Configure service endpoints for Azure servicesBy default in Azure, PaaS services are accessible using a public endpoint that resolves to a public IP address. When a VM in a subnet accesses this service, for example a storage account, the network and routing from the VM translates the source IP to the IP of the VNet…
Author: zeusexam
Deploy and configure Azure Bastion Service
Deploy and configure Azure Bastion ServiceGenerally, you connect to remote virtual machines with either RDP or SSH. To do so, you either need to assign a public IP address (with the RDP/SSH port exposed) to the VM to which you are trying to connect, or you need to provision an additional jump server, assign a…
Create and configure an application security group
Create and configure an application security groupApplication security groups (ASGs) are separate objects that you create in your Azure subscrip- tion. You can think of an ASG like a group object in an identity system–members of the group have the permissions and access that are assigned to the group. ASGs work in a similar way—…
Associate NSG to a subnet or network interface
Associate NSG to a subnet or network interface NSGs are used to define the rules for how traffic is filtered for your IaaS deployments in Azure. You’ve learned how to create NSG resources and define the NSG rules. However, these NSGs, by themselves, are not effective until they are associated with a resource in Azure….
Create an NSG using the Azure portal
Create an NSG using the Azure portalTo create an NSG using the Azure portal, follow these steps: FIGURE 4-24 Creating a network security group using the Azure portal FIGURE 4-25 The NSG Overview blade, showing the inbound and outbound security rules FIGURE 4-26 Adding an inbound rule to allow HTTP traffic
Default rules – MS AZ-104 Exam Guide
Default rules All NSGs have a set of default rules. You cannot add to, edit, or delete these default rules. However, since they have the lowest possible priority, they can be overridden by other rules you create. The default rules allow and disallow traffic as follows: Table 4-5 shows the default inbound rules for each…
Service tags – MS AZ-104 Exam Guide
Service tags Many Azure services are accessed via internet-facing endpoints. These endpoints can change over time, for example as new Azure regions are built. This makes it difficult to use NSG rules to control access to those services—it’s hard to identify the list of IP ranges to use, and even harder to keep the list…
Configure secure access to virtual networks
Skill 4.2: Configure secure access to virtual networks Network security groups (NSGs) control which network flows are permitted into and out of your virtual networks and virtual machines. Each NSG contains lists of inbound and outbound rules, which give you fine-grained control over exactly which network flows are allowed or denied. Combine this with the…
Troubleshoot network connectivity
Troubleshoot network connectivity Azure provides several built-in tools to troubleshoot network connectivity, with most of them available through Network Watcher. This section focuses on two of the tools within Network Watcher that can help you troubleshoot network connectivity. Connection Troubleshoot Connection Troubleshoot is a Network Watcher feature designed to test the connectivity between an Azure…
Forced tunneling – MS AZ-104 Exam Guide
Forced tunneling A special case is when routes are configured with the destination IP prefix 0.0.0.0/0. Given the precedence rules described earlier, this route controls traffic destined for any IP address not covered by any other rules. By default, Azure implements a system route directing all traffic matching 0.0.0.0/0 (and not matching any other route)…