Table of Contents
This is particularly relevant when preparing for the AZ-104 Microsoft Azure Administrator exam, which assesses the ability to manage and monitor Azure environments, including hybrid connections. Monitoring on-premises connectivity involves ensuring that your VPN (Virtual Private Network) Gateways, ExpressRoute, and other networking resources are functioning correctly and efficiently.
When it comes to monitoring VPN Gateways, Azure provides various metrics and logs:
With ExpressRoute, the following monitoring strategies are recommended:
In monitoring on-premises connectivity, it’s important to follow best practices:
Imagine you have an Azure environment that is connected to an on-premises datacenter via an S2S VPN connection. You need to constantly monitor this connection to avoid downtime. You configure Azure Monitor with custom alerts that notify you when VPN tunnel status changes or if there’s a significant fluctuation in ingress/egress traffic which could indicate a possible issue with the network. Additionally, by using Network Watcher’s Connection Monitor, you can simulate traffic and test the connection to proactively spot problems.
By employing these monitoring strategies, as part of the skills tested in the AZ-104 exam, Azure administrators can ensure that their on-premises connectivity with Azure remains reliable, secure, and high-performing, thus enabling efficient administration and management of Azure resources.
Answer: True
Explanation: Azure Network Performance Monitor is a cloud-based hybrid network monitoring solution that helps you monitor network performance between various points in your network infrastructure, including on-premises connectivity.
Answer: False
Explanation: Azure ExpressRoute is not required for on-premises connectivity; it is an option for creating a private connection to Azure. VPNs can also be used for on-premises connectivity.
Answer: Azure VPN Gateway, Azure Network Watcher
Explanation: Azure VPN Gateway allows you to monitor the status and health of the VPN tunnel, and Azure Network Watcher provides troubleshooting tools like VPN diagnostics and packet capture.
Answer: True
Explanation: Site-to-Site VPN connections can be used for multi-site connectivity, allowing different on-premises sites to connect to an Azure virtual network.
Answer: False
Explanation: Azure VNet peering only connects Azure virtual networks with each other across the same or different regions. It cannot directly connect to on-premises environments.
Answer: Azure Security Center
Explanation: Azure Security Center provides advanced threat protection and helps check for potential security vulnerabilities across Azure services, including network components.
Answer: True
Explanation: Azure Network Performance Monitor allows you to set up alerts based on various network performance metrics, such as loss and latency, to proactively monitor and resolve connectivity issues.
Answer: Azure Service Map
Explanation: Azure Service Map automatically discovers application components on Windows and Linux systems and maps the communication between services, providing insights into the networking topology of your on-premises environments.
Answer: False
Explanation: IPsec/IKE policy in Azure VPN Gateway allows you to specify the suite of algorithms and other settings to use within an IPsec/IKE connection, which includes predefined as well as custom options, thus providing flexibility to match on-premises policy settings.
Answer: Packet capture, User-defined routes audit
Explanation: Azure Network Watcher provides tools to monitor, diagnose, and gain insights into network performance and health, including packet capture capabilities and auditing of user-defined routes (UDRs). It does not manage application firewalls or configure virtual machine scale sets directly.
Answer: True
Explanation: The Route-Based VPN type in Azure supports the configuration of Multi-Site VPNs and VNet-to-VNet connections, which is more flexible and compatible with most configurations compared to the Policy-Based VPN type.
Answer: False
Explanation: Azure Application Gateway is a web traffic load balancer enabling you to manage traffic to web applications. It is not a firewall, although it offers some security features such as Web Application Firewall (WAF). Azure Firewall or Network Security Groups are better suited for firewall capabilities.
On-premises connectivity refers to the network connection between your organization’s physical or virtual infrastructure and Azure.
Azure Network Watcher is a network monitoring and diagnostic service that provides tools to monitor, diagnose, and gain insights into the network connectivity of Azure resources.
Network Watcher provides several tools, including Connection Monitor, IP Flow Verify, Next Hop, and Packet Capture.
Connection Monitor is a tool in Network Watcher that continuously tests a connection to a target IP address and port from a specified source location to detect any connection failures or performance issues.
IP Flow Verify is a tool in Network Watcher that verifies that network traffic is being correctly routed to and from a VM by checking the state of the security group rules and network interface configurations.
Next Hop is a tool in Network Watcher that helps diagnose connectivity issues by identifying the next hop IP address, MAC address, and network interface that a packet will take along its path to a target VM.
Packet Capture is a tool in Network Watcher that captures network traffic to and from a VM, allowing you to troubleshoot connectivity issues.
A Network Security Group is a security feature in Azure that allows you to filter network traffic to and from Azure resources based on source and destination IP addresses, ports, and protocols.
NSGs can be used to filter traffic to and from a VM to help diagnose connectivity issues by allowing you to see which traffic is being blocked or allowed.
Azure Monitor can be used to monitor network traffic, detect connectivity issues, and provide alerts and insights into the performance of your network. It can also be used to monitor the health of your on-premises resources that are connected to Azure.
If this material is helpful, please leave a comment and support us to continue.