Tutorial / Cram Notes

Virtual Networks (VNet) are the cornerstone of Azure networking. They allow Azure resources to communicate securely with each other, the internet, and on-premises networks.

  • Creating a VNet involves defining a private IP address space using public and private (RFC 1918) addresses.
  • Subnets allow you to segment the network into one or more sub-networks, enabling you to group and isolate resources.

Example:

To create a VNet with two subnets, you can use the Azure portal, Azure PowerShell, or Azure CLI.

az network vnet create –name MyVNet –resource-group MyResourceGroup –address-prefix 10.0.0.0/16
az network vnet subnet create –name MySubnet –resource-group MyResourceGroup –vnet-name MyVNet –address-prefix 10.0.1.0/24

Network Security Groups (NSGs)

NSGs are used to filter network traffic to and from Azure resources in an Azure Virtual Network.

  • Rules: Each NSG contains a list of security rules that allow or deny network traffic based on source and destination IP address, port, and protocol.

Example:

Creating an NSG to allow HTTP and HTTPS traffic can be done through Azure PowerShell.

New-AzNetworkSecurityGroup -ResourceGroupName MyResourceGroup -Location “East US” -Name MyNSG
New-AzNetworkSecurityRuleConfig -Name AllowHTTP -NetworkSecurityGroup MyNSG -Access Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80 -Verbose
New-AzNetworkSecurityRuleConfig -Name AllowHTTPS -NetworkSecurityGroup MyNSG -Access Allow -Protocol Tcp -Direction Inbound -Priority 110 -SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 443 -Verbose

IP Addressing

Managing IP addresses is crucial for Azure network configurations.

  • Public IP addresses are used for communication with the Internet.
  • Private IP addresses are used for communication within an Azure VNet or on-premises network.
  • Static IP vs. Dynamic IP: Azure resources can be assigned either a static IP address that doesn’t change or a dynamic IP address that can change upon reboot or deallocation.

Example:

Assigning a static public IP address to a VM can be accomplished using the Azure CLI.

az vm create –resource-group MyResourceGroup –name MyVM –public-ip-address MyPublicIP –public-ip-address-allocation static

Azure Load Balancer

The Azure Load Balancer distributes traffic across multiple VMs or services, ensuring high availability and reliability.

  • Internal Load Balancer (ILB) balances traffic within a VNet or between VNets.
  • Public Load Balancer (PLB) balances inbound internet traffic to VMs or services.

Azure DNS

Azure DNS provides hosting of domain names and facilitates domain name resolution for VMs and applications in Azure.

  • It supports private and public DNS zones.
  • Allows you to manage DNS records like A, MX, PTR, and more.

Virtual Network Peering

Virtual Network Peering allows you to connect two VNets seamlessly.

  • Global VNet peering connects VNets across Azure regions.
  • Regional VNet peering connects VNets within the same Azure region.

VPN Gateway and ExpressRoute

For connecting an on-premises network to an Azure VNet, Azure offers two solutions:

  • VPN Gateway: A VPN gateway sends encrypted traffic across a public connection.
  • ExpressRoute: ExpressRoute provides a private connection to Azure services over a dedicated private connection facilitated by a connectivity provider.

Conclusion

Networking in Azure is a vast area with numerous components and configurations. Understanding these fundamental topics, along with practising the setup through different tools and interfaces provided by Azure, is essential for anyone preparing for the AZ-104 exam. By mastering these concepts, an Azure Administrator can ensure a robust and secure network to support various workloads in the cloud.

Practice Test with Explanation

True or False: In Azure, you can only create one virtual network in each subscription.

False

Azure allows the creation of multiple virtual networks within a subscription, each with its own address spaces and subnets.

True or False: Azure Virtual Network can be interconnected with other Azure Virtual Networks using Virtual Network Peering.

True

Virtual Network Peering is a mechanism in Azure that allows different virtual networks to be connected directly and enables resources in those networks to communicate with each other.

Which Azure service provides DNS domain hosting?

  • A) Azure Virtual Network
  • B) Azure Blob Storage
  • C) Azure DNS
  • D) Azure Traffic Manager

C) Azure DNS

Azure DNS provides a reliable and secure DNS domain hosting service that allows you to manage and resolve DNS domains in Azure.

What is the purpose of a Network Security Group (NSG) in Azure?

  • A) To define subnets within an Azure Virtual Network
  • B) To regulate the flow of network traffic in and out of Azure resources
  • C) To create a hybrid connection between Azure and on-premises datacenters
  • D) To provide DDoS protection to Azure services

B) To regulate the flow of network traffic in and out of Azure resources

NSGs are used to apply and control access by filtering network traffic to and from Azure resources based on rules defined in the group.

True or False: Azure Route Tables allow you to configure custom routes that override Azure’s default system routes.

True

Azure Route Tables let you create custom routes that dictate how packets should be routed within your virtual networks, allowing you to override Azure’s default system routes when necessary.

Which feature must be enabled to ensure low-latency network performance across global Azure regions?

  • A) Azure Load Balancer
  • B) Azure Application Gateway
  • C) Azure Traffic Manager
  • D) Azure ExpressRoute

C) Azure Traffic Manager

Azure Traffic Manager is a DNS-based traffic load balancer that allows you to distribute traffic optimally to services across global Azure regions, ensuring low-latency performance.

True or False: Azure ExpressRoute enables you to set up a private connection to Azure services from an on-premises network.

True

Azure ExpressRoute provides a private, dedicated network connection from on-premises infrastructure to Azure services, bypassing the public internet.

When configuring a public IP address in Azure, which of the following SKUs are available?

  • A) Basic only
  • B) Standard only
  • C) Basic and Standard
  • D) Premium only

C) Basic and Standard

Azure provides two SKUs for public IP addresses: Basic and Standard, each with different features and pricing models.

True or False: You can associate a Network Security Group (NSG) with both a virtual network subnet and individual network interfaces (NICs) within the same virtual network.

True

NSGs can be associated with both subnets and NICs, allowing you to apply both broad and granular access control rules in your virtual network environment.

What is the main feature of Azure Front Door Service?

  • A) Web Application Firewall
  • B) DDoS protection
  • C) Traffic load balancing and acceleration
  • D) Virtual network peering

C) Traffic load balancing and acceleration

Azure Front Door Service is primarily a scalable and secure entry point for delivering fast, global web applications with features like SSL offloading, path-based load balancing, and acceleration.

Which of the following options best describes Azure Load Balancer?

  • A) Regional load balancing service for on-premises servers
  • B) Global DNS load balancer
  • C) Regional load balancing service for incoming internet traffic
  • D) Global traffic routing service for optimized content delivery

C) Regional load balancing service for incoming internet traffic

Azure Load Balancer is a regional Layer 4 (TCP, UDP) load balancer that can distribute incoming internet traffic among healthy service instances in the same region.

True or False: When you deploy an Azure Application Gateway, it automatically provides SSL/TLS termination by default.

True

Azure Application Gateway provides application-level routing and load balancing services which by default include the SSL/TLS termination feature for secure web traffic.

Interview Questions

What is a virtual network (VNet), and why is it important for an App Service in Azure?

A VNet is a logically isolated network that enables you to securely connect your web application to other resources in your Azure environment. It is important for an App Service in Azure to ensure that the application is secure and can communicate with other resources.

How can you create a virtual network (VNet) in Azure?

You can create a VNet in Azure by using the Azure portal or Azure PowerShell.

What are the VNet integration settings for an App Service in Azure?

The VNet integration settings for an App Service in Azure include the VNet, subnet, and IP address settings.

How can you configure VNet integration settings for an App Service in Azure?

You can configure VNet integration settings for an App Service in Azure by using the Azure portal.

What are access restrictions for an App Service in Azure?

Access restrictions for an App Service in Azure enable you to control access to your web application and restrict access from unauthorized users.

How can you configure access restrictions for an App Service in Azure?

You can configure access restrictions for an App Service in Azure by using the Azure portal.

What is the purpose of subnet and IP address settings in VNet integration for an App Service in Azure?

The subnet and IP address settings in VNet integration for an App Service in Azure enable you to define the specific network configuration for your web application.

Can you configure VNet integration for an App Service in Azure to connect to an on-premises network?

Yes, you can configure VNet integration for an App Service in Azure to connect to an on-premises network.

How can you restrict access to your App Service in Azure based on IP addresses?

You can restrict access to your App Service in Azure based on IP addresses by configuring access restrictions in the Azure portal.

What are the benefits of using VNet integration for an App Service in Azure?

The benefits of using VNet integration for an App Service in Azure include enhanced security, the ability to connect to other resources in your Azure environment, and improved network performance.

Can you integrate an App Service in Azure with multiple VNets?

Yes, you can integrate an App Service in Azure with multiple VNets.

Can you configure VNet integration for an existing App Service in Azure?

Yes, you can configure VNet integration for an existing App Service in Azure.

Can you change the VNet integration settings for an App Service in Azure?

Yes, you can change the VNet integration settings for an App Service in Azure at any time.

How can you troubleshoot VNet integration issues for an App Service in Azure?

You can troubleshoot VNet integration issues for an App Service in Azure by reviewing the App Service logs and the VNet integration settings in the Azure portal.

What are some other ways to secure an App Service in Azure besides VNet integration?

Other ways to secure an App Service in Azure include configuring SSL/TLS, using Azure Active Directory, and setting up role-based access control.

0 0 votes
Article Rating
Subscribe
Notify of
guest
17 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Ray Porter
10 months ago

Great blog post! The steps you provided for configuring network settings in Azure were very clear.

Arthur Anderson
1 year ago

Thanks for the detailed guide. Could someone explain more about setting up private endpoints?

Julie Guillot
1 year ago

For those preparing for the AZ-104 exam, understanding VNet peering is crucial. Don’t overlook it!

Aleksej Malešević
1 year ago

Could anyone clarify the difference between Network Security Groups (NSGs) and Application Security Groups (ASGs)?

Cleci Rocha
1 year ago

What are some common pitfalls when configuring a VPN Gateway in Azure?

Leonardo Pedroza
1 year ago

I passed my AZ-104 exam recently. Understanding how to configure network security is key!

Ronnie Parker
1 year ago

Appreciate the blog post!

Tonia Beunen
1 year ago

I found this part confusing. Any tips on configuring routing tables effectively?

17
0
Would love your thoughts, please comment.x
()
x