Table of Contents

Understanding On-Premises Connectivity

On-premises connectivity refers to the communication between your in-house data center network and the Azure network. This connectivity is paramount in integrating your local resources with Azure resources, making it possible to create hybrid environments. The primary forms of on-premises connectivity with Azure are VPN Gateway (virtual network gateway) and ExpressRoute.

VPN Gateway

A VPN Gateway is a specific type of virtual network gateway that sends encrypted traffic between an Azure virtual network and an on-premises location. Using an Internet Protocol Security (IPSec) VPN, this gateway type works as a point-to-point connection to provide secure site-to-site connections.

Azure ExpressRoute

Azure ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection by leveraging a connectivity provider. It offers greater privacy, faster speeds, more reliability, and lower latencies than typical internet-based connections.

Type VPN Gateway ExpressRoute
Connectivity Over the public Internet Through a private connection from a connectivity provider
Encryption Traffic is encrypted Traffic is not encrypted
Speed Upto 1.25 Gbps Upto 100 Gbps
Latency Higher Lower

Monitoring Azure On-Premises Connectivity

In order to ensure optimal performance and prevent disruptions, you need to monitor your Azure on-premises connections. Azure provides several tools and services to monitor the status and health of such connections.

Network Watcher

Network Watcher offers tools to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network. It represents the primary network troubleshooting tool.

Azure Monitor

Azure Monitor maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your azure resources.

Connection Monitor in Network Watcher

Connection Monitor in Network Watcher is an essential tool for monitoring network performance, including tracking packet loss and latency.

Here’s a quick example on setting up a connection monitor:

Python
#Variables
resourceGroupName = "myResourceGroup"
networkWatcherName = "networkWatcherName"
connectionMonitorName = "connectionMonitorName"

#Create a Connection Monitor
monitor = network_client.connection_monitors.begin_create_or_update(
resourceGroupName,
networkWatcherName,
connectionMonitorName,
{
'location': "westus",
'source': {
'resource_id': "{resource-id}",
},
'destination': {
'address': "{destination-address}",
'port': 80
},
'auto_start': True,
'monitoring_interval_in_seconds': 30
}
)

#Wait for completion and print the result
result = monitor.result()
print("Connection monitor status: {}".format(result.monitoring_status))

To maximize the benefits of Azure on-premises connectivity, Azure Administrators must understand various aspects related to set-up, monitoring, and troubleshooting of these connections. Demonstrating such understanding is crucial to excel in the AZ-104 Microsoft Azure Administrator examination.

Practice Test

True or False? Azure VPN Gateway provides an On-premises connectivity solution.

  • True
  • False

Answer: True.

Explanation: Azure VPN Gateway allows connectivity from your on-premises networks to Azure using site-to-site VPNs.

Azure Express Route can be used as an On-premises connectivity solution. What does it provide?

  • A. Private connection to Azure
  • B. Low latency connectivity
  • C. Both A and B
  • D. Neither A nor B

Answer: C. Both A and B.

Explanation: Azure Express Route provides a private, reliable and low-latency connection between your on-premises datacenter and Azure.

What is the maximum bandwidth that Azure Express Route can provide for on-premises connectivity?

  • A. 1 Gbps
  • B. 5 Gbps
  • C. 10 Gbps
  • D. 50 Gbps

Answer: C. 10 Gbps.

Explanation: Azure Express Route can provide bandwidths up to 10 Gbps for high-throughput scenarios.

True or False? Site-to-Site VPN is a cost-effective alternative to Express Route for on-premises connectivity.

  • True
  • False

Answer: True.

Explanation: While Express Route provides higher bandwidth and a more reliable connection, Site-to-Site VPN is generally a cheaper alternative.

Azure VPN Gateway is available in which of the following SKUs? (Select all applicable)

  • A. Basic
  • B. Standard
  • C. Premium
  • D. Advanced

Answer: A. Basic, B. Standard, C. Premium.

Explanation: Azure VPN Gateway is available in Basic, Standard and Premium SKUs, each offering different levels of performance and features.

True or False? It is mandatory to use Microsoft peering with Azure Express Route for on-premises connectivity.

  • True
  • False

Answer: False.

Explanation: While Microsoft peering provides access to Azure services over the public IP address, it is not mandatory for on-premises connectivity.

In Azure, the connection from on-premises to the cloud can be secured using which service?

  • A. ExpressRoute
  • B. Azure Bastion
  • C. Azure Firewall
  • D. Azure Front Door

Answer: C. Azure Firewall.

Explanation: Azure Firewall is a cloud-native network security service which protects Azure Virtual Network resources. It offers threat intelligence-based filtering and can secure the connection from on-premises to the cloud.

True or False? Azure Express Route supports dynamic routing with BGP.

  • True
  • False

Answer: True.

Explanation: Azure Express Route supports dynamic routing with Border Gateway Protocol (BGP) which allows for automatic route updates as network changes occur.

What is the encryption method used by default in Site-to-Site VPN?

  • A. RSA
  • B. IPsec/IKE
  • C. SHA-256
  • D. AES

Answer: B. IPsec/IKE.

Explanation: Site-to-Site VPN connection uses IPsec/IKE (Internet Protocol Security/Internet Key Exchange) protocols for encryption by default.

True or False: An Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure.

  • True
  • False

Answer: True.

Explanation: An Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. It provides isolation, segmentation, and other key benefits.

Interview Questions

What is the Azure ExpressRoute?

Azure ExpressRoute is a service that enables you to create private connections between Azure datacenters and infrastructure that’s on your premises or in a colocation environment.

Can you modify an Azure virtual network link to ExpressRoute circuit once it has been created?

No, once a virtual network is linked to an ExpressRoute circuit, the link cannot be modified. You must delete and recreate the link.

What is Site-to-Site VPN in Azure?

A Site-to-Site VPN is a secure connection between an on-premises network and an Azure Virtual Network. It is often used for hybrid cloud scenarios.

Can Azure ExpressRoute and Site-to-Site VPN be coexisting configurations for secure connection?

Yes, Azure ExpressRoute and Site-to-Site VPN can coexist for a secure and reliable connection between Azure and your on-premises environment.

What is the function of Virtual Network Peering in Azure?

Virtual Network peering in Azure is used to connect two or more Azure Virtual Networks. This provides low-latency, high-bandwidth connections between resources in different virtual networks.

What network traffic is allowed through Azure ExpressRoute?

Azure ExpressRoute allows private network traffic, such as Remote Desktop Protocol (RDP), Secure Shell (SSH), and application traffic, and optional public peering for Azure-bound traffic, to go over ExpressRoute.

What is Azure Traffic Manager?

Azure Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions, while providing high availability and responsiveness.

How can you monitor the Azure ExpressRoute connectivity?

You can monitor the ExpressRoute connectivity using Azure Monitor, which provides statistics like average path availability, average round-trip latency, maximum round-trip latency, and QoS performance alerts.

What is the purpose of Virtual Network TAP in Azure?

Virtual Network Terminal Access Point (TAP) is a feature in Azure that enables you to mirror your virtual machine network traffic to another virtual machine for analysis or diagnostic purposes.

What is the performance difference between Azure ExpressRoute and a VPN connection?

ExpressRoute connections do not go over the public Internet and offer more reliability, faster speeds, consistent latencies, and higher security. VPN connections are slower due to the latency of the public internet.

Leave a Reply

Your email address will not be published. Required fields are marked *