Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
9 Cards in this Set
- Front
- Back
|
Affinity Group : Resources placed in these are in close proximity with each other in and Azure data center. This minimizes latency between those resources. Affinity groups improve performance of multi-tiered applications. |
Availability : Availability sets keep VMs available during downtime. Customers need to design for high availability. Having VMs in availability sets meets the 99.99% SLA. An availability set should be configured for each tier of an application. |
|
|
AD DS on IaaS : - Good for replicating on-premise workloads in Azure. - The cloud is just another AD site. Need a VM deployed as a domain controller. |
Azure AD : is a directory server for Azure services and applications. Is runs as a service rather than a VM. It is a SaaS. Free Edition : user account management/sync with on-premises AD/SSO. Basic Edition : group based access management/self-service password reset/AAD application proxy. Premium Edition : self-service group management/advanced security reports and alerts/multi-factor authentication/password reset with write-back\AAD connect health. |
|
|
Azure AD Synchronization : Synchronize users and groups from on-premises AD to AAD. AAD Connect. Azure AD Connect : Synchronize multiple AD forests to a single AAD instance. |
Azure AD Domain Services : Azure hosted AD for use with applications and VMs. Is a replacement for Azure IaaS DC VM. Can funtion as DNS servers for Azure VNet. Works with Azure AD Connect. Azure AD B2C : Allows users to use 3rd party identities to sign into applications hosted in Azure rather than having to create separate accounts for the application. No need to create and manage an application specific user account databases. Benefits : Microsoft handle the security with automatic systems to detect account compromise, anomalous activity and fraud. |
|
|
Network ACLs : Endpoints allow you to configure port mappings. Up to 50 port rules per VM endpoint. No ACLs are applied by default. You manage Access Control rules via PowerShell. Rule Order : Used when applying multiple rules to an endpoint. Rules with lower numbers have precedence over rules with higher numbers. |
NSGs : Contains both inbound and outbound rules. Traffic must match an allow rule for it to be permitted. Each NSG has a name. NSG rules can be altered whilst the NSG is applied. When altered, changes apply to all instances where NSG applies. NSGs can only be used in regional VNets. NOT supported on the same VM instance with Azure ACLs. NSGs contain default rules which can't be deleted. These default rules are applied to lowest possible priority so can be easily overridden. Default Tags : VIRTUAL_NETWORK AZURE_LOADBALANCER INTERNET 100 NSGs per region per subscription. 200 rules per NSG. |
|
|
NSGs vs ACLs Controls all inbound/outbound traffic to the VM vs Only works for inbound traffic on the port exposed through endpoint. Works on one or more VM instances vs Works on an endpoint applied to a VM. Can specify source IP, source port, protocol, destination IP, destination port, protocol rule vs Port and protocol specified by endpoint. NSGs are a lot more detailed than ACLs. |
IMPORTANT! Communication must be possible to the following: 168.63.129.16 Outbound TCP/UDP port 1688 |
|
|
VM Tiers : Basic A0-A4 Standard A0-A11 (specialized high performance hardware) Standard D0-D14 (faster processors, high memory-to-core ratio, SSD temp disk) Standard D1_v2 - D14_v2 (35% faster processor than D series) Standard DS1 - DS14 (premium storage, high performance/low latency, SSDs for VM disk) Standard G1-G5 (biggest VM size) Standard GS1-GS5 (premium storage, high performance/low latency, SSDs for VM disk) |
Fault Domains : Represents a single point of failure. A collection of resources that may fail at the same time due to the same root cause. Update Domains : All resources that may require rebooting and software updates. Logical collection of resources that can be updates at the same time. Availability Sets : Method of deploying workloads so that a fault or an update doesn't bring the workload down. Workloads are distributed across update and fault domains when added to an availability set. Do not mix workloads in an availability set. VMs in an availability set should be of identical type. |
|
|
Point-to-Site VPN : Allows connections from individual computers to VMs (or services) on Azure. Computers can be on any network that connects to the internet. Site-to-Site VPN : Used for connecting on-premises network to Azure networks. Can't connect one Azure subscription to another. Allows extension of on-premises network into Azure without making resources accessible to hosts on the internet. Express Route : Enables dedicated, private and high-throughput network connectivity between on-premises environments and Azure data centers. Traffic doesn't flow through public internet. Requires that Express Route be available locally (Exchange provider facility/Direct connection using Network Service Provider). PREMIUM. |
Loadbalancers : Distributes traffic in an equable way. Traffic coming in from the internet is distributed equally across each server. Good loadbalancers are failure aware. There are two types: Internet Facing and Internal. Internal : Use traffic from Azure VNets rather than traffic from the internet. Load balanced VMs must reside in a cloud service or VNet with a regional scope. |
|
|
Azure Traffic Manager : Control distribution of user traffic to endpoints. Uses an intelligent policy applied to DNS queries. Traffic Manager uses three load balancing methods for traffic distribution: Failover : allows failover to a secondary point if primary becomes non-responsive. Performance : use when you want traffic routed to the closest geographical endpoint. Round Robin : distributes load across cloud services. |
Azure Media Services : enables developers to build scalable media management and delivery application. Based on REST APIs and allow secure upload, storage, encoding and audio/video content for live streaming/on demand. BLOB Containers : Boundary point for access control. Azure storage account can host an unlimited number of BLOB containers under 500TB. |
|
|
Azure Content Delivery Network : Caches content in Azure blobs at physical locations across the world. Provides better performance for end users who might be far from content source. Distributed scale helps deal with high load. Once CDN is enabled on an Azure storage account, blobs in public containers configured to be available for anonymous access will be cached via CDN. |
Azure Multi-Factor Authentication : supports several different forms of authentication. |
