What does an Azure virtual network do?
An Azure virtual network enables Azure resources, such as VMs, web apps, and databases, to communicate with each other, with users on the internet, and with on-premises client computers. It can be thought of as an extension of an on-premises network with resources that link other Azure resources.
What is the purpose of subnets in an Azure virtual network?
Subnets enable you to segment the virtual network into one or more sub-networks and allocate a portion of the virtual network's address space to each subnet. Just like in a traditional network, subnets allow you to segment your VNet address space into segments that are appropriate for the organization's internal network.
How does Azure virtual network enable internet communications?
A VM in Azure can connect to the internet by default. You can enable incoming connections from the internet by assigning a public IP address to the VM or by putting the VM behind a public load balancer.
How does Azure virtual network enable communication with on-premises resources?
Azure virtual networks enable you to link resources together in your on-premises environment and within your Azure subscription. There are three mechanisms for you to achieve this connectivity: point-to-site VPNs, site-to-site VPNs, and Azure ExpressRoute.
How does Azure virtual network filter network traffic?
Azure virtual networks enable you to filter traffic between subnets by using network security groups and network virtual appliances. Network security groups allow you to create and manage rules that define inbound and outbound traffic for Azure resources, and network virtual appliances enable you to filter traffic between subnets by using Azure Firewall or a third-party firewall.
What is does virtual network peering do in Azure?
Virtual network peering enables you to seamlessly connect two or more Virtual Networks in Azure, making them appear as one for connectivity purposes.
What are the two types of peering supported by Azure?
The two types of peering supported by Azure are Virtual network peering and Global virtual network peering.
How does the traffic flow between peered virtual networks?
The traffic between virtual machines in peered virtual networks uses the Microsoft backbone infrastructure and it is private. It is kept on the Microsoft backbone network and no public Internet, gateways, or encryption is required in the communication between the virtual networks.
What is the difference between Virtual network peering and Global virtual network peering?
Virtual network peering connects virtual networks within the same Azure region, while Global virtual network peering connects virtual networks across Azure regions.
Can resources in one virtual network directly connect with resources in the peered virtual network?
Yes, for peered virtual networks, resources in either virtual network can directly connect with resources in the peered virtual network.
What is Azure DNS?
Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure.
Does Azure DNS support DNSSEC?
No, Azure DNS does not currently support DNSSEC. However, you can reduce the need for DNSSEC by consistently using HTTPS/TLS in your applications and use third-party DNS hosting providers if DNSSEC is a critical requirement for your DNS zones.
How is billing for Azure DNS determined?
Billing for Azure DNS is based on the number of DNS zones hosted in Azure and on the number of DNS queries received.
What methods can you use to manage your DNS records in Azure DNS?
You can manage your DNS records in Azure DNS using the Azure portal, Azure PowerShell cmdlets, and the cross-platform Azure CLI. You can also integrate with the service by using the REST API and SDKs.
What are private DNS domains?
Private DNS domains are custom domain names that can be used in private virtual networks rather than the Azure-provided names available today.
What are alias records and how are they used in Azure DNS?
Alias records are used to refer to an Azure resource, such as an Azure public IP address, an Azure Traffic Manager profile, or an Azure Content Delivery Network (CDN) endpoint. If the IP address of the underlying resource changes, the alias record set seamlessly updates itself during DNS resolution.
Can you point your apex or naked domain to a Traffic Manager profile or CDN endpoint using an alias record?
Yes, you can point your apex or naked domain to a Traffic Manager profile or CDN endpoint using an alias record, for example contoso.com.
What is Azure DNS Private Resolver?
Azure DNS Private Resolver is a new service that enables you to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM based DNS servers.
Does Azure DNS Private Resolver provide high availability and zone redundancy?
Yes, Azure DNS Private Resolver is fully managed service, it provides built-in high availability and zone redundancy.
What is a VPN and what is its purpose?
A VPN (Virtual Private Network) uses an encrypted tunnel within another network to connect two or more trusted private networks to one another over an untrusted network, typically the public internet. The purpose of a VPN is to prevent eavesdropping or other attacks by encrypting traffic while traveling over the untrusted network.
How can VPNs enable branch offices to share sensitive information?
VPNs can enable branch offices to share sensitive information by connecting the private networks of different locations. For example, a VPN can connect an office on the East coast of North America to a company's private data stored on servers in Azure, allowing the company to securely access that data.
What is a VPN gateway?
A VPN gateway is a type of virtual network gateway that is deployed in a dedicated subnet of a virtual network. It enables connectivity by connecting on-premises datacenters to virtual networks through site-to-site connections, individual devices to virtual networks through point-to-site connections, and virtual networks to other virtual networks through network-to-network connections.
What are the different types of VPN gateways in Azure?
The different types of VPN gateways in Azure include policy-based and route-based.
What does the VPN gateway SKU determine?
The capabilities of a VPN gateway, such as its performance and capacity, are determined by the SKU or size that you deploy. The larger the SKU, the more capabilities the VPN gateway will have.
What is ExpressRoute?
ExpressRoute is a service that allows you to extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider.
What are examples of services can you access through ExpressRoute?
Microsoft Office 365, Microsoft Dynamics 365, Azure compute services (such as Azure Virtual Machines), and Azure cloud services (such as Azure Cosmos DB and Azure Storage)
Why is ExpressRoute recommended for Microsoft 365?
Because Microsoft 365 is designed to be accessed securely and reliably via the internet, and ExpressRoute provides more reliability, faster speeds, consistent latencies, and higher security than typical connections over the internet.
What are the different connectivity models supported by ExpressRoute?
CloudExchange colocation, point-to-point Ethernet connection, any-to-any connection, and directly from ExpressRoute sites.
How does ExpressRoute improve security?
ExpressRoute is a private connection from your on-premises infrastructure to your Azure infrastructure and data doesn't travel over the public internet, so it's not exposed to the potential risks associated with internet communications.
What is Azure Private Link used for?
Azure Private Link enables you to access Azure PaaS Services (such as Azure Storage and SQL Database) and Azure hosted customer-owned/partner services over a private endpoint in your virtual network.
What is a private endpoint?
A private endpoint is a network interface that uses a private IP address from your virtual network. This network interface connects you privately and securely to a service that's powered by Azure Private Link.
What types of services can you connect to via a private endpoint?
The service you connect to via a private endpoint could be an Azure service such as Azure Storage, Azure Cosmos DB, Azure SQL Database, or it can be your own service, using the Private Link service.
How does traffic travel between your virtual network and the Azure service you are connecting to?
Traffic between your virtual network and the Azure service you are connecting to travels the Microsoft backbone network.
Is exposing your service to the public internet necessary when using Azure Private Link?
No, exposing your service to the public internet is no longer necessary when using Azure Private Link.
Can you create your own private link service in your virtual network and deliver it to your customers using Azure Private Link?
Yes, you can create your own private link service in your virtual network and deliver it to your customers using Azure Private Link.