Table of Contents
Virtual Networks (VNet) are the cornerstone of Azure networking. They allow Azure resources to communicate securely with each other, the internet, and on-premises networks.
Example:
To create a VNet with two subnets, you can use the Azure portal, Azure PowerShell, or Azure CLI.
az network vnet create –name MyVNet –resource-group MyResourceGroup –address-prefix 10.0.0.0/16
az network vnet subnet create –name MySubnet –resource-group MyResourceGroup –vnet-name MyVNet –address-prefix 10.0.1.0/24
NSGs are used to filter network traffic to and from Azure resources in an Azure Virtual Network.
Example:
Creating an NSG to allow HTTP and HTTPS traffic can be done through Azure PowerShell.
New-AzNetworkSecurityGroup -ResourceGroupName MyResourceGroup -Location “East US” -Name MyNSG
New-AzNetworkSecurityRuleConfig -Name AllowHTTP -NetworkSecurityGroup MyNSG -Access Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80 -Verbose
New-AzNetworkSecurityRuleConfig -Name AllowHTTPS -NetworkSecurityGroup MyNSG -Access Allow -Protocol Tcp -Direction Inbound -Priority 110 -SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 443 -Verbose
Managing IP addresses is crucial for Azure network configurations.
Example:
Assigning a static public IP address to a VM can be accomplished using the Azure CLI.
az vm create –resource-group MyResourceGroup –name MyVM –public-ip-address MyPublicIP –public-ip-address-allocation static
The Azure Load Balancer distributes traffic across multiple VMs or services, ensuring high availability and reliability.
Azure DNS provides hosting of domain names and facilitates domain name resolution for VMs and applications in Azure.
Virtual Network Peering allows you to connect two VNets seamlessly.
For connecting an on-premises network to an Azure VNet, Azure offers two solutions:
Networking in Azure is a vast area with numerous components and configurations. Understanding these fundamental topics, along with practising the setup through different tools and interfaces provided by Azure, is essential for anyone preparing for the AZ-104 exam. By mastering these concepts, an Azure Administrator can ensure a robust and secure network to support various workloads in the cloud.
False
Azure allows the creation of multiple virtual networks within a subscription, each with its own address spaces and subnets.
True
Virtual Network Peering is a mechanism in Azure that allows different virtual networks to be connected directly and enables resources in those networks to communicate with each other.
C) Azure DNS
Azure DNS provides a reliable and secure DNS domain hosting service that allows you to manage and resolve DNS domains in Azure.
B) To regulate the flow of network traffic in and out of Azure resources
NSGs are used to apply and control access by filtering network traffic to and from Azure resources based on rules defined in the group.
True
Azure Route Tables let you create custom routes that dictate how packets should be routed within your virtual networks, allowing you to override Azure’s default system routes when necessary.
C) Azure Traffic Manager
Azure Traffic Manager is a DNS-based traffic load balancer that allows you to distribute traffic optimally to services across global Azure regions, ensuring low-latency performance.
True
Azure ExpressRoute provides a private, dedicated network connection from on-premises infrastructure to Azure services, bypassing the public internet.
C) Basic and Standard
Azure provides two SKUs for public IP addresses: Basic and Standard, each with different features and pricing models.
True
NSGs can be associated with both subnets and NICs, allowing you to apply both broad and granular access control rules in your virtual network environment.
C) Traffic load balancing and acceleration
Azure Front Door Service is primarily a scalable and secure entry point for delivering fast, global web applications with features like SSL offloading, path-based load balancing, and acceleration.
C) Regional load balancing service for incoming internet traffic
Azure Load Balancer is a regional Layer 4 (TCP, UDP) load balancer that can distribute incoming internet traffic among healthy service instances in the same region.
True
Azure Application Gateway provides application-level routing and load balancing services which by default include the SSL/TLS termination feature for secure web traffic.
A VNet is a logically isolated network that enables you to securely connect your web application to other resources in your Azure environment. It is important for an App Service in Azure to ensure that the application is secure and can communicate with other resources.
You can create a VNet in Azure by using the Azure portal or Azure PowerShell.
The VNet integration settings for an App Service in Azure include the VNet, subnet, and IP address settings.
You can configure VNet integration settings for an App Service in Azure by using the Azure portal.
Access restrictions for an App Service in Azure enable you to control access to your web application and restrict access from unauthorized users.
You can configure access restrictions for an App Service in Azure by using the Azure portal.
The subnet and IP address settings in VNet integration for an App Service in Azure enable you to define the specific network configuration for your web application.
Yes, you can configure VNet integration for an App Service in Azure to connect to an on-premises network.
You can restrict access to your App Service in Azure based on IP addresses by configuring access restrictions in the Azure portal.
The benefits of using VNet integration for an App Service in Azure include enhanced security, the ability to connect to other resources in your Azure environment, and improved network performance.
Yes, you can integrate an App Service in Azure with multiple VNets.
Yes, you can configure VNet integration for an existing App Service in Azure.
Yes, you can change the VNet integration settings for an App Service in Azure at any time.
You can troubleshoot VNet integration issues for an App Service in Azure by reviewing the App Service logs and the VNet integration settings in the Azure portal.
Other ways to secure an App Service in Azure include configuring SSL/TLS, using Azure Active Directory, and setting up role-based access control.
If this material is helpful, please leave a comment and support us to continue.