AZ-104 termen

Spot deployment

Spot container deployment

~ Vulture

Up to 70% discount on compute

Azure App Service

Full managed hosting for websites and web API

Optimized for web apps

One of the container options

Container Instances

Individual clusters of containers, to be manually started

No possibility for scaling, large scale service discovery, etc

Building block for more complex architectures

Azure Kubernetes Serves

Reduces complexity of managing Kubernetes cluster

Provides easy control pane for management

Reduces operational overhead

Three AZ container options

• App Service

• Container Instances

• Kubernetes Service

What kind of container job types exist?

• Event

• Schedule

• Manual

Cmdlet to create a container job

az containerapp job create

What is Availability Set

Azure assigns each VM to an update domain and a fault domain

Each set has up to 3 fault domain and 20 update domains.

VMs are sequentially assigned to update domains. When no more free update domains, they are assigned sequentially again to update domains

Cannot be changed once created

Fault domains share a power source, network switch

Disk fault domains

Disk fault domains are aligned with VMs, so that all managed disks attached to a VM are in the same fault domain

How can two VMs in avail. set be on the same fault domain?

1. Deploy first VM

2. Stop / deallocate first VM

3. Deploy second VM

The OS disk of the second VM may be created on same fault domain

To avoid: don’t stop/deallocate between deployments

What does Resiliency mean?

The ability of a system to recover from failure.

How to change the availability set of a VM?

Availability set can only be set on creation.

To change, delete and recreate the VM

Cmdlets for retrieving, and creating an availability set?

Check if exists:

Get-AzAvailabilitySet -ResourceGroupName $rg -Name $name

Create:

NewAzAvailabilitySet -Location $loc -Name $name -ResourceGroupName $rg -PlatformFaultDomainCount 2 -PlatformUpdateDomainCount 2 -Sku Aligned

Cmdlet for getting details of a VM

$vm = Get-AzVM -ResourceGroupName $rg -Name $name

Cmdlet for removing a VM

Remove-AzVM -ResourceGroupName $rg -Name $name

What are delete behaviour options on disks attached to a VM?

delete with VM deletes the disk as the VM is deleted

detach allows the disk to be used after VM is deleted

Shared disks cannot be set to “delete”

Default for disks, NICs, and Public IP’s: detach/persist

What is a managed disk?

Disks managed by azure, and do not require a storage account, since it is managed by azure. Less control over the disks.

Un-managed disks, requires storage account, but own responsibility for encryption, data recovery, etc.

What is locally redundant storage?

Replicates your data three times within a single data center in a single region

Protects against server rack and drive failures

Managed disks

What is zone redundant storage (ZRS)?

Replicates your data in three different availability zones within a given region. Each zone is a different physical location

Protects against e.g. natural disasters

ZRS is not supported with Premium SSD v2 disks

What are the available managed disk types?

• Ultra disk

  • Highest tier

  • 10000 MB/s

  • IO intensive workloads

  • Not usable as OS disk

• Premium V2

  • Second tier

  • 1200 MB/s

  • Low latency

  • Not usable as OS disk

• Premium SSD

  • 900 MB/s

  • Usable as OS disk

• Standard SSD

  • 750 MB/s

  • Usable as OS disk

• Standard HDD

  • 500 MB/s

  • Usable as OS disk

Which disk types are usable as OS disk?

Premium SSD

Standard SSD

Standard HDD

Which disk types support >1000 MB/s throughput?

Premium v2 SSD (1200 MB/s

Ultra disk (10000 MB/s)

Limitations of ultra disks?

No Azure Site Recovery

No Azure Disk Encryption

No Availability Sets

Not usable as OS disk

What types of storage accounts exist?

• Standard General Purpose v2

• Premium Block blobs

• Premium file shares

• Premium page blobs

What are the redundancy options for standard general-purpose v2 storage accounts?

• Locally redundant Storage (LRS)

• Geo-redundant Storage (GRS)

• Geo-zone-redundant Storage (GZRS)

• read acces geo zone redundant storage (RA-GZRS)

Which redundancy options are only available for general purpose v2 storage accounts?

• geo-zone-redundant storage (GZRS)

• read-access geo-zone-redundant storage (RA-GZRS)

Which redundancy options are available for premium storage accounts?

• Locally redundant storage (LRS)

• Geo redundant storage (GRS)

You want NFS support in Azure files, what storage account type do you need?

