Azure Cloud - Overview

Azure Training:
https://azure.microsoft.com/en-us/training/
https://portal.azure.com
https://docs.microsoft.com/en-us/azure/automation/automation-solution-vm-management

 

Microsoft Handson Lab:

 

Download Visual Sudio Code

Demo - Create Storage Account. 

How to connect IPsec IKE S2S VPN Tunnel: 

 


 

Resource Group: 

Resource group are like a container (not kubernetes or docker) that will contains all of your resources including virtual machines and network.  You create resource group into a specifc location but resource within that resource group can be anywhere in the cloud.  The resrouce location only contains metadata about the resouce group. It is easy to delete all resource by deleting the resource group. 

Resource Lock:  Resource lock will prevent accidental delete of a resource gorup. Two options: 

CanNotDelete:  Authorized users can read and modify but not delete the resource. 

ReadOnly:  Authorized users can read the resource but cannot update or delete. 

Within Resource group under Azure portal, look for "Locks" on left side and then add a new lock. Provide lock name and its type (two options)  and add addtional note as needed. 

If resource group must need to be deleted, then we need to first remove the lock and then delete the recourse group. 

 

Azure Policies:  

Enforce Govenance, Built in or custom code, Assigned to subscriptions or resource groups, create a policy and then assign it. 

 Azure region policy - 

Within resource group under Azure portal, look for Policies on the left side, click it.  You will see Assignments and Policies.  Under policies, search for "Allowed locations"  look for Json code. Take this code, go back to "Assignments", select Add, Select Policy, Select Locations (such as North Central US), Assign Display Name and id .  Now if we will add a resource to a new location that is not part of our policy, it will deny it.  

 

 Hybrid Connectivity Options: 

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways

Azure Virutal Network.  

Connect Azure network to our data center. 

Site-to-Site (S2S) : Connect Data Center over VPN to Azure - Ipsec/IKE - 

  • S2S VPN gateway connection is a connnection over IPsec/IKE (IKEv1 or IKEv2) VPN tunnel
  • Requires a VPN device in enterprise datacenter that has a public IP address assigned to it. 
  • Must not be located behind a NAT
  • S2S connections can be used for cross-premises and hybrid configurations. 

ExpressRoute:  Dedicated Circuit - 

Point-to-Site (P2S) :  Easy way - connect your laptop to virtual network. Connecting clients directly to VPN/VNet

P2S SSTP tunnel

P2S IKEv2 tunnel

  • Secure connection from an individual computer. Greate for remote worker situations. 
  • No need for a VPN device or public IP. Connect whereever user has internet connection. 
  • OS support:  Windows 7, 8, 8.1 (32 or 54 bits), Windows 10, Windows Server 2008 R2, 2012, 2012 R2 64 bit. 
  • Throughput upto 100 Mbps (unpredictable due to internet) 
  • Doesn't scale easily, so only useful for a few workstations. 

 

SKU S2S/VNet-to-VNet Tunnels  P2S Connections Aggragate Throughput Benchmark Workload
VpnGw1 Max: 30 Max: 128 650 Mbps Production
VpnGw2 Max: 30 Max: 128

1 Gbps

Production

VpnGw3 Max: 30 Max: 128 1.25 Gpbs Production
Basic  Max: 10 Max: 128 100 Mbps Dev/Test

 

Basic:

Route-based VPN: 10 tunnels  with P2S; no RADIUS authentications for P2S; no IKEv2 for P2S

Policy-based VPN: (IKEv1): 1 tunnel; no P2S

 vpnGw1, 2 and 3:  

Route-based-VPN: upto 30 tunnels (*), P2S, BGP, active-active, custom, IPsec/IKE policy

ExpressRoute/VPN co-existence

 

 ExpressRoute: Dedicated, Private, gurantee throughput. Dedicated Circuit. Need Partner. 

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction

 Expressroute Connectivity Models: 

  1. Cloud Exchange Co-location
  2. Point-to-point Ethernet Connection
  3. Any-to-any (IPVPN) Connection

 

 ExpressRoute Key Benefits:  

  • Layer 3 Connectivity. 
  • Connnectivity in all Regions in the geopolitical region. 
  • Global Connectivity 
  • Dynamic Routing
  • Built-in-Redundancy 

 

ExpressRoute Provisioning: 

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-workflows

Prerequists, order express route, service provide provisions connectivity, start using express circuit. 

