Azure Fundamentals and Certification [AZ-900] Series-Part(4)
In previous article ,we have seen the basic infrastructure components in Azure. Now in this article we will see basics of Azure Compute and networking services. This series is based on Microsoft Learning path specifically designed for Azure fundamentals.
Part-1D : Azure Compute and networking services
Azure Virtual Machine (VM)
VMs provide infrastructure as a service (IaaS) in the form of a virtualized server and can be used just like a physical computer, you can customize all of the software running on your VM. VMs are an ideal choice when you need:
- Total control over the operating system (OS).
- The ability to run custom software.
- To use custom hosting configurations.
As an IaaS offering, you still need to configure, update, and maintain the software that runs on the VM.
You can create and provision a VM in minutes when you select a preconfigured VM image. An image is a template used to create a VM and may already include an OS and other software, like development tools or web hosting environments. you can also group VMs together to provide high availability, scalability, and redundancy.
VM Scale sets
VM Scale sets allow you to centrally manage, configure, and update a large number of VMs in minutes. The number of VM instances can automatically increase or decrease in response to demand, or you can set it to scale based on a defined schedule. Virtual machine scale sets also automatically deploy a load balancer to make sure that your resources are being used efficiently. With virtual machine scale sets, you can build large-scale services for areas such as compute, big data, and container workloads.
VM availability sets
An availability set is a logical grouping of VMs that allows Azure to understand how your application is built to provide for redundancy and availability. Microsoft recommend that two or more VMs are created within an availability set to provide for a highly available application and to meet the 99.95% Azure SLA.
To prevent from losing all your VMs with a single network or power failure, Availability sets group VM in two ways: update domain and fault domain.
- Update domain: The update domain groups VMs that can be rebooted at the same time. This allows you to apply updates while knowing that only one update domain grouping will be offline at a time.
- Fault domain: The fault domain groups your VMs by common power source and network switch. By default, an availability set will split your VMs across up to three fault domains. This helps protect against a physical power or networking failure by having VMs in different fault domains.
Note: There is no cost for the Availability Set itself, you only pay for each VM instance that you create.
When you provision a VM, you’ll also have the chance to pick the following resources-
- Size (purpose, number of processor cores, and RAM)
- Storage disks (hard disk drives, solid state drives, etc.)
- Networking (virtual network, public IP address, and port configuration).
Azure Virtual Desktop
Azure Virtual Desktop is a desktop and application virtualization service that runs on the cloud. It enables you to use a cloud-hosted version of Windows from any location.
Azure Virtual Desktop provides centralized security management for users’ desktops with Azure Active Directory (Azure AD). You can enable multifactor authentication or secure access to data by assigning granular role-based access controls (RBACs) to users.
In Azure Virtual Desktop, the data and apps are separated from the local hardware. The actual desktop and apps are running in the cloud so that the risk of confidential data being left on a personal device is reduced.
You can use Windows 10 or Windows 11 Enterprise multi-session in Azure Virtual Desktop.
VMs are restricted to single OS. What happens if you want to run multiple instances of an application on a single host machine, then containers are an excellent option. Azure Container Instances are a platform as a service (PaaS) offering.
Containers are lightweight and designed to be created, scaled out, and stopped dynamically. It’s possible to create and deploy virtual machines as application demand increases, but containers are a lighter weight, more agile method. Containers are designed to allow you to respond to changes on demand. With containers, you can quickly restart if there’s a crash or hardware interruption. One of the most popular container engines is Docker, which is supported by Azure. you can run multiple containers on a single physical or virtual host.
Containers are often used to create solutions by using a microservice architecture. This architecture is where you break solutions into smaller, independent pieces.
Azure Functions is a server less solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running. You focus on the code that matters most to you, in the most productive language for you, and Azure Functions handles the rest.
For overview see this video- Azure Functions Overview – YouTube
Benefits of Azure Functions
- you’re only concerned about the code running your service and not about the underlying platform or infrastructure.
- Functions scale automatically based on demand.
- Azure Functions runs your code when it’s triggered and automatically deallocates resources when the function is finished. So you’re only charged for the CPU time used while your function runs.
- Functions can be either stateless or stateful. When they’re stateless (the default), they behave as if they’re restarted every time they respond to an event. When they’re stateful (called Durable Functions), a context is passed through the function to track prior activity.
- Functions are a key component of serverless computing.
Application hosting options
You can host your application in azure via-
- Virtual Machines (Provide max control)
- Containers (Isolated & individually managed service)
- Azure App service (In any programming language)
Azure App Service
Azure App Service is a robust hosting option that you can use to host your apps in Azure. Azure App Service lets you focus on building and maintaining your app, and Azure focuses on keeping the environment up and running. Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. It supports multiple languages, including .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. It also supports both Windows and Linux environments.
With App Service, you can host most common app service like:
- Web apps
- API apps
- Mobile apps
App Service handles most of the infrastructure decisions like:
- Endpoints Security.
- Scalability(Sites can be scaled quickly to handle high traffic loads)
- Load balancing(The built-in load balancing and traffic manager provide high availability)
Azure Virtual Networking
Azure resources, such as VMs, web apps, and databases, communicate with each other, with users on the internet, and with your on-premises client computers through Azure virtual networks and virtual subnets.
Azure virtual networking supports both public (Public IP) and private endpoints (Private IP) to enable communication between external or internal resources with other internal resources.
Azure virtual networks provide the following key networking capabilities:
- Isolation and segmentation: you can create multiple isolated virtual networks.
- Internet communications: You can enable incoming connections from the internet by assigning a public IP address to an Azure resource, or putting the resource behind a public load balancer.
- Communicate between Azure resources: Using Service endpoints, you can connect to other Azure resource types
- Communicate with on-premises resources: Using point-to-site, site-to-site and Azure ExpressRoute you can communicate with on-premises resources.
- Route network traffic: By default, Azure routes traffic between subnets on any connected virtual networks, on-premises networks, and the internet.
- Filter network traffic: you can filter traffic between subnets using network security groups & network virtual appliances (A network virtual appliance carries out a particular network function, such as running a firewall or performing wide area network (WAN) optimization.)
- Connect virtual networks: Peering allows two virtual networks to connect directly to each other. Network traffic between peered networks is private, and travels on the Microsoft backbone network, never entering the public internet. Peering enables resources in each virtual network to communicate with each other. These virtual networks can be in separate regions, which allows you to create a global interconnected network through Azure.
Note: User-defined routes (UDR) allow you to control the routing tables between subnets within a virtual network or between virtual networks. This allows for greater control over network traffic flow.
A VPN gateway is a type of virtual network gateway. Azure VPN Gateway instances are deployed in a dedicated subnet of the virtual network and enable the following connectivity:
- Connect on-premises datacenters to virtual networks through a site-to-site connection.
- Connect individual devices to virtual networks through a point-to-site connection.
- Connect virtual networks to other virtual networks through a network-to-network connection.
When you deploy a VPN gateway, you specify the VPN type: either policy-based or route-based. The main difference between these two types of VPNs is how traffic to be encrypted is specified. In Azure, both types of VPN gateways use a pre-shared key as the only method of authentication.
Use a route-based VPN gateway if you need any of the following types of connectivity:
- Connections between virtual networks
- Point-to-site connections
- Multisite connections
- Coexistence with an Azure ExpressRoute gateway
High-availability scenarios for VPN
- Active/standby: By default, VPN gateways are deployed as two instances in an active/standby configuration, even if you only see one VPN gateway resource in Azure. When planned maintenance or unplanned disruption affects the active instance, the standby instance automatically assumes responsibility for connections without any user intervention. Connections are interrupted during this failover, but they’re typically restored within a few seconds for planned maintenance and within 90 seconds for unplanned disruptions.
Active/active: Using BGP routing protocol, you can also deploy VPN gateways in an active/active configuration. In this configuration, you assign a unique public IP address to each instance. You then create separate tunnels from the on-premises device to each IP address.
- ExpressRoute failover: ExpressRoute circuits have resiliency built in. However, they aren’t immune to physical problems that affect the cables delivering connectivity or outages that affect the complete ExpressRoute location. In high-availability scenarios, where there’s risk associated with an outage of an ExpressRoute circuit, you can also provision a VPN gateway that uses the internet as an alternative method of connectivity.
- Zone-redundant gateways: This configuration brings resiliency, scalability, and higher availability to virtual network gateways. Deploying gateways in Azure availability zones physically and logically separates gateways within a region while protecting your on-premises network connectivity to Azure from zone-level failures. These gateways require different gateway stock keeping units (SKUs) and use Standard public IP addresses instead of Basic public IP addresses.
Through ExpressRoute Circuit you can extend on-premises networks into the Microsoft cloud over a private connection. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure and Microsoft 365.
ExpressRoute connections don’t go over the public Internet. This allows ExpressRoute connections to offer more reliability, faster speeds, consistent latencies, and higher security than typical connections over the Internet.
ExpressRoute uses the BGP. BGP is used to exchange routes between on-premises networks and resources running in Azure. This protocol enables dynamic routing between your on-premises network and services running in the Microsoft cloud.
ExpressRoute supports four models that you can use to connect your on-premises network to the Microsoft cloud:
- Co-location at a cloud exchange
- Point-to-point Ethernet connection
- Any-to-any connection
- Directly from ExpressRoute sites
By hosting your domains in Azure, you can manage your DNS records using the same credentials, APIs, tools, and billing as your other Azure services.
Azure DNS leverages the scope and scale of Microsoft Azure to provide numerous benefits, including:
- Reliability and performance
- Ease of Use
- Customizable virtual networks
- Alias records
Question for AZ-900:
Q-1: A DNS server that runs on an Azure VM is an example of Infrastructure as a Service(IaaS).
- True (Ans)
Q-2:Your Azure environment contains multiple Azure virtual machines.
You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.
Solution: You modify an Azure Traffic Manager profile.
Does this meet the goal?
- No (Ans)
Q-3: For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Q-4: What is the function of a Site-to-Site VPN?
A. provides a secure connection between a computer on a public network and the corporate network
B. provides a dedicated private connection to Azure that does NOT travel over the internet
C. provides a connection from an on-premises VPN device to an Azure VPN gateway (Ans)
Q-5: You plan to extend your company’s network to Azure.
The network contains a VPN appliance that uses an IP address of 220.127.116.11.
You need to create an Azure resource that defines the VPN appliance in Azure.
Which Azure resource should you create? To answer, select the appropriate resource in the answer area.
- NAT gateways
- Application gateways
- Local network gateways (Ans)
- Virtual network gateways
- On-premises data gateways
- Azure data box gateway
- Azure Stack edge
- Web Application firewall policies
Q-6:You have an Azure environment that contains multiple Azure virtual machines.
You plan to implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines.
You need to recommend which Azure resources must be created for the planned solution.
Which two Azure resources should you include in the recommendation? Each correct answer presents part of the solution.
A. a virtual network gateway (Ans)
B. a load balancer
C. an application gateway
D. a virtual network
E. a gateway subnet (Ans)
In the next part, We will cover Azure storage services related concept.