Premium File Shares

What is ingress and egress?

Ingress: data sent to the storage account

Egress: data received from a storage account

what are the layers of the OSI (open systems interconnection) model?

All Presidents say they never did pot

• Application

• Presentation

• Session

• Transport

• Network

• Data link

• Physical

Example of protocol on layer 4 of the OSI?

Layer 4 - Transport layer

TCP / UDP

What does Azure Load Balancer do?

Distribute incoming network across a back-end pool of VMs

Can be

• IaaS VM’s

• VM Scale Set

What is the difference between public and private/internal load balancers?

Public load balancers deal with external / internet traffic

• Maps public IP to private IP of VM in back-end pool

Private/internal load balancers direct internal traffic (inside virtual network or through VPN).

• Never directly exposed to internet endpoint

• Can be used to balance load from on-prem computers to VMs within same virtual network

What are the components of an Azure Load Balancer?

• Front-end IP

• Back-end IP

• Load Balancer Rules

• Health Probes

• Inbound NAT rules

• High availability ports

• Outbound rules

Why can’t Azure Load Balancer implement rules based on internal traffic content? Is there an alternative?

Load balancer is a Layer 4 operation, and can’t access application level (layer 7) contents of data

A solution is to use Azure Application Gateway, which is a layer 7 load balancer.

What is the point of health probes in azure load balancer?

Health probes check the health of VMs in the backend pool.

If probes fail, the balancer will stop sending connections to the instance.

How can Load balancer be configured to send connections of one user to the same VM?

By configuring the Session Persistence option in the load balancer.

• None (default)

• Client IP

• Client IP + protocol

What is a high availability port?

A load balancer that accepts all incoming TCP and UDP flows. Helpful when a lot of different ports must be load balanced.

protocol - all and port - 0

What does NAT stand for?

Network address translation

Inbound NAT rule is used for traffic forwarding by mapping each virtual machine to a frontend port of the Load Balancer for access. All traffic arriving at the specified frontend port of the Load Balancer will be directly forwarded to a single targeted virtual machine.

When to prefer Azure Front Door over Azure Load Balancer?

When global load balancing is needed with Layer 7 capabilities , such as TSL/SSL offload, firewall, or caching.

When load balancing an application deployed over multiple regions.

Main benefit of Azure Load Balancer?

High-perfromance, ultra-low latency.

Due to layer 4 operating level

When to use Azure Application Gateway?

When Layer 7 data is required in routing decisions. (path-based routing)

For global routing use Front Door

When to use Azure Traffic Manager

DNS level (layer 4 routing) at global level.

Can be configured to distribute traffic based on geography, priority, weighting, or performance.

Performance refers to latency and picks closest end-point for user.

How does weighted routing work in Azure Traffic Manager?

An available endpoint is randomly selected with the assigned weight as the probability

Do application gateways offer Health Probes?

Yes - HTTP health probe, 30 second interval

What is connection draining?

Connection draining allows you to deregister an instance in a back-end pool so that it doesn't receive any new traffic. Connection draining is useful in maintenance scenarios during which you want to gracefully remove traffic from a node.

Azure Front Door provides web application firewall capabilities, consisting of policies, which consist of rules. What does a rule consist of?

• condition

• action (Allow, Block, Log, Redirect)

• mode (Prevention / Detection)

• priority

What are the optimizations made in Front door Standard and Front Door Premium compared to "Front door classic”?

Front door standard optimizes for content delivery without extensive security requirements

Front Door Premium optimizes for security

Cmdlet to remove a resource group?

Remove-AzResourceGroup -Name $rg

What is a CIDR block?

Classless Inter Domain Routing block, which is included in each virtual network. Can be linked to other VNets and on-premises networks.

What is a subnet?

A logical division within your VNet. Segment your network into subnets to improve security and increase performance.

Subnets contain a range of IP addresses that fall in the network address space.

Address range must be unique within the virtual network

Cannot overlap with other subnet ranges within the same virtual network

How many addresses are pre-reserved in each azure subnet?

Five

• .0-.3 and .255

When can dynamic public IP addresses change (dynamically)?

Assigned when the resource is started for the first time.

Can change if a resource is stopped and restarted (deallocated).

Also released when the public IP address resource is removed from the associated resource.

RDP

3369

SMB

445

Unsecured HTTP

443

Internet

80

HTTPS

8080