 

Azure Private Peering: 

  • Peering subnet for path 1 (/30)
  • Peering subnet for path 2 (/30)
  • VLAN ID for peering
  • ASN for peering
  • ExpressRoute ASN = 12076
  • MD5 Hash (optional) 

Azure Public Peering: 

  • Peering subnet for path 1 (/30) - must be public IP
  • Peering subnet for path 2 (/30) - must be public IP 
  • VLAN ID for peering
  • ASN for peering
  • ExpressRoute ASN = 12076
  • MD5 Hash (optional) 

Microsoft Peering: 

  • Peering subnet for path 1 (/30) - must be public IP
  • Peering subnet for path 2 (/30) - must be public IP 
  • VLAN ID for peering
  • ASN for peering
  • Advertised prefixes - must be public IP prefixes 
  • Customer ASN (optional if different from peering ASN)
  • RIR/IRRR for IP and ASN validation
  • ExpressRoute ASN = 12076
  • MD5 Hash (optional)

 

Unlimited: 

  • Speeds from 50 Mbps to 10 Gbps
  • Unlimited Inbound data transfer
  • Unlimited Outbound data transfer
  • Higher monthly fee. 

Metered: 

  • Speed from 50 Mbps to 10 Gbps
  • Unlimited Ibound data transfer
  • Outbound data transfer charged at a predetermined rate per GB
  • Lower monthly fee. 

 

 ExpressRoute Considerations: 

Understand the models:

  • Differences between unlimited data and metered data
  • understand the difference in available port speeds, locations and approach
  • understand the limits that drive additional circuits

Understand the providers:

  • Each offer a different experience based on ecosystem and capabilities
  • Some provide complete solutions and management

Understand the cost: 

  • Connection costs can be broken out by the service costs (Azure) and the authorized carrier costs (telco partner)
  • Unlike other Azure services, look beyond the Azure pricing calculator. 

 

 

 

 

 

 

 


Compute:
Virtual Machines
Functions
Container Instances
Batch
Service Fabric
VM Scale Sets (VMSS)
Azure Container Service (AKS)

Networking:
CDN
DNS
ExpressRoute
Traffic Manager - Loadbalance at DNS Level
Load Balancer
Application Gateway
VPN Gateway
DDoS Protection
Network Watcher

Storage:
Azure Blob Storage = AWS S3
Azure File Storage = Mountable Disk
Disk Storage
Queues
Data Lake Store
Backup
Site Recovery
Managed Storage
StorSimple

Web and Mobile:
Web Apps
Mobile APps
API Apps
Logic Apps
API Management
Media Services - Stream realtime video, media players
Azure Search
Notification Hub

Database:
SQL Database
SQL Data Warehouse
SQL Server Stretch DB
Azure PostgreSQL
Azure MySQL
Table Storage
Redis Cache
Cosmos DB

Analytics:
HDInsight -
Apache Spark for HDInsight
Apache Storm for HDInsight
R Server for HDInsight
Stream Analytics
Log Analytics
Data Factory
Data Catalog
Event Hubs
Data Lake Analytics
Azure Analysis Services
Azure Databricks

AI + ML (Artifical Intelegence + Machine Learning)
Machine Learning Studio
Cognitive Services
Bot Service
Batch AI
Genomics
Machine Learning Services

IoT - Internet of things:
IoT Hub
IoT Suite
Time Series Insights
Event Grid
IoT Edge
Location Services

Enterprise:
Service Bus
SQL Server Stretch DB
Data Factory
Data Catalog
API Management
Event Grid

Security:
Azure Active Directory
Multi Factor Authentication
Azure AD DOmain Services
Key Vault
Azure AD B2C
Azure AD B2B
Security Center

Developer Tools:
DevTest Labs
Application Insights
HockeyApp
Team Services
App Center
API Management

Management Tools:
Scheduler
Automation
Azure Portal
Mobile App
Cost Management
Azure Migrate
Cloud Shell
Azure Advisor
Application Insights
Azure Monitor
Network Watcher

 


Azure SQL DB

Azure Cosmos DB

Azure Blob Storage

Azure Data Lake Storage Gen2

Azure Files

Azure Queue

Azure Standard Storage

Storage Tier: 

Hot Storage Tier

Cool Storage Tier

Archive Storage Tier

Encryption and Replication

Encryption for Storage Service 

Azure Storage Service Encryption (SSE)

Client-side encryption

Replication for storage availability 

 

 

 

 

 

 

Add comment


Security code
Refresh

Category: