100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
Previously searched by you
Microsoft N-AZ-120: Planning and Administering Microsoft Azure for SAP Workloads QUESTION AND ANSWER GRADED A PLUS Which item describes a benefit of running SAP applications on Azure?$18.99
Add to cart
Microsoft N-AZ-120: Planning and Administering Microsoft Azure for SAP Workloads QUESTION AND ANSWER GRADED A PLUS Which item describes a benefit of running SAP applications on Azure?
2 views 0 purchase
Course
Nursing
Institution
Nursing
Microsoft
N-AZ-120: Planning and Administering Microsoft Azure for SAP Workloads QUESTION AND ANSWER GRADED A PLUS
Which item describes a benefit of running SAP applications on Azure?
Microsoft
N-AZ-120: Planning and Administering Microsoft Azure for SAP Workloads QUESTION AND ANSWER ...
DESIGNING AND IMPEMENTING
MICROSOFT AZURE
NETWORKING SOLUTIONS
Azure VNets enable resources in Azure to securely communicate with each other,
the internet, and on-premises networks. (5)
• Communication with the internet. All resources in a VNet can communicate
outbound to the internet, by default. You can communicate inbound to a resource by
assigning a public IP address or a public Load Balancer. You can also use public IP
or public Load Balancer to manage your outbound connections.
• Communication between Azure resources. There are three key mechanisms
through which Azure resource can communicate: VNets, VNet service endpoints and
VNet peering. Virtual Networks can connect not only VMs, but other Azure
Resources, such as the App Service Environment, Azure Kubernetes Service, and
Azure virtual machine scale sets. You can use service endpoints to connect to other
Azure resource types, such as Azure SQL databases and storage accounts. When
you create a VNet, your services and VMs within your VNet can communication
directly and securely with each other in the cloud.
• Communication between on-premises resources. Securely extend your data center.
You can connect your on-premises computers and networks to a virtual network
using any of the following options: Point-to-site virtual private network (VPN), Site-to-
site VPN, Azure ExpressRoute.
• Filtering network traffic. You can filter network traffic between subnets using any
combination of network security groups and network virtual appliances like firewalls,
gateways, proxies, and Network Address Translation (NAT) services.
• Routing network traffic. Azure routes traffic between subnets, connected virtual
networks, on-premises networks, and the Internet, by default. You can implement
route tables or border gateway protocol (BGP) routes to override the default routes
Azure creates.
Virtual Network (VNet) Address Ranges
• When creating a VNet, it is recommended that you use the address ranges
enumerated in RFC 1918, which have been set aside by the IETF for private,
non-routable address spaces:
, In addition, you cannot add the following address ranges:
224.0.0.0/4 (Multicast)
255.255.255.255/32 (Broadcast)
127.0.0.0/8 (Loopback)
169.254.0.0/16 (Link-local)
168.63.129.16/32 (Internal DNS)
• Reserved IP Addresses per Network (5)
• x.x.x.0: Network address
x.x.x.1: Reserved by Azure for the default gateway
x.x.x.2, x.x.x.3: Reserved by Azure to map the Azure DNS IPs to the VNet
space
x.x.x.255: Network broadcast address
When planning to implement virtual networks, you need to consider the following: (6)
• Ensure non-overlapping address spaces. Make sure your VNet
address space (CIDR block) does not overlap with your organization's
other network ranges.
• Is any security isolation required?
• Do you need to mitigate any IP addressing limitations?
• Will there be connections between Azure VNets and on-premises
networks?
• Is there any isolation required for administrative purposes?
• Are you using any Azure services that create their own VNets?
Subnet Size Limitations
• The smallest supported IPv4 subnet is /29
The largest is /2 (using CIDR subnet definitions).
IPv6 subnets must be exactly /64 in size.
When planning to implement subnets, you need to consider the following: (4)
• Each subnet must have a unique address range, specified in Classless
Inter-Domain Routing (CIDR) format.
• Certain Azure services require their own subnet.
• Subnets can be used for traffic management. For example, you can
create subnets to route traffic through a network virtual appliance.
• You can limit access to Azure resources to specific subnets with a
virtual network service endpoint. You can create multiple subnets, and
enable a service endpoint for some subnets, but not others.
NSG Assignment in Vnets and Subnets
You can associate zero or one NSG to each subnet in a virtual network. You can
associate the same, or a different, network security group to each subnet.
• All Azure resource types have a scope that defines the level that resource
names must be unique. A resource must have a unique name within its
scope. There are four levels you can specify a scope: (4)
Management group
Subscription
Resource group
Resource
, Scopes are hierarchical, with each level of hierarchy making the scope more
specific.
Availability Zone
• An Azure Availability Zone enables you to define unique physical locations
within a region. Each zone is made up of one or more datacenters equipped
with independent power, cooling, and networking. Designed to ensure high-
availability of your Azure services, the physical separation of Availability
Zones within a region protects applications and data from datacenter failures.
Azure services that support Availability Zones fall into three categories:
• Zonal services: Resources can be pinned to a specific zone. For example,
virtual machines, managed disks, or standard IP addresses can be pinned to
a specific zone, which allows for increased resilience by having one or more
instances of resources spread across zones.
Zone-redundant services: Resources are replicated or distributed across
zones automatically. Azure replicates the data across three zones so that a
zone failure does not impact its availability.
Non-regional services: Services are always available from Azure geographies
and are resilient to zone-wide outages as well as region-wide outages.
Before you can create a VNet, you must create a _______________. A
________________ is ....
• Resource group. A resource group is a container that holds related resources
for an Azure solution. The resource group can include all the resources for the
solution, or only those resources that you want to manage as a group.
True or False: You can add address spaces AFTER creating a Vnet.
• True
Bastion Host
• The Azure Bastion service is a new fully platform-managed PaaS service that
you provision inside your virtual network. It provides secure and seamless
RDP/SSH connectivity to your virtual machines directly in the Azure portal
over SSL. When you connect via Azure Bastion, your virtual machines do not
need a public IP address.
DDoS Protection
• You can select to enable Standard DDoS protection. Standard DDoS
Protection is a paid service plan that offers enhanced DDoS mitigation
capabilities via adaptive tuning, attack notification, and telemetry to protect
against the impacts of a DDoS attack for all protected resources within this
virtual network. Basic DDoS protection is integrated into the Azure platform by
default and at no additional cost.
Azure Firewall
• Azure Firewall is a managed cloud-based network security service that
protects your Azure Virtual Network resources.
Basic SKU IP Address
• Basic SKU public IPs can be assigned by using static or dynamic allocation
methods. Basic IPs have an adjustable inbound originated flow idle timeout of
4-30 minutes, with a default of 4 minutes, and a fixed outbound originated flow
idle timeout of 4 minutes. Basic IPs are open by default, so the use of
Network security groups is recommended but optional for restricting inbound
or outbound traffic.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller wambuambugua. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $18.99. You're not tied to anything after your purchase.
