Fundamentals of Azure

  1. Azure Network Connection Models
  2. Point-to-Site VPN
  • It allows connections from individual computers to VMs on Azure network over Internet.
  • It uses certificate authentication
  1. Upload root certificate to Azure
  2. Install client certificates on computers that will use Point-to-Site VPN client.
  3. Site-to-Site VPN
  • It allows connecting on-premises network to Azure network.
  • It requires configuration of on-premises routing device.
  • The on-premises address space should not overlap Azure address space.
  1. ExpressRoute
  • It enables dedicated, private, high-throughput network connectivity between on-premises network and Azure datacenter.
  • The traffic does not travel over public Internet.
  1. Azure Traffic Manager
    • Azure Traffic Manager controls the way traffic is distributed to different endpoints such as Azure Web Apps, Cloud Services, etc
    • Azure traffic can be managed by below four routing methods using the Traffic Manager
      1. Geographic
      2. Weighted
      3. Priority
      4. Performance
    • Traffic Manager gives below facilities
      1. It can be used to improvise the availability of important applications
      2. High performance applications can be made more responsive
      3. Without affecting the uptime you can do service maintenance
      4. Distribute traffic for large, complex deployments
  1. NetworkSecurity Group (NSG)
  • NSG are used to control inbound and outbound traffic in Azure. It has rules which allow or block the traffic.
  • NSGcan be linked to a subnet or individual network interfaces (NIC) attached to a VM.
  • NSG evaluates lower priority rule first and the first rule that matches is the one that applies.
  1. Availability Set

It distributes VMs across Fault Domains (physical) and Update Domains (logical) so that a fault or an update does not bring the VM down.

  1. Fault Domain (FD)
  • It is a rack of servers.
  • It has a single point of failureso if a rack fails (e.g. power supply issue) then all servers in that rack are affected.
  • Resources should be spread across multiple fault domains.
  1. Update Domain (UD)
  • Logical collection of servers that can be updated as a set at same time
  • By placing resources in separate Update Domains, they remain available during regular update processes.