backend virtual machines can

d
part of an availability set or scale set also be independent machines that are

o
part of a virtual network

R
Supports health probes of TCP and HTTP Supports health probes of TCP ,HTTP
and HTTPS
an
Does not have an SLA Has an SLA of 99.99%
Al
 Azure Load Balancer Components

es
This defines how incoming traffic is distributed to the
instances in the backend pool. A rule maps a frontend

u
Load-Balancing IP and port to backend IP addresses and ports.
Rules

ig
r
d
Inbound NAT
This forwards incoming traffic Rules
Outbound rules This enables instances in the

o
sent to frontend IP address backend to communicate

R
and port to a specific virtual with the internet
machine in the backend pool.
an
Health probe

This is used to determine the

Al

health status of the instances

in the backend pool.
 Azure Virtual Machine Scale Set

es
This service helps to create and manage a group of load balanced VM’s.

u
Here VM’s can be created on demand.

ig
Integration Rules

r
This service can be used with the Load Balancer. You can use rules and conditions to scale out or

d
scale in the number of virtual machines.

o
R
Virtual Machines
Availability
Here VM’s are created based on the base image This service can automatically distribute the
an
for the machine. virtual machines across Availability zones and
Availability sets.
Al
 es
u
Azure Application Gateway

ig
Review

r
d
o
R
an
Al
 Azure Application Gateway

es
Load Balancer Autoscaling

u
This is a web traffic load balancer. This makes The Standard_v2 SKU supports autoscaling that
can scale up and down based on traffic load

ig
routing decisions based on the attributes of the
HTTP request. patterns.

r
d
High Availability Layer 7

o
For the Standard_v2 SKU , the gateway can This load balancer operates at Layer 7

R
span multiple Availability Zones.
an
Al
 Azure Application Gateway features

es
Here requests can be routed to the back-end
Server pools based on the URL paths of the request.

u
URL-based
routing

ig
r
d
Multiple-site Rewrite HTTP
Here you can configure hosting
Here you can create rules to
Headers or URL

o
routing based on the host rewrite the headers and URLs.

R
name or domain name.
an
Web Application
Firewall

This feature helps to protect

Al

your web applications.

 Azure Application Gateway components

es
Frontend IP addresses HTTP settings

u
This is the IP address that is The settings determine how

ig
associated with the Application requests are routed to the
Gateway backend servers.

r
d
Listeners Backend pool

o
This is a logical entity that checks This contains the backend
for incoming requests

R
Servers.
an
Health probes
Request Routing Rule
The rule binds the listener, the Here you can define your own
Al

back-end server pool and the custom health probes.

backend HTTP settings.

 es
u
Azure Traffic Manager

ig
Review

r
d
o
R
an
Al
 Azure Traffic Manager

es
Geographic
Priority

u
Here users are directed to
Here you can direct users to a

ig
endpoints based on their
secondary endpoint if the primary
geographic location
one fails

r
d
Weighted Multivalue

o
Here you can assign weights to Here multiple endpoints are sent
each endpoint to the user.

R
an
Performance Subnet
Here users can be directed to the Here the endpoint is decided
Al

closest endpoint with the lowest based on the subnet the user is
network latency located in.
 Endpoint Types

es
Azure endpoints External Endpoints

u
This can be PaaS cloud services, Web Apps, Web This can be IP addresses or FQDN’s that are
located outside of Azure.

ig
App Slots, Public IP Addresses that are assigned
to virtual machines. Here the VM’s need to also

r
have a DNS name assigned.

d
Nested Endpoints

o
This can be another Traffic Manager profile

R
an
Al
 es
u
Azure Point-to-Site VPN Connections

ig
REVIEW

r
d
o
R
an
Al
 Point-to-Site VPN

es
u
Secure Connection Few clients

ig
Allows clients that run Windows, Linux This is ideal when you have a few

r
or macOS to securely connect to an clients that need to connect to the

d
Azure virtual network. Azure virtual network.

o
R
VPN Connection Authentication
an
The VPN connection is created over You have different authentication

SSTP( Secure Socket Tunneling methods that can be used –

Al

Protocol) or IKEv2. Certificates, Azure AD

 Point-to-Site VPN

es
u
Virtual Network
Gateway subnet
Gateway

ig
Your virtual network needs to have a This allows you to configure the Virtual

r
Gateway subnet in place. Here the VM’s Network Gateway connection.

d
that will manage the VPN will be

o
deployed here.

R
Certificates an Client

You can use self-signed certificates. Each client needs to have the client

The public key of the root certificate is certificate installed.

Al

uploaded to the Azure Virtual Network

gateway.
 Point-to-Site VPN
Protocols

es
u
SSTP OpenVPN

ig
Secure Socket Tunneling Protocol – This is an open standard created to

r
Developed by Microsoft. Here the implement secure connections. Used

d
encrypted tunnel is created over TCP the OpenSSL library.

o
port 443. Uses SSL/TLS protocol.

R
IKEv2 an
Internet Key Exchange uses the IPsec
protocol suite to establish a secure
Al

connection.
 es
u
Azure Site-to-Site VPN Connections

ig
REVIEW

r
d
o
R
an
Al
 Site-to-Site VPN

es
u
Secure Connection On-premises network

ig
Here the connection is established Here you connect your entire on-

r
over IPsec/IKE VPN tunnel. premises network to the Azure virtual

d
network.

o
R
Public IP Address
an
The on-premises network needs to
have a software or hardware device
Al

that has a public routable IP address

 Site-to-Site VPN

es
u
Virtual Network
Gateway subnet
Gateway

ig
Your virtual network needs to have a This allows you to configure the Virtual

r
Gateway subnet in place. Here the VM’s Network Gateway connection.

d
that will manage the VPN will be

o
deployed here.

R
Local Network gateway an
This will be a representation of the on-
premises network configuration.
Al
 es
u
Azure ExpressRoute

ig
REVIEW

r
d
o
R
an
Al
 Azure ExpressRoute

es
u
Connection Redundancy

ig
Allows you to connect your on- Each ExpressRoute circuit has two

r
premises networks to Microsoft cloud connections for redundancy purposes.

d
over a private connection.

o
R
Private peering an Microsoft peering

Azure private peering allows you to This allows you to connect to public

connect to your Azure virtual network services such as Microsoft 365 and
Al

resources. Azure PaaS services.

 Azure ExpressRoute

es
u
Gateway FastPath

ig
This improves data path performance
Your Azure virtual network needs to

r
between on-premises network and the
have a virtual network gateway in place

d
Azure virtual network. Virtual network
that is configured to use ExpressRoute.
gateway – Ultra Performance,

o
ErGw3AZ.

R
Global Reach an
This allows you to connect your on-
premises networks together via their
Al

individual ExpressRoute circuits.

 Azure ExpressRoute SKU’s

es
u
Local Standard/Performance

ig
You get more connections per second,
Here the circuit only gives access to
better performance. You can connect

r
one or two Azure regions in or near the
to any Azure region. You get both
same metro. Here you can save on

d
Unlimited and Metered billing.
costs. You only have Unlimited billing

o
model.

R
an
Al
 es
u
Section

ig
REVIEW

r
d
o
R
an
Al
 Network Security Groups

es
u
Filter traffic Rules

ig
Filter traffic to and from Azure Here you can create Inbound and

r
resources in an Azure virtual network. Outbound Network Group Security

d
rules.

o
R
Attachment an Default

The Network Security Group can be Each Network Security Group has

attached to a network interface or to a default rules that can’t be edited or

Al

subnet. deleted.
 Network Security Groups Rules

es
Port Range
Priority

u
Here you can specify the port range for
Here the rules with lower
the traffic.

ig
numbers are processed first.
Once a matching rule is found,

r
the processing is stopped.
Direction

d
Source/Destination
Whether it is an Inbound or

o
Can be an IP address, a service
Outbound rule.

R
tag or an application group.
an
Protocol Action

TCP, UDP, ICMP etc. Allow or Deny.

Al
 Azure Firewall

es
Threat Intelligence
Protection

u
Can alert and deny traffic based on
Helps to protect your Azure
known malicious IP addresses and

ig
virtual network resources. It has
domains.
built-in high availability.

r
NAT Rules

d
Application rules
Define Network address

o
You can restrict outbound traffic to
translation rules for resources

R
fully qualified domain names.
in the virtual network.
an
Network rules Forced tunneling
Can route all Internet-bound
Al

You can also limit traffic at the

network layer. traffic to a designated next
hop instead of directly being
routed to the Internet.
 es
u
Azure Traffic Manager

ig
Review

r
d
o
R
an
Al
 Azure Traffic Manager

es
Geographic
Priority

u
Here users are directed to
Here you can direct users to a

ig
endpoints based on their
secondary endpoint if the primary
geographic location
one fails

r
d
Weighted Multivalue

o
Here you can assign weights to Here multiple endpoints are sent
each endpoint to the user.

R
an
Performance Subnet
Here users can be directed to the Here the endpoint is decided
Al

closest endpoint with the lowest based on the subnet the user is
network latency located in.
 Endpoint Types

es
Azure endpoints External Endpoints

u
This can be PaaS cloud services, Web Apps, Web This can be IP addresses or FQDN’s that are
located outside of Azure.

ig
App Slots, Public IP Addresses that are assigned
to virtual machines. Here the VM’s need to also

r
have a DNS name assigned.

d
Nested Endpoints

o
This can be another Traffic Manager profile

R
an
Al